Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-08-03.01 - ARABI 2015/08/04 19:36:13.1.4 - x86
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.213.1036.18.3238.1374 [GMT 2:00]
Running from: c:\users\ARABI\Documents\EGDownloads\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\bestadblocker
c:\program files\bestadblocker\5GxehWjAGB0y9X.dat
c:\program files\bestadblocker\5GxehWjAGB0y9X.tlb
c:\program files\CauTThePorIcuee
c:\program files\CauTThePorIcuee\GreVFcTdD0J4cN.dat
c:\program files\CauTThePorIcuee\GreVFcTdD0J4cN.tlb
c:\programdata\8118519532780455004
c:\programdata\8118519532780455004\1daf8a30887b0eff4b6c848146131429.ini
c:\programdata\8118519532780455004\64ab042838c723d04b6c848146131429.ini
c:\programdata\8118519532780455004\81f3fdb6d6477376326533d009ea51d7.ini
c:\programdata\8118519532780455004\d6ca84262a037bef4b6c848146131429.ini
c:\users\ARABI\AppData\Local\assembly\tmp
c:\users\ARABI\AppData\Roaming\FoxitReaderUpdateInfo.txt
c:\windows\msdownld.tmp
c:\windows\system\VI30AUT.DLL
c:\windows\system32\afD3DEff.dll
c:\windows\system32\networkdlllsp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_F06DEFF2-5B9C-490D-910F-35D3A9119622
-------\Service_DatamngrCoordinator
-------\Service_F06DEFF2-5B9C-490D-910F-35D3A9119622
.
.
((((((((((((((((((((((((( Files Created from 2015-07-04 to 2015-08-04 )))))))))))))))))))))))))))))))
.
.
2015-08-04 17:58 . 2015-08-04 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-04 17:18 . 2015-08-04 18:01 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-04 17:18 . 2015-08-04 17:18 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-08-04 17:18 . 2015-08-04 17:18 -------- d-----w- c:\programdata\Malwarebytes
2015-08-04 17:18 . 2015-06-18 06:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-04 17:18 . 2015-06-18 06:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-04 17:18 . 2015-06-18 06:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-04 17:10 . 2015-08-04 17:21 -------- d-----w- c:\users\ARABI\AppData\Roaming\ZHP
2015-08-03 15:29 . 2015-08-03 15:29 64000 ----a-w- c:\windows\system32\RICHTX32.oca
2015-08-03 15:29 . 2015-08-03 15:29 241664 ----a-w- c:\windows\system32\comctl32.oca
2015-08-03 15:29 . 2015-08-03 15:29 64000 ----a-w- c:\windows\system32\ieframe.oca
2015-08-02 08:18 . 2015-08-02 08:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09E12389-8BB1-4836-A3F7-10777A4951EC}\offreg.dll
2015-07-29 10:42 . 2015-07-29 10:59 -------- d-----w- c:\users\ARABI\AppData\Local\Temporary Projects
2015-07-26 20:03 . 2015-07-26 20:03 -------- d-----r- C:\MSOCache
2015-07-26 14:42 . 2015-07-26 14:42 -------- d-----w- c:\program files\Universal Extractor
2015-07-23 23:00 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2015-07-23 23:00 . 2009-02-27 01:42 31640 ----a-w- c:\windows\system32\msonpmon.dll
2015-07-23 22:15 . 2015-07-23 22:47 -------- d-----w- c:\program files\CinemaP-1.9cV23.07
2015-07-23 20:41 . 2015-07-23 20:41 -------- d-----w- c:\program files\MapInfo MapX
2015-07-23 20:41 . 2015-07-23 20:42 -------- d-----w- c:\windows\Crystal
2015-07-23 20:41 . 2015-07-23 20:41 -------- d-----w- c:\program files\Seagate Software
2015-07-23 20:10 . 2015-07-23 20:10 25600 ----a-w- c:\windows\system32\MSCOMM32.oca
2015-07-23 20:09 . 2015-07-23 20:09 31744 ----a-w- c:\windows\system32\PropList.oca
2015-07-23 20:09 . 2015-07-23 20:09 62464 ----a-w- c:\windows\system32\ARVIEW2.oca
2015-07-23 20:06 . 2015-07-23 20:06 43008 ----a-w- c:\windows\system32\tabctl32.oca
2015-07-23 13:12 . 2015-07-23 13:12 35840 ----a-w- c:\windows\system32\MSADODC.oca
2015-07-23 13:01 . 2015-07-23 13:01 70144 ----a-w- c:\windows\system32\msdatlst.oca
2015-07-23 13:01 . 2015-07-23 13:01 69632 ----a-w- c:\windows\system32\dblist32.oca
