Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-07-12.01 - wafa 07/16/2015 0:45.1.4 - x86
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.966.1036.18.2871.1986 [GMT 2:00]
Running from: c:\users\wafa\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ALlCheeaapPrrice
c:\program files\ALlCheeaapPrrice\EUZ8TPtNJECTeT.dat
c:\program files\ALlCheeaapPrrice\EUZ8TPtNJECTeT.exe
c:\program files\ALlCheeaapPrrice\EUZ8TPtNJECTeT.tlb
c:\program files\BiatSaveR
c:\program files\BiatSaveR\RJGT5SkI6snuZV.dat
c:\program files\BiatSaveR\RJGT5SkI6snuZV.dll
c:\program files\BiatSaveR\RJGT5SkI6snuZV.exe
c:\program files\BiatSaveR\RJGT5SkI6snuZV.tlb
c:\program files\BitSaaverr
c:\program files\BitSaaverr\kAUgjwBzMyMYj4.dat
c:\program files\BitSaaverr\kAUgjwBzMyMYj4.dll
c:\program files\BitSaaverr\kAUgjwBzMyMYj4.exe
c:\program files\BitSaaverr\kAUgjwBzMyMYj4.tlb
c:\program files\BitSAVer
c:\program files\BitSAVer\utY8wXuAFPSd39.dat
c:\program files\BitSAVer\utY8wXuAFPSd39.dll
c:\program files\BitSAVer\utY8wXuAFPSd39.exe
c:\program files\BitSAVer\utY8wXuAFPSd39.tlb
c:\program files\MediaPlayerV1
c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ch\MediaPlayerV1alpha2290.crx
c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\chrome\content\icons\default\MediaPlayerV1alpha2290_32.png
c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\chrome\content\overlay.xul
c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\install.rdf
c:\program files\Skype\Phone\Skype.exe
c:\program files\YoutubeAdblocker
c:\program files\YoutubeAdblocker\HyGjGi3fZUzrln.dat
c:\program files\YoutubeAdblocker\HyGjGi3fZUzrln.exe
c:\program files\YoutubeAdblocker\HyGjGi3fZUzrln.tlb
c:\programdata\7903529744119732636
c:\programdata\7903529744119732636\1547aa30421efb5b76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\2708f9ff3884b3dd76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\37775abd6f6704a276b8eb4afac61bce.ini
c:\programdata\7903529744119732636\4775d99c57b1799e76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\4b432ab495a8993376b8eb4afac61bce.ini
c:\programdata\7903529744119732636\4cc9484e5308b1bc76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\800d0e2f346d2d4976b8eb4afac61bce.ini
c:\programdata\7903529744119732636\8eb0729fbf1cb05276b8eb4afac61bce.ini
c:\programdata\7903529744119732636\954accd1ef18255b76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\ab04ecb30c557b3776b8eb4afac61bce.ini
c:\programdata\7903529744119732636\ad5e6328e91d5a2576b8eb4afac61bce.ini
c:\programdata\7903529744119732636\b064fcb2318aa95b76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\b1b04b8135a80c9776b8eb4afac61bce.ini
c:\programdata\7903529744119732636\bb54bdc50384f4da76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\c5dda8811636467776b8eb4afac61bce.ini
c:\programdata\7903529744119732636\cab7ed1b673b5e5e76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\cd5b15e575e1c3d076b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d10de703829fe2d876b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d1b1b8b13a22620276b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d1b823d8a4cc414976b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d38e8734560118a976b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d6ae24e4beaa0e7276b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d7f7ceff8d57bf9a76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d88e11b2264d074876b8eb4afac61bce.ini
c:\programdata\7903529744119732636\e1a11ca282117dcd76b8eb4afac61bce.ini
c:\programdata\ntuser.pol
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\wafa\AppData\Local\Win_update\Win_update.exe
c:\users\wafa\AppData\Roaming\baidu\hao123
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\install.rdf
c:\windows\Downloaded Program Files\109778558
c:\windows\Downloaded Program Files\109778558\BaiduSetupAx_0.dll
c:\windows\Downloaded Program Files\1984317
c:\windows\Downloaded Program Files\1984317\BaiduSetupAx_0.dll
c:\windows\Downloaded Program Files\1984317\npxbdsetup.dll
c:\windows\Downloaded Program Files\655368
c:\windows\Downloaded Program Files\655368\SetupAx.dll
c:\windows\system32\1.txt
c:\windows\system32\drivers\MaxTdss.sys
c:\windows\system32\roboot.exe
c:\windows\system32\ShellExt\CmdOpen.dll
c:\windows\system32\Tasks\BackgroundContainer Startup Task
c:\windows\Tasks\RegClean Pro_DEFAULT.job
c:\windows\Tasks\RegClean Pro_UPDATES.job
.
