Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-07-20.01 - youssef 20/07/2015 16:07:55.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.212.1036.18.2046.1482 [GMT 1:00]
Running from: c:\documents and settings\youssef\Bureau\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ma-config.com
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\activex.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\maconfservice.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\mcstubuser.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\websocketpp.log
c:\documents and settings\All Users\Application Data\ma-config.com\mcbase.db
c:\documents and settings\All Users\Application Data\ma-config.com\server.pem
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\youssef\Application Data\FoxitReaderUpdateInfo.txt
c:\documents and settings\youssef\ZHPDiag3.exe
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\ma-config.inf
c:\program files\ma-config.com\Drivers\ma-config_amd64.cat
c:\program files\ma-config.com\Drivers\ma-config_amd64.sys
c:\program files\ma-config.com\Drivers\ma-config_x86.cat
c:\program files\ma-config.com\Drivers\ma-config_x86.sys
c:\program files\ma-config.com\Langues\LangueMC.ar.resx
c:\program files\ma-config.com\Langues\LangueMC.de.resx
c:\program files\ma-config.com\Langues\LangueMC.en.resx
c:\program files\ma-config.com\Langues\LangueMC.es.resx
c:\program files\ma-config.com\Langues\LangueMC.fr.resx
c:\program files\ma-config.com\Langues\LangueMC.pt.resx
c:\program files\ma-config.com\Langues\LangueMC.ru.resx
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\MaConfigAgent.exe
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\MCDetection.exe
c:\program files\ma-config.com\MCNoyau.dll
c:\program files\ma-config.com\MCrypt.dll
c:\program files\ma-config.com\MCSettings.exe
c:\program files\ma-config.com\MCStubUser.exe
c:\program files\ma-config.com\sqlite3.dll
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1E9.tmp
c:\windows\system32\SET1EA.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ma-config_x86
-------\Legacy_MaConfigAgent
-------\Legacy_ma-config_x86
-------\Legacy_MaConfigAgent
-------\Service_ma-config_x86
-------\Service_MaConfigAgent
-------\Service_ma-config_x86
-------\Service_MaConfigAgent
.
.
((((((((((((((((((((((((( Files Created from 2015-06-20 to 2015-07-20 )))))))))))))))))))))))))))))))
.
.
2015-07-20 14:16 . 2015-07-20 14:43 -------- d-----w- c:\documents and settings\youssef\Application Data\ZHP
2015-07-20 13:24 . 2015-07-20 15:11 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-20 13:24 . 2015-07-20 13:24 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-07-20 13:24 . 2015-06-18 07:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-20 13:24 . 2015-06-18 07:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-19 15:54 . 2015-07-19 15:56 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\Deployment
2015-07-19 15:50 . 2015-07-19 15:50 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\NEGU_Soft
2015-07-19 15:50 . 2015-07-19 15:50 -------- d-----w- c:\program files\Ultimate Control
2015-07-15 18:14 . 2015-07-15 18:14 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\ESET
2015-07-15 18:14 . 2015-07-15 18:14 -------- d-----w- c:\documents and settings\youssef\Application Data\ESET
2015-07-15 18:14 . 2015-07-15 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2015-07-09 13:39 . 2015-07-09 13:39 -------- d-----w- c:\program files\Fichiers communs\Skype
2015-07-09 13:38 . 2015-07-09 13:39 -------- d-----w- c:\program files\Skype
2015-07-08 22:19 . 2015-07-08 22:20 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\Isoplex
2015-07-03 16:16 . 2013-05-02 04:23 181912 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2015-07-03 16:16 . 2013-05-02 04:23 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2015-07-03 16:16 . 2013-05-02 04:23 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2015-07-03 16:16 . 2013-05-02 04:23 181912 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2015-07-03 16:16 . 2013-05-02 04:23 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2015-07-03 16:13 . 2015-07-03 16:13 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\Kingosoft
2015-07-03 16:13 . 2015-07-03 17:03 -------- d-----w- c:\program files\Kingo ROOT
2015-06-27 23:02 . 2015-07-20 13:21 -------- d-----w- C:\AdwCleaner
2015-06-27 21:26 . 2015-06-27 21:49 -------- d-----w- c:\documents and settings\youssef\Application Data\Enigma Software Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 14:19 . 2014-05-23 11:08 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-15 14:19 . 2014-05-23 11:08 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-27 21:27 . 2015-02-20 13:15 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files\AntiDust.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-20 3898960]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-22 1040384]
"Ultimate Control"="c:\program files\Ultimate Control\ucontrol.exe" [2012-08-10 349696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-14 12:00 625664 ----a-w- c:\windows\system32\catsrvut.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0????????