2015-07-23 13:01 . 2015-07-23 13:01 66048 ----a-w- c:\windows\system32\msdatgrd.oca
2015-07-23 11:36 . 2015-07-23 11:36 30720 ----a-w- c:\windows\system32\LVbuttons.oca
2015-07-23 09:34 . 2015-07-23 09:34 48640 ----a-w- c:\windows\system32\msmask32.oca
2015-07-23 01:44 . 2015-07-23 01:44 -------- d-----w- c:\program files\Web Publish
2015-07-23 01:43 . 2015-07-23 01:43 -------- d-----w- c:\windows\msapps
2015-07-22 19:20 . 2015-07-22 19:20 -------- d-----w- c:\users\ARABI\AppData\Local\Deployment
2015-07-22 17:29 . 2015-07-22 17:29 -------- d-----w- c:\program files\Microsoft SQL Server
2015-07-22 17:29 . 2015-07-22 18:22 -------- d-----w- c:\program files\Microsoft Silverlight
2015-07-22 17:28 . 2015-07-22 17:28 -------- d-----w- c:\program files\Microsoft Synchronization Services
2015-07-22 17:28 . 2015-07-22 17:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2015-07-22 17:25 . 2015-08-03 19:57 199488 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2015-07-22 17:22 . 2015-08-03 19:56 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2015-07-22 17:22 . 2015-07-22 17:22 -------- d-----w- c:\program files\Microsoft SDKs
2015-07-22 17:22 . 2015-07-22 17:22 -------- d-----w- c:\program files\Microsoft Help Viewer
2015-07-22 17:00 . 2015-07-22 17:00 -------- d-----w- c:\users\ARABI\AppData\Roaming\Thinstall
2015-07-21 22:56 . 2015-07-21 22:56 -------- d-----w- c:\program files\MSECache
2015-07-21 07:13 . 2015-07-01 02:31 51880 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2015-07-21 07:13 . 2015-07-01 04:12 897144 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2015-07-21 07:13 . 2015-07-01 02:31 188584 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-07-20 16:47 . 2015-07-20 16:47 -------- d-----w- c:\program files\ISO to USB
2015-07-20 15:47 . 2015-07-23 22:47 -------- d-----w- c:\program files\EASY VET
2015-07-20 13:08 . 2015-07-20 13:08 -------- d-----w- c:\users\ARABI\AppData\Roaming\IndigoRose
2015-07-20 12:47 . 2015-07-20 12:47 -------- d-----w- c:\programdata\IndigoRose
2015-07-20 12:47 . 2015-07-20 12:47 -------- d-----w- c:\program files\Setup Factory 9
2015-07-20 11:29 . 2015-07-20 11:29 -------- d-----w- c:\program files\Inno Setup 5
2015-07-18 20:03 . 2015-07-18 20:03 -------- d-----w- c:\users\ARABI\AppData\Roaming\GDG Software
2015-07-18 19:01 . 2015-07-18 19:01 -------- d-----w- c:\users\ARABI\AppData\Roaming\360TotalSecurity
2015-07-18 18:58 . 2015-07-18 18:58 -------- d-----w- c:\program files\XLS Padlock 2.0
2015-07-18 18:44 . 2015-07-18 18:52 -------- d-----w- c:\program files\BeFrugalcom AddOn
2015-07-18 18:43 . 2015-07-18 18:43 -------- d-----w- c:\programdata\gaoefmhlcjphecmomledcpnllgmekgee
2015-07-18 18:42 . 2015-07-18 18:52 -------- d-----w- c:\users\ARABI\AppData\Roaming\Hurtful Team
2015-07-18 18:42 . 2015-07-18 18:52 -------- d-----w- c:\programdata\{69107bc8-9d37-56a1-6910-07bc89d3ef22}
2015-07-15 19:10 . 2015-07-15 19:10 0 ----a-w- c:\windows\prleth.sys
2015-07-15 19:10 . 2015-07-15 19:10 0 ----a-w- c:\windows\hgfs.sys
2015-07-15 19:07 . 2015-07-15 19:07 -------- d-----w- c:\users\ARABI\AppData\Roaming\istartsurf
2015-07-15 19:06 . 2015-07-18 18:52 -------- d-----w- c:\program files\DownChecker
2015-07-11 14:03 . 2015-07-11 14:03 -------- d-----w- c:\programdata\FLEXnet
2015-07-11 12:37 . 2015-07-11 12:37 -------- d-----w- c:\users\ARABI\AppData\Roaming\Ulead Systems
2015-07-11 12:34 . 2015-07-11 12:34 -------- d-----w- c:\programdata\InterVideo
2015-07-11 12:32 . 2015-07-11 12:32 -------- d-----w- c:\programdata\Corel
2015-07-11 12:23 . 2015-07-11 12:23 -------- d-----w- c:\program files\Common Files\Protexis
2015-07-11 12:22 . 2015-07-11 12:22 -------- d-----w- c:\program files\Common Files\Corel