.
((((((((((((((((((((((((( Files Created from 2015-06-15 to 2015-07-15 )))))))))))))))))))))))))))))))
.
.
2015-07-15 22:52 . 2015-07-15 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-15 11:15 . 2015-06-12 07:54 9252600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF7811B-63B7-41CB-A06E-315054D6ECF7}\mpengine.dll
2015-07-14 13:30 . 2015-07-14 13:30 -------- d-----w- c:\program files\TerminusDefender
2015-07-14 13:29 . 2015-07-14 13:30 -------- d-----w- c:\programdata\fdfca3770000471b
2015-07-14 11:59 . 2015-07-14 13:12 -------- d-----w- C:\UsbFix
2015-07-14 09:29 . 2015-07-14 09:29 -------- d-----w- c:\users\wafa\AppData\Local\ESET
2015-07-14 09:27 . 2015-07-14 09:27 -------- d-----w- c:\program files\ESET
2015-07-14 09:00 . 2015-07-14 09:00 -------- d-----w- c:\programdata\IHProtectUpDate
2015-07-14 09:00 . 2015-07-14 11:08 -------- d-----w- c:\program files\MiuiTab
2015-07-14 09:00 . 2015-07-14 09:41 -------- d-----w- c:\programdata\WindowsMangerProtect
2015-07-14 08:58 . 2015-07-14 11:08 -------- d-----w- c:\users\wafa\AppData\Roaming\mystartsearch
2015-07-11 23:39 . 2015-07-14 10:29 -------- d-----w- c:\program files\SystemRaise
2015-07-11 15:02 . 2015-07-11 23:39 -------- d-----w- c:\programdata\2547bfdc00001fe8
2015-07-09 23:00 . 2015-07-09 23:00 -------- d-----w- C:\$AVG
2015-07-09 22:56 . 2015-07-09 23:04 -------- d-----w- c:\users\wafa\AppData\Local\Avg2015
2015-07-09 22:56 . 2015-07-09 22:56 -------- d-----w- c:\users\wafa\AppData\Local\MFAData
2015-07-09 22:15 . 2015-07-11 14:44 -------- d-----w- c:\programdata\{94cc6b0c-37c1-8e15-94cc-c6b0c37cac30}
2015-07-06 11:31 . 2015-07-11 23:39 -------- d-----w- c:\programdata\ea60695f00002953
2015-07-04 13:26 . 2015-07-04 13:26 -------- d-----w- c:\programdata\IDM
2015-07-03 18:09 . 2015-07-03 18:09 -------- d-----w- c:\users\wafa\AppData\Roaming\AVG2015
2015-07-03 18:08 . 2015-07-09 23:03 -------- d-----w- c:\program files\Common Files\AV
2015-07-03 18:08 . 2015-07-03 18:08 -------- d-----w- c:\users\wafa\AppData\Roaming\TuneUp Software
2015-07-03 18:07 . 2015-07-04 22:57 -------- d-----w- c:\programdata\AVG2015
2015-07-03 18:06 . 2015-07-11 14:42 -------- d-----w- c:\program files\AVG
2015-07-03 17:48 . 2015-07-03 17:48 -------- d--h--w- c:\programdata\Common Files
2015-07-03 17:48 . 2015-07-11 14:44 -------- d-----w- c:\programdata\MFAData
2015-07-02 18:10 . 2015-07-02 18:10 -------- d-----w- c:\program files\BiitSaveR
2015-06-22 13:58 . 2015-06-22 13:58 -------- d-----w- c:\program files\Vimium
2015-06-22 13:57 . 2015-06-22 13:57 -------- d-----w- c:\program files\BiitSaveer
2015-06-16 17:42 . 2015-06-16 17:42 -------- d-----w- c:\program files\Shiny Display
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-14 16:39 . 2015-05-13 15:13 24 ----a-w- c:\users\wafa\AppData\Roaming\appdataFr25.bin
2015-06-23 11:27 . 2012-07-13 20:05 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-07 20:21 . 2012-07-07 21:09 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2015-05-22 16:29 . 2015-06-11 07:16 571392 ----a-w- c:\windows\system32\generaltel.dll
2015-05-22 16:28 . 2015-06-11 07:16 621568 ----a-w- c:\windows\system32\invagent.dll
2015-05-22 16:28 . 2015-06-11 07:16 333824 ----a-w- c:\windows\system32\devinv.dll
2015-05-22 16:28 . 2015-06-11 07:16 879104 ----a-w- c:\windows\system32\appraiser.dll
2015-05-22 16:28 . 2015-06-11 07:16 37888 ----a-w- c:\windows\system32\acmigration.dll
2015-05-22 16:28 . 2015-06-11 07:16 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-05-22 16:25 . 2015-06-11 07:16 901120 ----a-w- c:\windows\system32\aeinv.dll
2015-05-21 13:18 . 2015-06-11 07:16 163840 ----a-w- c:\windows\system32\aepic.dll
2015-05-20 12:55 . 2015-05-20 13:57 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-05-12 18:17 . 2015-03-30 09:12 20 ----a-w- c:\users\wafa\AppData\Roaming\appdataFr3.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2014-04-17 1596224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-10-26 859648]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Little transparency.exe]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe
backup=c:\windows\pss\Little transparency.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^wafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ScreenUpdate.lnk]
