ComboFix 18-08-08.01 - HP 19/11/2018 12:08:34.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.3688.1987 [GMT -5:00] Running from: G:\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189} SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} SP: Spybot - Search and Destroy *Disabled/Outdated* {4C1D9672-63FE-5C90-371E-8FDA591C5B75} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\HP\AppData\Local\assembly\tmp c:\users\HP\AppData\Local\assembly\tmp\43VK8MV4\__AssemblyInfo__.ini c:\users\HP\AppData\Local\assembly\tmp\43VK8MV4\Stilus para Word.DLL c:\users\HP\AppData\Local\assembly\tmp\BWIF0NYV\__AssemblyInfo__.ini c:\users\HP\AppData\Local\assembly\tmp\BWIF0NYV\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL c:\users\HP\AppData\Local\assembly\tmp\FUJHU6B7\__AssemblyInfo__.ini c:\users\HP\AppData\Local\assembly\tmp\FUJHU6B7\Stilus para Word.DLL c:\users\HP\AppData\Local\assembly\tmp\RZM5MYSJ\__AssemblyInfo__.ini c:\users\HP\AppData\Local\assembly\tmp\RZM5MYSJ\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL c:\users\HP\Documents\~WRL0005.tmp . . ((((((((((((((((((((((((( Files Created from 2018-10-19 to 2018-11-19 ))))))))))))))))))))))))))))))) . . 2018-11-19 17:19 . 2018-11-19 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2018-11-17 16:06 . 2018-10-06 16:02 366824 ----a-w- c:\windows\system32\drivers\msrpc.sys 2018-11-17 16:05 . 2018-11-11 01:26 28672 ----a-w- c:\windows\system32\sspisrv.dll 2018-11-17 15:10 . 2018-11-16 00:54 14700824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E49EAFB0-0910-4500-A0E1-1D6AF19217E8}\mpengine.dll 2018-11-16 10:23 . 2018-11-19 08:20 -------- d-----w- c:\windows\rescache 2018-11-16 04:43 . 2018-11-16 04:43 -------- d-----w- c:\users\HP\AppData\Roaming\SUPERAntiSpyware.com 2018-11-16 00:58 . 2018-11-16 00:58 1094320 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1023348-A79C-460F-8923-6A3053D86CB8}\gapaengine.dll 2018-11-16 00:55 . 2018-11-16 00:54 14700824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2018-11-16 00:48 . 2018-02-07 00:04 32168 ----a-w- c:\windows\system32\sdnclean64.exe 2018-11-16 00:48 . 2018-11-17 01:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2018-11-16 00:48 . 2018-11-19 10:33 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2018-11-16 00:46 . 2018-11-16 00:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2018-11-16 00:46 . 2018-11-16 00:46 -------- d-----w- c:\users\HP\AppData\Local\mbam 2018-11-16 00:45 . 2018-11-16 00:45 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2018-11-16 00:45 . 2018-11-16 00:45 -------- d-----w- c:\program files\Microsoft Security Client 2018-11-01 01:29 . 2018-11-14 04:57 -------- d-----w- c:\users\HP\AppData\Roaming\WhatsApp 2018-11-01 01:29 . 2018-11-14 04:55 -------- d-----w- c:\users\HP\AppData\Local\WhatsApp 2018-11-01 01:28 . 2018-11-14 04:54 -------- d-----w- c:\users\HP\AppData\Local\SquirrelTemp 2018-10-21 00:26 . 2018-10-21 00:26 18425488 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2018-11-11 01:09 . 2018-11-17 16:06 44544 ----a-w- c:\windows\apppatch\acwow64.dll 2018-10-15 21:48 . 2014-05-08 00:59 559880 ------w- c:\windows\system32\MpSigStub.exe 2018-09-19 08:08 . 2018-10-15 17:42 343552 ----a-w- c:\windows\SysWow64\msrd3x40.dll 2018-09-09 01:02 . 2018-10-15 17:42 986824 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2018-09-09 01:02 . 2018-10-15 17:42 1680072 ----a-w- c:\windows\system32\drivers\ntfs.sys 2018-09-09 01:02 . 2018-10-15 17:42 265416 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2018-09-09 00:59 . 2018-10-15 17:42 2851840 ----a-w- c:\windows\system32\themeui.dll 2018-09-09 00:59 . 2018-10-15 17:42 2009600 ----a-w- c:\windows\system32\msxml6.dll 2018-09-09 00:59 . 