2015-07-11 12:20 . 2015-07-11 12:33 -------- d-----w- c:\programdata\Ulead Systems
2015-07-11 12:20 . 2015-07-11 12:20 -------- d-----w- c:\program files\Common Files\Ulead Systems
2015-07-11 11:43 . 2015-07-11 11:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2015-07-11 11:25 . 2015-07-11 11:25 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2015-07-11 11:17 . 2004-01-04 21:22 61440 ----a-w- c:\windows\system32\uvbase.dll
2015-07-11 11:06 . 2005-03-01 16:44 102400 ----a-w- c:\windows\system32\uvDV.dll
2015-07-11 11:04 . 2004-01-27 15:13 114688 ----a-w- c:\windows\system32\u32comm.dll
2015-07-11 11:04 . 2004-01-27 15:13 114688 ----a-w- c:\windows\u32comm.dll
2015-07-11 10:59 . 2015-07-11 10:59 -------- d-----w- c:\programdata\eSellerate
2015-07-11 10:59 . 2015-07-11 11:00 -------- d-----w- c:\programdata\SmartSound Software Inc
2015-07-11 10:58 . 2015-07-11 10:58 -------- d-----w- C:\IExp3.tmp
2015-07-11 10:58 . 2015-07-11 10:58 -------- d-----w- C:\IExp2.tmp
2015-07-11 10:57 . 2015-07-12 03:56 -------- d-----w- c:\program files\Common Files\InstallShield
2015-07-11 10:45 . 2015-07-11 10:45 -------- d-----w- c:\programdata\Anvsoft
2015-07-11 10:45 . 2015-07-11 11:20 -------- d-----w- c:\users\ARABI\AppData\Roaming\Wedding Album Maker
2015-07-11 10:42 . 2015-07-11 10:47 -------- d-----w- c:\program files\Wedding Album Maker Gold
2015-07-05 21:43 . 2015-07-05 21:43 -------- d-----w- c:\users\ARABI\Tracing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-03 10:58 . 2015-07-03 10:59 737280 ----a-w- c:\windows\iun6002.exe
2015-07-01 22:00 . 2015-04-23 14:08 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-01 22:00 . 2015-04-23 14:08 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-01 15:17 . 2015-05-10 15:40 203856 ----a-w- c:\windows\system32\drivers\360Box.sys
2015-07-01 15:17 . 2015-05-10 15:40 66128 ----a-w- c:\windows\system32\drivers\360AvFlt.sys
2015-07-01 15:17 . 2015-05-10 15:40 287056 ----a-w- c:\windows\system32\drivers\qutmdrv.sys
2015-06-18 10:21 . 2015-04-23 18:47 61752 ----a-w- c:\windows\system32\drivers\eagleGet.sys
2015-05-23 18:17 . 2015-05-23 18:17 119808 ----a-r- c:\users\ARABI\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2015-05-18 10:13 . 2015-05-18 10:13 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
2015-05-18 10:02 . 2015-05-18 10:02 219136 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-14 07:56 . 2015-04-23 17:56 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-05-14 07:55 . 2015-04-23 17:54 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-05-14 07:55 . 2015-04-23 17:54 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-07-08 559448]
"AtherosBtStack"="c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-03-08 876160]
"AthBtTray"="c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2012-03-08 695936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 142680]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 176472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 175448]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"QHSafeTray"="c:\program files\360\Total Security\safemon\QHSafeTray.exe" [2015-07-01 1283192]
"Athan"="c:\program files\Athan\Athan.exe" [2014-05-04 1216512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.149\SSScheduler.exe [2015-6-26 277920]
MobileGo Service.lnk - c:\program files\Wondershare\MobileGo for Android\MobileGoService.exe [2014-7-14 103312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 lwnfd_1_10_0_14;lwnfd_1_10_0_14;c:\windows\system32\drivers\lwnfd_1_10_0_14.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R3 androidusb;Google Device Driver;c:\windows\system32\Drivers\wsadb.sys [2015-03-27 34216]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2013-11-29 1296728]