path=c:\users\wafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenUpdate.lnk
backup=c:\windows\pss\ScreenUpdate.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^wafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Win_update.lnk]
path=c:\users\wafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Win_update.lnk
backup=c:\windows\pss\Win_update.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2013-03-12 14:38 1425952 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2015-05-08 10:58 138096 ----atw- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiMEDIA]
2014-02-21 04:32 1324456 ----a-w- c:\users\wafa\HiPlayer\1.143.0.0\HiPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-01-10 21:44 177432 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-01-10 21:44 142616 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
2010-09-16 02:13 112152 ----a-r- c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2011-03-31 12:38 1092688 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]
2014-01-06 03:15 1283584 ----a-w- c:\users\wafa\AppData\Roaming\newnext.me\nengine.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-01-10 21:44 177944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-10-07 14:39 507776 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-09-11 16:10 2087264 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [x]
R2 1938b941;TerminusDefender;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 DatamngrCoordinator2;Datamngr Coordinator;c:\program files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2014-01-24 342336]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MaintainerSvc2.68.0219210;MaintainerSvc2.68.0219210;c:\programdata\f7d523a7-723b-4679-8c70-0e90e3053cba\maintainer.exe [2015-07-15 128240]
R2 MaintainerSvc6.37.565328;MaintainerSvc6.37.565328;c:\programdata\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [2015-07-15 128240]
R2 Shiny Display;Shiny Display;c:\program files\Shiny Display\Shiny Display.exe [2015-06-16 8016568]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2008-08-29 103552]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 MSICDSetup;MSICDSetup;F:\CDriver.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;F:\NTIOLib.sys [x]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 190464]
R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2014-12-19 1359040]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 99728]
R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-14 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-03-06 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456]
S0 SDActMon;SDActMon;c:\windows\System32\drivers\SDActMon.sys [2013-07-25 123360]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-07 722416]
S1 {01531192-f7ef-415f-a549-cfdb11836731}w;{01531192-f7ef-415f-a549-cfdb11836731}w;c:\windows\system32\drivers\{01531192-f7ef-415f-a549-cfdb11836731}w.sys [2014-04-24 52928]
S1 {70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w;{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w;c:\windows\system32\drivers\{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w.sys [2014-12-01 43152]
S1 {781c47fe-8e73-4938-873f-2850548c7fb4}w;{781c47fe-8e73-4938-873f-2850548c7fb4}w;c:\windows\system32\drivers\{781c47fe-8e73-4938-873f-2850548c7fb4}w.sys [2014-11-30 43152]
S1 {8ca7f150-5454-4b4c-9537-1b831c71d329}w;{8ca7f150-5454-4b4c-9537-1b831c71d329}w;c:\windows\system32\drivers\{8ca7f150-5454-4b4c-9537-1b831c71d329}w.sys [2014-11-19 43152]
S1 {93feeb25-9f23-4de1-b697-6a2c12816bac}w;{93feeb25-9f23-4de1-b697-6a2c12816bac}w;c:\windows\system32\drivers\{93feeb25-9f23-4de1-b697-6a2c12816bac}w.sys [2014-11-23 43152]
S1 {bf07813e-aac8-4cea-bf69-7178c16076ac}w;{bf07813e-aac8-4cea-bf69-7178c16076ac}w;c:\windows\system32\drivers\{bf07813e-aac8-4cea-bf69-7178c16076ac}w.sys [2014-11-21 43152]
S1 {cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w;{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w;c:\windows\system32\drivers\{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w.sys [2014-11-27 43152]
S1 {dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w;{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w;c:\windows\system32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w.sys [2014-11-09 43152]
