Scribd
Upload
101 views

Combo Fix

This document provides a summary of the files, programs, and system settings on a SERVER computer running Windows 7. It identifies recently installed programs, created and deleted files between two dates, running programs and services, and registry entries. Notably, it lists Dropbox, various Wondershare programs, ToolwizCareFree, and Apps Hat among the installed software.

Uploaded by

Jesus Jhonny Quispe Rojas
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
101 views

Combo Fix

This document provides a summary of the files, programs, and system settings on a SERVER computer running Windows 7. It identifies recently installed programs, created and deleted files between two dates, running programs and services, and registry entries. Notably, it lists Dropbox, various Wondershare programs, ToolwizCareFree, and Apps Hat among the installed software.

Uploaded by

Jesus Jhonny Quispe Rojas
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 8

ComboFix 14-04-12.01 - SERVER 21/04/2014 17:28:06.3.

4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.51.3082.18.2726.1668 [GMT -5:00]
Running from: c:\users\SERVER\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\programdata\1397612649.bdinstall.bin
.
.
((((((((((((((((((((((((( Files Created from 2014-03-21 to 2014-04-21 )))))))
))))))))))))))))))))))))
.
.
2014-04-21 22:32 . 2014-04-21 22:32
-------d-----wc:\users
\Default\AppData\Local\temp
2014-04-21 17:06 . 2014-04-21 17:06
-------d-----wC:\TMP
2014-04-15 14:19 . 2014-04-15 14:19
-------d-----wC:\MSI
2014-04-10 01:46 . 2014-04-10 01:46
-------d-----wc:\progr
am files (x86)\Wondershare
2014-04-09 23:55 . 2014-04-09 23:56
-------d-----wC:\music
a
2014-04-09 22:49 . 2014-04-09 22:49
-------d-----wC:\SIAGI
E
2014-04-09 02:49 . 2014-04-09 03:08
-------d-----wC:\softw
are peanut
2014-04-04 18:36 . 2014-04-04 18:36
-------d-----wC:\Temp
2014-04-04 03:37 . 2014-04-21 14:06
-------d-----rc:\users
\SERVER\Dropbox
2014-04-04 03:34 . 2014-04-21 14:06
-------d-----wc:\users
\SERVER\AppData\Roaming\Dropbox
2014-04-02 01:48 . 2014-04-02 01:49
-------d-----wC:\music
a criolla
2014-04-02 01:47 . 2014-04-02 01:48
-------d-----wC:\coraz
on serrano
2014-04-02 01:47 . 2014-04-02 01:48
-------d-----wC:\huayn
o de oro
2014-03-28 22:41 . 2014-03-28 22:41
-------d-----wc:\users
\SERVER\AppData\Local\Wondershare
2014-03-28 22:41 . 2014-03-28 22:41
-------d-----wc:\progr
am files (x86)\Common Files\Wondershare
2014-03-28 22:41 . 2014-03-28 22:41
-------d-----wc:\users
\SERVER\AppData\Roaming\Wondershare
2014-03-28 02:52 . 2014-03-28 03:00
-------d-----wC:\Juego
s Sonic
2014-03-24 21:10 . 2014-03-24 21:10
-------d-----wc:\progr
am files (x86)\Canon
2014-03-24 02:39 . 2014-03-24 02:39
-------d-----wC:\Nueva
carpeta (2)
2014-03-23 11:28 . 2014-03-23 11:28
-------d-----wc:\progr
am files (x86)\ElcomSoft
2014-03-23 00:52 . 2014-03-23 00:52
-------d-----wc:\users
\SERVER\AppData\Roaming\HandBrake
.
.
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))