R3 eagleGet;eagleGet;c:\windows\system32\Drivers\eagleGet.sys [2015-06-18 61752]
R3 egGetSvc;egGetSvc;c:\program files\EagleGet\EGMonitor.exe [2015-07-10 233472]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [2015-06-26 235696]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2013-05-06 46160]
R3 TorchCrashHandler;Torch Crash Handler;c:\users\ARABI\AppData\Local\Torch\Update\TorchCrashHandler.exe [2015-07-16 1217032]
S0 HookPort;HookPort;c:\windows\System32\Drivers\Hookport.sys [2015-04-02 58440]
S1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker.sys [2015-04-02 88136]
S1 360Box;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box.sys [2015-07-01 203856]
S1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera.sys [2015-04-02 34888]
S1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2015-04-02 174536]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [2015-04-02 169040]
S1 EfiMon;EfiSystemMon;c:\windows\system32\Drivers\Efimon.sys [2015-04-02 23752]
S1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\DRIVERS\qutmdrv.sys [2015-07-01 287056]
S1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2015-04-02 45896]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 204064]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-12 176128]
S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2012-03-08 87168]
S2 Droid4XService;Droid4XService;c:\program files\Droid4X\Droid4XService.exe [2015-04-15 261864]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2015-06-02 244392]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S2 QHActiveDefense;360 Total Security;c:\program files\360\Total Security\safemon\QHActiveDefense.exe [2015-07-01 858232]
S2 TechSmith Uploader Service;TechSmith Uploader Service;c:\program files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [2015-01-26 3408384]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-03-08 159360]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files\Dell Wireless\Ath_WlanAgent.exe [2012-03-28 77824]
S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys [2015-07-01 66128]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2015-03-02 77952]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-08 299136]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-08 98432]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2015-03-02 25728]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2015-03-02 156288]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2015-03-02 64640]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2015-03-02 117888]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2015-01-04 510248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2013-09-13 16384]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 22040]
S3 int0800;Intel 28F320C3 Flash Update Device Driver v6.4;c:\windows\system32\DRIVERS\flashud.sys [2009-09-09 42496]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2014-09-26 368912]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-04-10 10783744]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-08-04 98520]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2015-01-15 723160]
S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys [2014-12-08 283864]
S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys [2015-01-13 1565400]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-11-06 25840]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.search.ask.com/?o=APN10648A&gct=hp&d=448-280&v=n16118-730&t=4
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Download all links with EagleGet - c:\program files\EagleGet\IEGraberBHO.dll/202