S1 {e761f54c-32c6-465c-ba31-504773457b77}w;{e761f54c-32c6-465c-ba31-504773457b77}w;c:\windows\system32\drivers\{e761f54c-32c6-465c-ba31-504773457b77}w.sys [2014-11-26 43152]
S1 {f0aab91b-f97e-4d3d-b745-53663865729c}w;{f0aab91b-f97e-4d3d-b745-53663865729c}w;c:\windows\system32\drivers\{f0aab91b-f97e-4d3d-b745-53663865729c}w.sys [2014-11-28 43152]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MaxProtector32;MaxProtector32;c:\windows\system32\drivers\MaxProtector32.sys [2013-07-25 85984]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-31 352848]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 14808]
S2 Update EnterDigital;Update EnterDigital;c:\program files\EnterDigital\updateEnterDigital.exe [2015-07-15 470256]
S2 Util EnterDigital;Util EnterDigital;c:\program files\EnterDigital\bin\utilEnterDigital.exe [2015-07-15 470256]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-13 1066808]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-01-17 350248]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-30 21:39 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 20:00]
.
2015-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559318703-2892093174-3465221388-1000Core.job
- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 10:58]
.
2015-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559318703-2892093174-3465221388-1000UA.job
- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 10:58]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 20:14]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 20:14]
.
.
------- Supplementary Scan -------
.
IE: &Download with DAM - c:\program files\Tensons\Download Accelerator Manager\\addUrl.htm
IE: Download &All with DAM - c:\program files\Tensons\Download Accelerator Manager\\addAllUrls.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Run DAM Media&Grabber - c:\program files\Tensons\Download Accelerator Manager\\runMg.htm
IE: ÊÍãíá ÇáÝíÏíæ ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IEGetAll.htm
IE: ÊÍãíá ÇáãÍÏÏÉ ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: ÊÍãíá ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IEExt.htm
TCP: DhcpNameServer = 192.168.8.1 192.168.8.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{77e8143b-6759-416e-b521-82cfed75150b} - c:\program files\DivX_Browser_Bar\prxtbDivX.dll
Toolbar-10 - (no file)
Toolbar-{77e8143b-6759-416e-b521-82cfed75150b} - c:\program files\DivX_Browser_Bar\prxtbDivX.dll
ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file)
HKLM-Run-SDAutoScan - (no file)
HKU-Default-Run-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
HKU-Default-Run-Skype - c:\program files\Skype\Phone\Skype.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-BackgroundContainer - c:\users\wafa\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
MSConfigStartUp-Google Update - c:\users\wafa\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-HSPALauncher - c:\progra~1\HSPAUS~1\HSPALA~1.EXE
MSConfigStartUp-IDMan - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IDMan.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-WebcamMaxAutoRun - c:\program files\WebcamMax\wcmmon.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\program files\youtubeadblocker\HyGjGi3fZUzrln.exe
AddRemove-UnityWebPlayer - c:\users\wafa\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):4d,ff,5f,d2,05,d3,75,13,e6,34,a5,08,e5,53,20,a7,d8,db,0d,8d,e3,
d3,bd,d1,51,76,64,10,28,c4,1d,d4,ca,43,3f,d2,ca,ad,20,f2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):31,4e,9e,17,24,df,9f,92,8c,c7,49,51,fb,fb,f7,9d,e9,7d,dd,71,2b,
64,e4,bc,78,d3,69,64,88,d5,ca,9c,da,ed,86,2c,a4,d2,8a,09,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{7f20df79-6309-454e-9ade-0b9bed775c4d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014a
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{de46b4d2-8e71-4d7b-ac22-9f28d556abd3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bf
"Therad"=dword:00000024
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,fb,b7,f5,f8,f7,48,11,a9,0d,2f,01,6d,b3,c0,ae,b6,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-16 00:54:02
ComboFix-quarantined-files.txt 2015-07-15 22:54
.
Pre-Run: 123,153,645,568 octets libres
Post-Run: 123,196,080,128 octets libres
.