2018-10-15 17:41 2048 ----a-w- c:\windows\system32\msxml6r.dll 2018-09-09 00:58 . 2018-10-15 17:42 405504 ----a-w- c:\windows\system32\gdi32.dll 2018-09-09 00:57 . 2018-10-15 17:42 144384 ----a-w- c:\windows\system32\cdd.dll 2018-09-09 00:44 . 2018-10-15 17:42 313344 ----a-w- c:\windows\SysWow64\gdi32.dll 2018-09-09 00:44 . 2018-10-15 17:42 2755584 ----a-w- c:\windows\SysWow64\themeui.dll 2018-09-09 00:43 . 2018-10-15 17:42 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll 2018-09-09 00:43 . 2018-10-15 17:41 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll 2018-08-31 15:08 . 2018-09-11 23:11 1311744 ----a-w- c:\windows\SysWow64\msjet40.dll 2018-08-31 15:08 . 2018-09-11 23:11 340480 ----a-w- c:\windows\SysWow64\msexcl40.dll 2018-08-30 01:47 . 2018-09-11 23:11 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2018-08-30 01:10 . 2018-09-11 23:11 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2018-08-28 06:24 . 2018-10-15 17:43 14637568 ----a-w- c:\windows\system32\wmp.dll 2018-08-28 06:24 . 2018-10-15 17:41 12574720 ----a-w- c:\windows\system32\wmploc.DLL 2018-08-28 06:24 . 2018-10-15 17:42 5120 ----a-w- c:\windows\system32\msdxm.ocx 2018-08-28 06:24 . 2018-10-15 17:42 5120 ----a-w- c:\windows\system32\dxmasf.dll 2018-08-28 06:24 . 2018-10-15 17:42 9728 ----a-w- c:\windows\system32\spwmp.dll 2018-08-28 06:09 . 2018-10-15 17:41 12574208 ----a-w- c:\windows\SysWow64\wmploc.DLL 2018-08-28 05:52 . 2018-10-15 17:42 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx 2018-08-28 05:52 . 2018-10-15 17:42 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll 2018-08-28 05:52 . 2018-10-15 17:42 8192 ----a-w- c:\windows\SysWow64\spwmp.dll 2018-08-28 05:50 . 2018-09-11 23:11 243200 ----a-w- c:\windows\system32\drivers\ks.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-05-27 00:58 1605832 ----a-w- c:\users\HP\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-05-27 00:58 1605832 ----a-w- c:\users\HP\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-05-27 00:58 1605832 ----a-w- c:\users\HP\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ESPROTECTIONDRIVER *NewlyCreated* - MBAMPROTECTION *NewlyCreated* - MBAMSWISSARMY *Deregistered* - ESProtectionDriver *Deregistered* - MBAMProtection *Deregistered* - MBAMSwissArmy . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2018-09-20 06:32 327664 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-05-27 00:58 1645256 ----a-w- c:\users\HP\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-05-27 00:58 1645256 ----a-w- c:\users\HP\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-05-27 00:58 1645256 ----a-w- c:\users\HP\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = IE: &Enviar a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.100.1 FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\hif9we2p.default\ FF - prefs.js: browser.search.defaulturl - hxxps://co.search.yahoo.com/yhs/search FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - about:home . - - - - ORPHANS REMOVED - - - - . BHO-{11111111-1111-1111-1111-110611501155} - (no file) Toolbar-10 - (no file) Notify-SDWinLogon - SDWinLogon.dll SafeBoot-MBAMService HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-{373B1718-8CC5-4567-8EE2-9033AD08A680} - c:\users\HP\AppData\Local\Roblox\Versions\version-6c991273eb8a46b2\RobloxPlayerLauncher.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2018-11-19 12:24:06 ComboFix-quarantined-files.txt 2018-11-19 17:24 ComboFix2.txt 2015-02-21 17:59 . Pre-Run: 41,459,032,064 bytes libres Post-Run: 41,548,808,192 bytes libres . - - End Of File - - F455E45AB60413D921A7D4F618BB45A0 A36C5E4F47E84449FF07ED3517B43A31