IE: Download with EagleGet - c:\program files\EagleGet\IEGraberBHO.dll/201
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ ÈíÊßæãäÊ - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: ÊÍãíá ÈæÇÓØÉ ÈíÊßæãäÊ - c:\program files\BitComet\BitComet.exe/AddLink.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ARABI\AppData\Roaming\Mozilla\Firefox\Profiles\vnjzdcoj.default\
FF - prefs.js: browser.search.selectedEngine - istartsurf
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=280&systemid=448&v=n16118-730&apn_dtid=TCH001&apn_ptnrs=AGI&apn_uid=8134720482394325&o=APN10648&q=
FF - prefs.js: network.proxy.ftp - 186.167.65.26
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 186.167.65.26
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 186.167.65.26
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 186.167.65.26
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 186.167.65.26
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-CinemaP-1.9cV23.07 - c:\program files\CinemaP-1.9cV23.07\Uninstall.exe
AddRemove-Down Checker - c:\program files\DownChecker\uninstall.exe
AddRemove-torchimeshmoviestoolbarFF - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\FF\uninstall.exe
AddRemove-torchimeshmoviestoolbarIE - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\program files\bestadblocker\5GxehWjAGB0y9X.exe
AddRemove-{A2C98B47-B5F4-94AA-281D-4135416774CF} - c:\program files\CauTThePorIcuee\GreVFcTdD0J4cN.exe
AddRemove-{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} - c:\program files\BeFrugalcom AddOn\BeFrugalcom AddOn.exe
AddRemove-Opera 29.0.1795.47 - c:\users\ARABI\AppData\Local\Programs\Opera\Launcher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1719421884-1264264495-3226333432-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):54,dc,71,6c,69,cc,5a,e0,cd,ba,48,c7,09,a0,d1,7b,22,33,54,01,3c,
0f,e3,aa,87,05,bc,de,24,9d,7e,84,ad,8a,77,6a,e9,f8,6e,2a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1719421884-1264264495-3226333432-1000_Classes\CLSID\{d5002718-2b5a-402a-a14c-1965558265dc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000072
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,51,1d,ba,81,de,8f,9f,2d,eb,c7,c8,af,10,fb,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\sppsvc.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2015-08-04 20:21:14 - machine was rebooted
ComboFix-quarantined-files.txt 2015-08-04 18:21
.
Pre-Run: 14 689 062 912 octets libres
Post-Run: 14 869 270 528 octets libres
.
- - End Of File - - 088F714119D197D12214753D1B146A4D
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.213.1036.18.3238.1374 [GMT 2:00]
Running from: c:\users\ARABI\Documents\EGDownloads\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\bestadblocker
c:\program files\bestadblocker\5GxehWjAGB0y9X.dat
c:\program files\bestadblocker\5GxehWjAGB0y9X.tlb
c:\program files\CauTThePorIcuee
c:\program files\CauTThePorIcuee\GreVFcTdD0J4cN.dat
c:\program files\CauTThePorIcuee\GreVFcTdD0J4cN.tlb
c:\programdata\8118519532780455004
c:\programdata\8118519532780455004\1daf8a30887b0eff4b6c848146131429.ini
c:\programdata\8118519532780455004\64ab042838c723d04b6c848146131429.ini
c:\programdata\8118519532780455004\81f3fdb6d6477376326533d009ea51d7.ini
c:\programdata\8118519532780455004\d6ca84262a037bef4b6c848146131429.ini
c:\users\ARABI\AppData\Local\assembly\tmp
c:\users\ARABI\AppData\Roaming\FoxitReaderUpdateInfo.txt
c:\windows\msdownld.tmp
c:\windows\system\VI30AUT.DLL
c:\windows\system32\afD3DEff.dll
c:\windows\system32\networkdlllsp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_F06DEFF2-5B9C-490D-910F-35D3A9119622
-------\Service_DatamngrCoordinator
-------\Service_F06DEFF2-5B9C-490D-910F-35D3A9119622
.