- - End Of File - - 7D79E2DEF41CB4E75ED9D4E685B893F1
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.966.1036.18.2871.1986 [GMT 2:00]
Running from: c:\users\wafa\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ALlCheeaapPrrice
c:\program files\ALlCheeaapPrrice\EUZ8TPtNJECTeT.dat
c:\program files\ALlCheeaapPrrice\EUZ8TPtNJECTeT.exe
c:\program files\ALlCheeaapPrrice\EUZ8TPtNJECTeT.tlb
c:\program files\BiatSaveR
c:\program files\BiatSaveR\RJGT5SkI6snuZV.dat
c:\program files\BiatSaveR\RJGT5SkI6snuZV.dll
c:\program files\BiatSaveR\RJGT5SkI6snuZV.exe
c:\program files\BiatSaveR\RJGT5SkI6snuZV.tlb
c:\program files\BitSaaverr
c:\program files\BitSaaverr\kAUgjwBzMyMYj4.dat
c:\program files\BitSaaverr\kAUgjwBzMyMYj4.dll
c:\program files\BitSaaverr\kAUgjwBzMyMYj4.exe
c:\program files\BitSaaverr\kAUgjwBzMyMYj4.tlb
c:\program files\BitSAVer
c:\program files\BitSAVer\utY8wXuAFPSd39.dat
c:\program files\BitSAVer\utY8wXuAFPSd39.dll
c:\program files\BitSAVer\utY8wXuAFPSd39.exe
c:\program files\BitSAVer\utY8wXuAFPSd39.tlb
c:\program files\MediaPlayerV1
c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ch\MediaPlayerV1alpha2290.crx
c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\chrome\content\icons\default\MediaPlayerV1alpha2290_32.png
c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\chrome\content\overlay.xul
c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\install.rdf
c:\program files\Skype\Phone\Skype.exe
c:\program files\YoutubeAdblocker
c:\program files\YoutubeAdblocker\HyGjGi3fZUzrln.dat
c:\program files\YoutubeAdblocker\HyGjGi3fZUzrln.exe
c:\program files\YoutubeAdblocker\HyGjGi3fZUzrln.tlb
c:\programdata\7903529744119732636
c:\programdata\7903529744119732636\1547aa30421efb5b76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\2708f9ff3884b3dd76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\37775abd6f6704a276b8eb4afac61bce.ini
c:\programdata\7903529744119732636\4775d99c57b1799e76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\4b432ab495a8993376b8eb4afac61bce.ini
c:\programdata\7903529744119732636\4cc9484e5308b1bc76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\800d0e2f346d2d4976b8eb4afac61bce.ini
c:\programdata\7903529744119732636\8eb0729fbf1cb05276b8eb4afac61bce.ini
c:\programdata\7903529744119732636\954accd1ef18255b76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\ab04ecb30c557b3776b8eb4afac61bce.ini
c:\programdata\7903529744119732636\ad5e6328e91d5a2576b8eb4afac61bce.ini
c:\programdata\7903529744119732636\b064fcb2318aa95b76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\b1b04b8135a80c9776b8eb4afac61bce.ini
c:\programdata\7903529744119732636\bb54bdc50384f4da76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\c5dda8811636467776b8eb4afac61bce.ini
c:\programdata\7903529744119732636\cab7ed1b673b5e5e76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\cd5b15e575e1c3d076b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d10de703829fe2d876b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d1b1b8b13a22620276b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d1b823d8a4cc414976b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d38e8734560118a976b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d6ae24e4beaa0e7276b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d7f7ceff8d57bf9a76b8eb4afac61bce.ini
c:\programdata\7903529744119732636\d88e11b2264d074876b8eb4afac61bce.ini
c:\programdata\7903529744119732636\e1a11ca282117dcd76b8eb4afac61bce.ini
c:\programdata\ntuser.pol
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\wafa\AppData\Local\Win_update\Win_update.exe
c:\users\wafa\AppData\Roaming\baidu\hao123
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\install.rdf
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\bootstrap.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\chrome.manifest
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\content\bg.js
c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\install.rdf
c:\windows\Downloaded Program Files\109778558
c:\windows\Downloaded Program Files\109778558\BaiduSetupAx_0.dll
c:\windows\Downloaded Program Files\1984317
c:\windows\Downloaded Program Files\1984317\BaiduSetupAx_0.dll
c:\windows\Downloaded Program Files\1984317\npxbdsetup.dll
c:\windows\Downloaded Program Files\655368
c:\windows\Downloaded Program Files\655368\SetupAx.dll
c:\windows\system32\1.txt
c:\windows\system32\drivers\MaxTdss.sys
c:\windows\system32\roboot.exe
c:\windows\system32\ShellExt\CmdOpen.dll
c:\windows\system32\Tasks\BackgroundContainer Startup Task
c:\windows\Tasks\RegClean Pro_DEFAULT.job
c:\windows\Tasks\RegClean Pro_UPDATES.job
.
