ComboFix 15-07-20.01 - youssef 20/07/2015 16:07:55.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1256.212.1036.18.2046.1482 [GMT 1:00] Running from: c:\documents and settings\youssef\Bureau\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\ma-config.com c:\documents and settings\All Users\Application Data\ma-config.com\Logs\activex.txt c:\documents and settings\All Users\Application Data\ma-config.com\Logs\maconfservice.txt c:\documents and settings\All Users\Application Data\ma-config.com\Logs\mcstubuser.txt c:\documents and settings\All Users\Application Data\ma-config.com\Logs\websocketpp.log c:\documents and settings\All Users\Application Data\ma-config.com\mcbase.db c:\documents and settings\All Users\Application Data\ma-config.com\server.pem c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\youssef\Application Data\FoxitReaderUpdateInfo.txt c:\documents and settings\youssef\ZHPDiag3.exe c:\program files\ma-config.com c:\program files\ma-config.com\config.xml c:\program files\ma-config.com\CPUID\cpuidsdk.dll c:\program files\ma-config.com\Drivers\ma-config.inf c:\program files\ma-config.com\Drivers\ma-config_amd64.cat c:\program files\ma-config.com\Drivers\ma-config_amd64.sys c:\program files\ma-config.com\Drivers\ma-config_x86.cat c:\program files\ma-config.com\Drivers\ma-config_x86.sys c:\program files\ma-config.com\Langues\LangueMC.ar.resx c:\program files\ma-config.com\Langues\LangueMC.de.resx c:\program files\ma-config.com\Langues\LangueMC.en.resx c:\program files\ma-config.com\Langues\LangueMC.es.resx c:\program files\ma-config.com\Langues\LangueMC.fr.resx c:\program files\ma-config.com\Langues\LangueMC.pt.resx c:\program files\ma-config.com\Langues\LangueMC.ru.resx c:\program files\ma-config.com\ma-config.html c:\program files\ma-config.com\MaConfigAgent.exe c:\program files\ma-config.com\MCBCL.dll c:\program files\ma-config.com\MCDetection.exe c:\program files\ma-config.com\MCNoyau.dll c:\program files\ma-config.com\MCrypt.dll c:\program files\ma-config.com\MCSettings.exe c:\program files\ma-config.com\MCStubUser.exe c:\program files\ma-config.com\sqlite3.dll c:\windows\apppatch\AppLoc.exe c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\system32\_000017_.tmp.dll c:\windows\system32\_000018_.tmp.dll c:\windows\system32\AegisI5Installer.exe c:\windows\system32\SET1DC.tmp c:\windows\system32\SET1DD.tmp c:\windows\system32\SET1E9.tmp c:\windows\system32\SET1EA.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ma-config_x86 -------\Legacy_MaConfigAgent -------\Legacy_ma-config_x86 -------\Legacy_MaConfigAgent -------\Service_ma-config_x86 -------\Service_MaConfigAgent -------\Service_ma-config_x86 -------\Service_MaConfigAgent . . ((((((((((((((((((((((((( Files Created from 2015-06-20 to 2015-07-20 ))))))))))))))))))))))))))))))) . . 2015-07-20 14:16 . 2015-07-20 14:43 -------- d-----w- c:\documents and settings\youssef\Application Data\ZHP 2015-07-20 13:24 . 2015-07-20 15:11 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-07-20 13:24 . 2015-07-20 13:24 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2015-07-20 13:24 . 2015-06-18 07:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-07-20 13:24 . 2015-06-18 07:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-07-19 15:54 . 2015-07-19 15:56 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\Deployment 2015-07-19 15:50 . 2015-07-19 15:50 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\NEGU_Soft 2015-07-19 15:50 . 2015-07-19 15:50 -------- d-----w- c:\program files\Ultimate Control 2015-07-15 18:14 . 2015-07-15 18:14 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\ESET 2015-07-15 18:14 . 2015-07-15 18:14 -------- d-----w- c:\documents and settings\youssef\Application Data\ESET 2015-07-15 18:14 . 2015-07-15 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2015-07-09 13:39 . 2015-07-09 13:39 -------- d-----w- c:\program files\Fichiers communs\Skype 2015-07-09 13:38 . 2015-07-09 13:39 -------- d-----w- c:\program files\Skype 2015-07-08 22:19 . 2015-07-08 22:20 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\Isoplex 2015-07-03 16:16 . 2013-05-02 04:23 181912 ----a-w- c:\windows\system32\drivers\ssudserd.sys 2015-07-03 16:16 . 2013-05-02 04:23 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2015-07-03 16:16 . 2013-05-02 04:23 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2015-07-03 16:16 . 2013-05-02 04:23 181912 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2015-07-03 16:16 . 2013-05-02 04:23 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2015-07-03 16:13 . 2015-07-03 16:13 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\Kingosoft 2015-07-03 16:13 . 2015-07-03 17:03 -------- d-----w- c:\program files\Kingo ROOT 2015-06-27 23:02 . 2015-07-20 13:21 -------- d-----w- C:\AdwCleaner 2015-06-27 21:26 . 2015-06-27 21:49 -------- d-----w- c:\documents and settings\youssef\Application Data\Enigma Software Group . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-15 14:19 . 2014-05-23 11:08 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-07-15 14:19 . 2014-05-23 11:08 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-06-27 21:27 . 2015-02-20 13:15 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys 2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files\AntiDust.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-20 3898960] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-22 1040384] "Ultimate Control"="c:\program files\Ultimate Control\ucontrol.exe" [2012-08-10 349696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup] 2008-04-14 12:00 625664 ----a-w- c:\windows\system32\catsrvut.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0???????? . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2012-11-05 14:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeleteMarkAny] 2014-04-30 18:47 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2015-04-20 13:48 3898960 ------w- c:\program files\Internet Download Manager\IDMan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2015-06-29 15:41 53282944 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2014-01-07 05:36 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2015-05-12 07:57 1694560 ----a-w- c:\documents and settings\youssef\Application Data\uTorrent\uTorrent.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "KiesPreload"=c:\program files\Samsung\Kies\Kies.exe /preload . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Documents and Settings\\youssef\\Application Data\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\TeamViewer\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Documents and Settings\\youssef\\Local Settings\\Application Data\\ROX Player\\roxplayer.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Documents and Settings\\youssef\\Mes documents\\Downloads\\Windward.Update.17.05.2015\\Windward.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Ultimate Control\\ucontrol.exe"= "c:\\Documents and Settings\\youssef\\Local Settings\\Apps\\2.0\\LB39TXOO.AMZ\\6W0AOTWO.ZX4\\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\\Mobile Buddy.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53:UDP"= 53:UDP:RTLDHCP Port . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [18/10/2014 09:25 243128] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [07/12/2014 15:51 127224] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [20/07/2015 14:24 1871160] R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [20/07/2015 14:24 1133880] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [23/05/2014 11:59 103040] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/07/2015 14:24 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [20/07/2015 14:24 98520] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [03/06/2015 16:42 327296] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [03/07/2015 17:16 83864] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?] S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys --> c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [?] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [10/06/2015 13:15 15576] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [10/06/2015 13:15 10200] S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [17/09/2010 11:16 972648] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [03/07/2015 17:16 181912] S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [03/07/2015 17:16 181912] S3 USBET;SPEEDLINK SNAPPY Smart Webcam;c:\windows\system32\drivers\ETdrv.sys [23/05/2014 12:06 5127680] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-07-14 15:06 991048 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-07-18 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job - c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-15 14:19] . 2015-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-23 14:19] . 2015-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-10-14 09:41] . 2015-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-10-14 09:41] . 2015-07-20 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job - c:\windows\system32\xp_eos.exe [2014-05-23 23:28] . 2015-07-08 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job - c:\windows\system32\xp_eos.exe [2014-05-23 23:28] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm TCP: Interfaces\{49D150AA-07EB-4DA8-99EA-CD8B230D946A}: NameServer = 109.69.8.51 TCP: Interfaces\{623BFC26-611A-48FF-A96C-11794BF58DA3}: NameServer = 109.69.8.51,192.168.1.1 TCP: Interfaces\{AACE50E2-BDF7-4F66-83BF-ABCC501D9344}: NameServer = 109.69.8.51,192.168.1.1 FF - ProfilePath - c:\documents and settings\youssef\Application Data\Mozilla\Firefox\Profiles\apfcejzg.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.fr/ . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) HKCU-Run-Remote Mouse - c:\program files\Remote Mouse\RemoteMouse.exe HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe MSConfigStartUp-CCleaner Monitoring - c:\program files\CCleaner\CCleaner.exe MSConfigStartUp-EADM - c:\program files\Origin\Origin.exe MSConfigStartUp-f - c:\documents and settings\youssef\Local Settings\Application Data\FluxSoftware\Flux\flux.exe MSConfigStartUp-PC Auto Shutdown - c:\program files\PC Auto Shutdown\AutoShutdown.exe AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-07-20 16:11 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74bea2bc-4680-44ae-88c5-48c228f976f3}] @Denied: (Full) (Everyone) "Model"=dword:00000107 "Therad"=dword:0000001d . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):1d,ce,f7,c7,1f,d4,89,23,a1,c6,1c,8f,77,25,a1,4b,93,55,1b,5c,77, 3f,e8,29,b6,ba,d2,f1,13,2b,95,3f,6b,71,f0,f2,d9,70,2b,a5,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(1020) c:\progra~1\FICHIE~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll c:\program files\Internet Download Manager\IDMShellExt.dll c:\program files\Internet Download Manager\IDMNetMon.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\TeamViewer\TeamViewer_Service.exe c:\program files\Malwarebytes Anti-Malware\mbam.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2015-07-20 16:14:18 - machine was rebooted ComboFix-quarantined-files.txt 2015-07-20 15:14 . Pre-Run: 9 306 980 352 octets libres Post-Run: 9 457 455 104 octets libres . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect . - - End Of File - - 711F8220419E0E637F6244182F4DA1CC C99C3199CFAA4CBDCD91493F6D113A50