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 14:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeleteMarkAny]
2014-04-30 18:47 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2015-04-20 13:48 3898960 ------w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-06-29 15:41 53282944 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2014-01-07 05:36 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2015-05-12 07:57 1694560 ----a-w- c:\documents and settings\youssef\Application Data\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"KiesPreload"=c:\program files\Samsung\Kies\Kies.exe /preload
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\youssef\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\youssef\\Local Settings\\Application Data\\ROX Player\\roxplayer.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\youssef\\Mes documents\\Downloads\\Windward.Update.17.05.2015\\Windward.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ultimate Control\\ucontrol.exe"=
"c:\\Documents and Settings\\youssef\\Local Settings\\Apps\\2.0\\LB39TXOO.AMZ\\6W0AOTWO.ZX4\\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\\Mobile Buddy.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:RTLDHCP Port
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [18/10/2014 09:25 243128]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [07/12/2014 15:51 127224]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [20/07/2015 14:24 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [20/07/2015 14:24 1133880]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [23/05/2014 11:59 103040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/07/2015 14:24 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [20/07/2015 14:24 98520]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [03/06/2015 16:42 327296]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [03/07/2015 17:16 83864]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys --> c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [10/06/2015 13:15 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [10/06/2015 13:15 10200]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [17/09/2010 11:16 972648]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [03/07/2015 17:16 181912]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [03/07/2015 17:16 181912]
S3 USBET;SPEEDLINK SNAPPY Smart Webcam;c:\windows\system32\drivers\ETdrv.sys [23/05/2014 12:06 5127680]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-14 15:06 991048 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-18 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-15 14:19]
.
2015-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-23 14:19]
.
2015-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-14 09:41]
.
2015-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-14 09:41]
.
2015-07-20 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
- c:\windows\system32\xp_eos.exe [2014-05-23 23:28]
.
2015-07-08 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\windows\system32\xp_eos.exe [2014-05-23 23:28]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{49D150AA-07EB-4DA8-99EA-CD8B230D946A}: NameServer = 109.69.8.51
TCP: Interfaces\{623BFC26-611A-48FF-A96C-11794BF58DA3}: NameServer = 109.69.8.51,192.168.1.1
TCP: Interfaces\{AACE50E2-BDF7-4F66-83BF-ABCC501D9344}: NameServer = 109.69.8.51,192.168.1.1
FF - ProfilePath - c:\documents and settings\youssef\Application Data\Mozilla\Firefox\Profiles\apfcejzg.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.fr/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-Remote Mouse - c:\program files\Remote Mouse\RemoteMouse.exe
HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
MSConfigStartUp-CCleaner Monitoring - c:\program files\CCleaner\CCleaner.exe
MSConfigStartUp-EADM - c:\program files\Origin\Origin.exe
MSConfigStartUp-f - c:\documents and settings\youssef\Local Settings\Application Data\FluxSoftware\Flux\flux.exe
MSConfigStartUp-PC Auto Shutdown - c:\program files\PC Auto Shutdown\AutoShutdown.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-20 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74bea2bc-4680-44ae-88c5-48c228f976f3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000107
"Therad"=dword:0000001d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1d,ce,f7,c7,1f,d4,89,23,a1,c6,1c,8f,77,25,a1,4b,93,55,1b,5c,77,
3f,e8,29,b6,ba,d2,f1,13,2b,95,3f,6b,71,f0,f2,d9,70,2b,a5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1020)
c:\progra~1\FICHIE~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2015-07-20 16:14:18 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-20 15:14
.