.
((((((((((((((((((((((((( Files Created from 2015-06-15 to 2015-07-15 )))))))))))))))))))))))))))))))
.
.
2015-07-15 22:52 . 2015-07-15 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-15 11:15 . 2015-06-12 07:54 9252600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF7811B-63B7-41CB-A06E-315054D6ECF7}\mpengine.dll
2015-07-14 13:30 . 2015-07-14 13:30 -------- d-----w- c:\program files\TerminusDefender
2015-07-14 13:29 . 2015-07-14 13:30 -------- d-----w- c:\programdata\fdfca3770000471b
2015-07-14 11:59 . 2015-07-14 13:12 -------- d-----w- C:\UsbFix
2015-07-14 09:29 . 2015-07-14 09:29 -------- d-----w- c:\users\wafa\AppData\Local\ESET
2015-07-14 09:27 . 2015-07-14 09:27 -------- d-----w- c:\program files\ESET
2015-07-14 09:00 . 2015-07-14 09:00 -------- d-----w- c:\programdata\IHProtectUpDate
2015-07-14 09:00 . 2015-07-14 11:08 -------- d-----w- c:\program files\MiuiTab
2015-07-14 09:00 . 2015-07-14 09:41 -------- d-----w- c:\programdata\WindowsMangerProtect
2015-07-14 08:58 . 2015-07-14 11:08 -------- d-----w- c:\users\wafa\AppData\Roaming\mystartsearch
2015-07-11 23:39 . 2015-07-14 10:29 -------- d-----w- c:\program files\SystemRaise
2015-07-11 15:02 . 2015-07-11 23:39 -------- d-----w- c:\programdata\2547bfdc00001fe8
2015-07-09 23:00 . 2015-07-09 23:00 -------- d-----w- C:\$AVG
2015-07-09 22:56 . 2015-07-09 23:04 -------- d-----w- c:\users\wafa\AppData\Local\Avg2015
2015-07-09 22:56 . 2015-07-09 22:56 -------- d-----w- c:\users\wafa\AppData\Local\MFAData
2015-07-09 22:15 . 2015-07-11 14:44 -------- d-----w- c:\programdata\{94cc6b0c-37c1-8e15-94cc-c6b0c37cac30}
2015-07-06 11:31 . 2015-07-11 23:39 -------- d-----w- c:\programdata\ea60695f00002953
2015-07-04 13:26 . 2015-07-04 13:26 -------- d-----w- c:\programdata\IDM
2015-07-03 18:09 . 2015-07-03 18:09 -------- d-----w- c:\users\wafa\AppData\Roaming\AVG2015
2015-07-03 18:08 . 2015-07-09 23:03 -------- d-----w- c:\program files\Common Files\AV
2015-07-03 18:08 . 2015-07-03 18:08 -------- d-----w- c:\users\wafa\AppData\Roaming\TuneUp Software
2015-07-03 18:07 . 2015-07-04 22:57 -------- d-----w- c:\programdata\AVG2015
2015-07-03 18:06 . 2015-07-11 14:42 -------- d-----w- c:\program files\AVG
2015-07-03 17:48 . 2015-07-03 17:48 -------- d--h--w- c:\programdata\Common Files
2015-07-03 17:48 . 2015-07-11 14:44 -------- d-----w- c:\programdata\MFAData
2015-07-02 18:10 . 2015-07-02 18:10 -------- d-----w- c:\program files\BiitSaveR
2015-06-22 13:58 . 2015-06-22 13:58 -------- d-----w- c:\program files\Vimium
2015-06-22 13:57 . 2015-06-22 13:57 -------- d-----w- c:\program files\BiitSaveer
2015-06-16 17:42 . 2015-06-16 17:42 -------- d-----w- c:\program files\Shiny Display
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-14 16:39 . 2015-05-13 15:13 24 ----a-w- c:\users\wafa\AppData\Roaming\appdataFr25.bin
2015-06-23 11:27 . 2012-07-13 20:05 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-07 20:21 . 2012-07-07 21:09 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2015-05-22 16:29 . 2015-06-11 07:16 571392 ----a-w- c:\windows\system32\generaltel.dll
2015-05-22 16:28 . 2015-06-11 07:16 621568 ----a-w- c:\windows\system32\invagent.dll
2015-05-22 16:28 . 2015-06-11 07:16 333824 ----a-w- c:\windows\system32\devinv.dll
2015-05-22 16:28 . 2015-06-11 07:16 879104 ----a-w- c:\windows\system32\appraiser.dll
2015-05-22 16:28 . 2015-06-11 07:16 37888 ----a-w- c:\windows\system32\acmigration.dll
2015-05-22 16:28 . 2015-06-11 07:16 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-05-22 16:25 . 2015-06-11 07:16 901120 ----a-w- c:\windows\system32\aeinv.dll
2015-05-21 13:18 . 2015-06-11 07:16 163840 ----a-w- c:\windows\system32\aepic.dll
2015-05-20 12:55 . 2015-05-20 13:57 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-05-12 18:17 . 2015-03-30 09:12 20 ----a-w- c:\users\wafa\AppData\Roaming\appdataFr3.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2014-04-17 1596224]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-10-26 859648]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Little transparency.exe]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe
backup=c:\windows\pss\Little transparency.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^wafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ScreenUpdate.lnk]