)))))))))))))))))))))))))))))))
.
2014-03-12 19:03 . 2013-11-29 22:08
71048 ----a-wc:\windows\SysWo
w64\FlashPlayerCPLApp.cpl
2014-03-12 19:03 . 2013-11-29 22:08
692616 ----a-wc:\windows\SysWo
w64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explor
er\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09
131248 ----a-wc:\users\SERVER\AppData\Roaming\
Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explor
er\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09
131248 ----a-wc:\users\SERVER\AppData\Roaming\
Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explor
er\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09
131248 ----a-wc:\users\SERVER\AppData\Roaming\
Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToolwizCareFree"="c:\program files (x86)\ToolwizCareFree\ToolwizCares.exe" [201
3-12-02 5286672]
"NextLive"="c:\users\SERVER\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14
1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
ed.exe" [2013-07-02 254336]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManag
er.exe" [2010-08-30 979328]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [20
13-05-11 958576]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershar
e\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
.
c:\users\SERVER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\SERVER\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemsta
rtup [2014-3-26 32667896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\dri
vers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft
.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.e
xe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\driver
s\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri
vers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\S
YSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\te
rminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATI
VE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD
.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATI
VE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c
:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\driver
s\rdvgkmd.sys [x]
S0 BTOWSVF;BTOWSVF;c:\windows\System32\Drivers\BTOWSVF.sys;c:\windows\SYSNATIVE\
Drivers\BTOWSVF.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\
DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\
DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Controlador del conmutador de la controladora de host Intel(R) USB 3
.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hc
s.sys [x]
S0 KSafeDISK;KSafeDISK;c:\windows\System32\Drivers\KSafeDISK.sys;c:\windows\SYSN
ATIVE\Drivers\KSafeDISK.sys [x]
S1 BTOWSFF;BTOWSFF;c:\windows\System32\Drivers\BTOWSFF.sys;c:\windows\SYSNATIVE\
Drivers\BTOWSFF.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\E
PW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.E
XE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\E
PW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.E
XE [x]
S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Common
Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe;c:\program files\Common Files
\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\wind
ows\SysWOW64\NLSSRV32.EXE [x]
S3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.
sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Controlador del concentrador Intel(R) USB 3.0;c:\windows\system32\DR
IVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Controlador de la controladora de host Intel(R) USB 3.0 eXtensible;c
:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sy
s [x]

S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controlle
r;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64
.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\D
RIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-29 19
:03]
.
2014-02-21 c:\windows\Tasks\Apps Hat-codedownloader.job
- c:\program files (x86)\Apps Hat\Apps Hat-codedownloader.exe [2014-02-12 14:47]
.
2014-02-21 c:\windows\Tasks\Apps Hat-enabler.job
- c:\program files (x86)\Apps Hat\Apps Hat-enabler.exe [2014-02-12 14:47]
.
2014-02-21 c:\windows\Tasks\Apps Hat-firefoxinstaller.job
- c:\program files (x86)\Apps Hat\Apps Hat-firefoxinstaller.exe [2014-02-12 14:4
7]
.
2014-02-21 c:\windows\Tasks\Apps Hat-updater.job
- c:\program files (x86)\Apps Hat\Apps Hat-updater.exe [2014-02-12 14:47]
.
.
--------- X64 Entries ----------.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-02 01:47
2322576 ----a-wc:\progra~1\MICROS~3\Office15\GR
OOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-02 01:47
2322576 ----a-wc:\progra~1\MICROS~3\Office15\GR
OOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-02 01:47
2322576 ----a-wc:\progra~1\MICROS~3\Office15\GR
OOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09
164016 ----a-wc:\users\SERVER\AppData\Roaming\
Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09
164016 ----a-wc:\users\SERVER\AppData\Roaming\
Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09
164016 ----a-wc:\users\SERVER\AppData\Roaming\
Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09
164016 ----a-wc:\users\SERVER\AppData\Roaming\
Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
.
------- Supplementary Scan ------.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plu
gins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideo
Soft\plugins\freeytmp3downloader.htm
TCP: Interfaces\{45DE5B67-7D26-4782-AC19-ACE0209AB8CD}: NameServer = 200.48.225.
130,200.48.225.146
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x8
6)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\SERVER\AppData\Roaming\Mozilla\Firefox\Profiles\o20i
v1gm.default\
FF - prefs.js: browser.search.selectedEngine FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.pe/
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=too
lbarm#q=
FF - user.js: extensions.iminent.id - f472ed0800000000000000ff66efe2ea
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16113
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.39:46
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef FF - user.js: extensions.iminent.dfltLng FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false

FF - user.js: extensions.iminent.admin - false


FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - .
BHO-{11111111-1111-1111-1111-110411851159} - (no file)
Wow6432Node-HKU-Default-Run-Bitdefender Wallet Agent - c:\program files\Bitdefen
der\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender Wallet - c:\program files\Bitdefender\Bi
tdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Agente de aplicacin Bitdefender Wallet - c:\program f
iles\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_7
7_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_7
7_ActiveX.exe,-101"

.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B
0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B
0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B
0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actio
ns\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0
]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\Actio
nsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-21 17:34:11
ComboFix-quarantined-files.txt 2014-04-21 22:34
ComboFix2.txt 2014-04-15 22:50
ComboFix3.txt 2014-04-06 10:00
.
Pre-Run: 69,700,272,128 bytes libres
Post-Run: 69,483,065,344 bytes libres
.
- - End Of File - - B4CE0D65ED8610A901132E86DD6E1E76
A36C5E4F47E84449FF07ED3517B43A31

You might also like