Pre-Run: 9 306 980 352 octets libres
Post-Run: 9 457 455 104 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - 711F8220419E0E637F6244182F4DA1CC
C99C3199CFAA4CBDCD91493F6D113A50
Microsoft Windows XP Professionnel 5.1.2600.3.1256.212.1036.18.2046.1482 [GMT 1:00]
Running from: c:\documents and settings\youssef\Bureau\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ma-config.com
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\activex.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\maconfservice.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\mcstubuser.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\websocketpp.log
c:\documents and settings\All Users\Application Data\ma-config.com\mcbase.db
c:\documents and settings\All Users\Application Data\ma-config.com\server.pem
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\youssef\Application Data\FoxitReaderUpdateInfo.txt
c:\documents and settings\youssef\ZHPDiag3.exe
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\ma-config.inf
c:\program files\ma-config.com\Drivers\ma-config_amd64.cat
c:\program files\ma-config.com\Drivers\ma-config_amd64.sys
c:\program files\ma-config.com\Drivers\ma-config_x86.cat
c:\program files\ma-config.com\Drivers\ma-config_x86.sys
c:\program files\ma-config.com\Langues\LangueMC.ar.resx
c:\program files\ma-config.com\Langues\LangueMC.de.resx
c:\program files\ma-config.com\Langues\LangueMC.en.resx
c:\program files\ma-config.com\Langues\LangueMC.es.resx
c:\program files\ma-config.com\Langues\LangueMC.fr.resx
c:\program files\ma-config.com\Langues\LangueMC.pt.resx
c:\program files\ma-config.com\Langues\LangueMC.ru.resx
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\MaConfigAgent.exe
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\MCDetection.exe
c:\program files\ma-config.com\MCNoyau.dll
c:\program files\ma-config.com\MCrypt.dll
c:\program files\ma-config.com\MCSettings.exe
c:\program files\ma-config.com\MCStubUser.exe
c:\program files\ma-config.com\sqlite3.dll
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1E9.tmp
c:\windows\system32\SET1EA.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ma-config_x86
-------\Legacy_MaConfigAgent
-------\Legacy_ma-config_x86
-------\Legacy_MaConfigAgent
-------\Service_ma-config_x86
-------\Service_MaConfigAgent
-------\Service_ma-config_x86
-------\Service_MaConfigAgent
.
.
((((((((((((((((((((((((( Files Created from 2015-06-20 to 2015-07-20 )))))))))))))))))))))))))))))))
.
.
2015-07-20 14:16 . 2015-07-20 14:43 -------- d-----w- c:\documents and settings\youssef\Application Data\ZHP
2015-07-20 13:24 . 2015-07-20 15:11 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-20 13:24 . 2015-07-20 13:24 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-07-20 13:24 . 2015-06-18 07:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-20 13:24 . 2015-06-18 07:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-19 15:54 . 2015-07-19 15:56 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\Deployment
2015-07-19 15:50 . 2015-07-19 15:50 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\NEGU_Soft
2015-07-19 15:50 . 2015-07-19 15:50 -------- d-----w- c:\program files\Ultimate Control
2015-07-15 18:14 . 2015-07-15 18:14 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\ESET
2015-07-15 18:14 . 2015-07-15 18:14 -------- d-----w- c:\documents and settings\youssef\Application Data\ESET
2015-07-15 18:14 . 2015-07-15 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2015-07-09 13:39 . 2015-07-09 13:39 -------- d-----w- c:\program files\Fichiers communs\Skype
2015-07-09 13:38 . 2015-07-09 13:39 -------- d-----w- c:\program files\Skype
2015-07-08 22:19 . 2015-07-08 22:20 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\Isoplex
2015-07-03 16:16 . 2013-05-02 04:23 181912 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2015-07-03 16:16 . 2013-05-02 04:23 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2015-07-03 16:16 . 2013-05-02 04:23 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2015-07-03 16:16 . 2013-05-02 04:23 181912 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2015-07-03 16:16 . 2013-05-02 04:23 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2015-07-03 16:13 . 2015-07-03 16:13 -------- d-----w- c:\documents and settings\youssef\Local Settings\Application Data\Kingosoft
2015-07-03 16:13 . 2015-07-03 17:03 -------- d-----w- c:\program files\Kingo ROOT
2015-06-27 23:02 . 2015-07-20 13:21 -------- d-----w- C:\AdwCleaner
2015-06-27 21:26 . 2015-06-27 21:49 -------- d-----w- c:\documents and settings\youssef\Application Data\Enigma Software Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 14:19 . 2014-05-23 11:08 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-15 14:19 . 2014-05-23 11:08 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-27 21:27 . 2015-02-20 13:15 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files\AntiDust.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-20 3898960]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-22 1040384]
"Ultimate Control"="c:\program files\Ultimate Control\ucontrol.exe" [2012-08-10 349696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2008-04-14 12:00 625664 ----a-w- c:\windows\system32\catsrvut.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0????????