path=c:\users\wafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenUpdate.lnk
backup=c:\windows\pss\ScreenUpdate.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^wafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Win_update.lnk]
path=c:\users\wafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Win_update.lnk
backup=c:\windows\pss\Win_update.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2013-03-12 14:38 1425952 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2015-05-08 10:58 138096 ----atw- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiMEDIA]
2014-02-21 04:32 1324456 ----a-w- c:\users\wafa\HiPlayer\1.143.0.0\HiPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-01-10 21:44 177432 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-01-10 21:44 142616 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
2010-09-16 02:13 112152 ----a-r- c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2011-03-31 12:38 1092688 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]
2014-01-06 03:15 1283584 ----a-w- c:\users\wafa\AppData\Roaming\newnext.me\nengine.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-01-10 21:44 177944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-10-07 14:39 507776 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-09-11 16:10 2087264 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [x]
R2 1938b941;TerminusDefender;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 DatamngrCoordinator2;Datamngr Coordinator;c:\program files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2014-01-24 342336]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MaintainerSvc2.68.0219210;MaintainerSvc2.68.0219210;c:\programdata\f7d523a7-723b-4679-8c70-0e90e3053cba\maintainer.exe [2015-07-15 128240]
R2 MaintainerSvc6.37.565328;MaintainerSvc6.37.565328;c:\programdata\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [2015-07-15 128240]
R2 Shiny Display;Shiny Display;c:\program files\Shiny Display\Shiny Display.exe [2015-06-16 8016568]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2008-08-29 103552]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 MSICDSetup;MSICDSetup;F:\CDriver.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;F:\NTIOLib.sys [x]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 190464]
R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2014-12-19 1359040]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 99728]
R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-14 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-03-06 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456]
S0 SDActMon;SDActMon;c:\windows\System32\drivers\SDActMon.sys [2013-07-25 123360]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-07 722416]
S1 {01531192-f7ef-415f-a549-cfdb11836731}w;{01531192-f7ef-415f-a549-cfdb11836731}w;c:\windows\system32\drivers\{01531192-f7ef-415f-a549-cfdb11836731}w.sys [2014-04-24 52928]
S1 {70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w;{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w;c:\windows\system32\drivers\{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w.sys [2014-12-01 43152]
S1 {781c47fe-8e73-4938-873f-2850548c7fb4}w;{781c47fe-8e73-4938-873f-2850548c7fb4}w;c:\windows\system32\drivers\{781c47fe-8e73-4938-873f-2850548c7fb4}w.sys [2014-11-30 43152]
S1 {8ca7f150-5454-4b4c-9537-1b831c71d329}w;{8ca7f150-5454-4b4c-9537-1b831c71d329}w;c:\windows\system32\drivers\{8ca7f150-5454-4b4c-9537-1b831c71d329}w.sys [2014-11-19 43152]
S1 {93feeb25-9f23-4de1-b697-6a2c12816bac}w;{93feeb25-9f23-4de1-b697-6a2c12816bac}w;c:\windows\system32\drivers\{93feeb25-9f23-4de1-b697-6a2c12816bac}w.sys [2014-11-23 43152]
S1 {bf07813e-aac8-4cea-bf69-7178c16076ac}w;{bf07813e-aac8-4cea-bf69-7178c16076ac}w;c:\windows\system32\drivers\{bf07813e-aac8-4cea-bf69-7178c16076ac}w.sys [2014-11-21 43152]
S1 {cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w;{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w;c:\windows\system32\drivers\{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w.sys [2014-11-27 43152]
S1 {dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w;{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w;c:\windows\system32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w.sys [2014-11-09 43152]