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 14:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeleteMarkAny]
2014-04-30 18:47 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2015-04-20 13:48 3898960 ------w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-06-29 15:41 53282944 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2014-01-07 05:36 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2015-05-12 07:57 1694560 ----a-w- c:\documents and settings\youssef\Application Data\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"KiesPreload"=c:\program files\Samsung\Kies\Kies.exe /preload
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\youssef\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\youssef\\Local Settings\\Application Data\\ROX Player\\roxplayer.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Documents and Settings\\youssef\\Mes documents\\Downloads\\Windward.Update.17.05.2015\\Windward.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ultimate Control\\ucontrol.exe"=
"c:\\Documents and Settings\\youssef\\Local Settings\\Apps\\2.0\\LB39TXOO.AMZ\\6W0AOTWO.ZX4\\mobi..tion_980a95f0dc23f55a_0001.0002_73246d135863784d\\Mobile Buddy.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:RTLDHCP Port
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [18/10/2014 09:25 243128]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [07/12/2014 15:51 127224]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [20/07/2015 14:24 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [20/07/2015 14:24 1133880]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [23/05/2014 11:59 103040]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/07/2015 14:24 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [20/07/2015 14:24 98520]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [03/06/2015 16:42 327296]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [03/07/2015 17:16 83864]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys --> c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [10/06/2015 13:15 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [10/06/2015 13:15 10200]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [17/09/2010 11:16 972648]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [03/07/2015 17:16 181912]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [03/07/2015 17:16 181912]
S3 USBET;SPEEDLINK SNAPPY Smart Webcam;c:\windows\system32\drivers\ETdrv.sys [23/05/2014 12:06 5127680]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-14 15:06 991048 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-18 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-15 14:19]
.
2015-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-23 14:19]
.
2015-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-14 09:41]
.
2015-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-14 09:41]
.
2015-07-20 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
- c:\windows\system32\xp_eos.exe [2014-05-23 23:28]
.
2015-07-08 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\windows\system32\xp_eos.exe [2014-05-23 23:28]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{49D150AA-07EB-4DA8-99EA-CD8B230D946A}: NameServer = 109.69.8.51
TCP: Interfaces\{623BFC26-611A-48FF-A96C-11794BF58DA3}: NameServer = 109.69.8.51,192.168.1.1
TCP: Interfaces\{AACE50E2-BDF7-4F66-83BF-ABCC501D9344}: NameServer = 109.69.8.51,192.168.1.1
FF - ProfilePath - c:\documents and settings\youssef\Application Data\Mozilla\Firefox\Profiles\apfcejzg.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.fr/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-Remote Mouse - c:\program files\Remote Mouse\RemoteMouse.exe
HKLM-Run-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe
MSConfigStartUp-CCleaner Monitoring - c:\program files\CCleaner\CCleaner.exe
MSConfigStartUp-EADM - c:\program files\Origin\Origin.exe
MSConfigStartUp-f - c:\documents and settings\youssef\Local Settings\Application Data\FluxSoftware\Flux\flux.exe
MSConfigStartUp-PC Auto Shutdown - c:\program files\PC Auto Shutdown\AutoShutdown.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-20 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74bea2bc-4680-44ae-88c5-48c228f976f3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000107
"Therad"=dword:0000001d
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):1d,ce,f7,c7,1f,d4,89,23,a1,c6,1c,8f,77,25,a1,4b,93,55,1b,5c,77,
3f,e8,29,b6,ba,d2,f1,13,2b,95,3f,6b,71,f0,f2,d9,70,2b,a5,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1020)
c:\progra~1\FICHIE~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2015-07-20 16:14:18 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-20 15:14
.
Pre-Run: 9 306 980 352 octets libres
Post-Run: 9 457 455 104 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - 711F8220419E0E637F6244182F4DA1CC
C99C3199CFAA4CBDCD91493F6D113A50