S1 {e761f54c-32c6-465c-ba31-504773457b77}w;{e761f54c-32c6-465c-ba31-504773457b77}w;c:\windows\system32\drivers\{e761f54c-32c6-465c-ba31-504773457b77}w.sys [2014-11-26 43152]
S1 {f0aab91b-f97e-4d3d-b745-53663865729c}w;{f0aab91b-f97e-4d3d-b745-53663865729c}w;c:\windows\system32\drivers\{f0aab91b-f97e-4d3d-b745-53663865729c}w.sys [2014-11-28 43152]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MaxProtector32;MaxProtector32;c:\windows\system32\drivers\MaxProtector32.sys [2013-07-25 85984]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-31 352848]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 14808]
S2 Update EnterDigital;Update EnterDigital;c:\program files\EnterDigital\updateEnterDigital.exe [2015-07-15 470256]
S2 Util EnterDigital;Util EnterDigital;c:\program files\EnterDigital\bin\utilEnterDigital.exe [2015-07-15 470256]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-13 1066808]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-01-17 350248]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-30 21:39 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 20:00]
.
2015-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559318703-2892093174-3465221388-1000Core.job
- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 10:58]
.
2015-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559318703-2892093174-3465221388-1000UA.job
- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 10:58]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 20:14]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 20:14]
.
.
------- Supplementary Scan -------
.
IE: &Download with DAM - c:\program files\Tensons\Download Accelerator Manager\\addUrl.htm
IE: Download &All with DAM - c:\program files\Tensons\Download Accelerator Manager\\addAllUrls.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Run DAM Media&Grabber - c:\program files\Tensons\Download Accelerator Manager\\runMg.htm
IE: ÊÍãíá ÇáÝíÏíæ ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IEGetAll.htm
IE: ÊÍãíá ÇáãÍÏÏÉ ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: ÊÍãíá ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IEExt.htm
TCP: DhcpNameServer = 192.168.8.1 192.168.8.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{77e8143b-6759-416e-b521-82cfed75150b} - c:\program files\DivX_Browser_Bar\prxtbDivX.dll
Toolbar-10 - (no file)
Toolbar-{77e8143b-6759-416e-b521-82cfed75150b} - c:\program files\DivX_Browser_Bar\prxtbDivX.dll
ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file)
HKLM-Run-SDAutoScan - (no file)
HKU-Default-Run-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
HKU-Default-Run-Skype - c:\program files\Skype\Phone\Skype.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-BackgroundContainer - c:\users\wafa\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
MSConfigStartUp-Google Update - c:\users\wafa\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-HSPALauncher - c:\progra~1\HSPAUS~1\HSPALA~1.EXE
MSConfigStartUp-IDMan - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IDMan.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-WebcamMaxAutoRun - c:\program files\WebcamMax\wcmmon.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\program files\youtubeadblocker\HyGjGi3fZUzrln.exe
AddRemove-UnityWebPlayer - c:\users\wafa\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):4d,ff,5f,d2,05,d3,75,13,e6,34,a5,08,e5,53,20,a7,d8,db,0d,8d,e3,
d3,bd,d1,51,76,64,10,28,c4,1d,d4,ca,43,3f,d2,ca,ad,20,f2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):31,4e,9e,17,24,df,9f,92,8c,c7,49,51,fb,fb,f7,9d,e9,7d,dd,71,2b,
64,e4,bc,78,d3,69,64,88,d5,ca,9c,da,ed,86,2c,a4,d2,8a,09,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{7f20df79-6309-454e-9ade-0b9bed775c4d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014a
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{de46b4d2-8e71-4d7b-ac22-9f28d556abd3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bf
"Therad"=dword:00000024
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,fb,b7,f5,f8,f7,48,11,a9,0d,2f,01,6d,b3,c0,ae,b6,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-16 00:54:02
ComboFix-quarantined-files.txt 2015-07-15 22:54
.
Pre-Run: 123,153,645,568 octets libres
Post-Run: 123,196,080,128 octets libres
.
- - End Of File - - 7D79E2DEF41CB4E75ED9D4E685B893F1
A36C5E4F47E84449FF07ED3517B43A31