.
((((((((((((((((((((((((( Files Created from 2015-07-04 to 2015-08-04 )))))))))))))))))))))))))))))))
.
.
2015-08-04 17:58 . 2015-08-04 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-04 17:18 . 2015-08-04 18:01 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-04 17:18 . 2015-08-04 17:18 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-08-04 17:18 . 2015-08-04 17:18 -------- d-----w- c:\programdata\Malwarebytes
2015-08-04 17:18 . 2015-06-18 06:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-04 17:18 . 2015-06-18 06:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-04 17:18 . 2015-06-18 06:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-04 17:10 . 2015-08-04 17:21 -------- d-----w- c:\users\ARABI\AppData\Roaming\ZHP
2015-08-03 15:29 . 2015-08-03 15:29 64000 ----a-w- c:\windows\system32\RICHTX32.oca
2015-08-03 15:29 . 2015-08-03 15:29 241664 ----a-w- c:\windows\system32\comctl32.oca
2015-08-03 15:29 . 2015-08-03 15:29 64000 ----a-w- c:\windows\system32\ieframe.oca
2015-08-02 08:18 . 2015-08-02 08:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09E12389-8BB1-4836-A3F7-10777A4951EC}\offreg.dll
2015-07-29 10:42 . 2015-07-29 10:59 -------- d-----w- c:\users\ARABI\AppData\Local\Temporary Projects
2015-07-26 20:03 . 2015-07-26 20:03 -------- d-----r- C:\MSOCache
2015-07-26 14:42 . 2015-07-26 14:42 -------- d-----w- c:\program files\Universal Extractor
2015-07-23 23:00 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2015-07-23 23:00 . 2009-02-27 01:42 31640 ----a-w- c:\windows\system32\msonpmon.dll
2015-07-23 22:15 . 2015-07-23 22:47 -------- d-----w- c:\program files\CinemaP-1.9cV23.07
2015-07-23 20:41 . 2015-07-23 20:41 -------- d-----w- c:\program files\MapInfo MapX
2015-07-23 20:41 . 2015-07-23 20:42 -------- d-----w- c:\windows\Crystal
2015-07-23 20:41 . 2015-07-23 20:41 -------- d-----w- c:\program files\Seagate Software
2015-07-23 20:10 . 2015-07-23 20:10 25600 ----a-w- c:\windows\system32\MSCOMM32.oca
2015-07-23 20:09 . 2015-07-23 20:09 31744 ----a-w- c:\windows\system32\PropList.oca
2015-07-23 20:09 . 2015-07-23 20:09 62464 ----a-w- c:\windows\system32\ARVIEW2.oca
2015-07-23 20:06 . 2015-07-23 20:06 43008 ----a-w- c:\windows\system32\tabctl32.oca
2015-07-23 13:12 . 2015-07-23 13:12 35840 ----a-w- c:\windows\system32\MSADODC.oca
2015-07-23 13:01 . 2015-07-23 13:01 70144 ----a-w- c:\windows\system32\msdatlst.oca
2015-07-23 13:01 . 2015-07-23 13:01 69632 ----a-w- c:\windows\system32\dblist32.oca
2015-07-23 13:01 . 2015-07-23 13:01 66048 ----a-w- c:\windows\system32\msdatgrd.oca
2015-07-23 11:36 . 2015-07-23 11:36 30720 ----a-w- c:\windows\system32\LVbuttons.oca
2015-07-23 09:34 . 2015-07-23 09:34 48640 ----a-w- c:\windows\system32\msmask32.oca
2015-07-23 01:44 . 2015-07-23 01:44 -------- d-----w- c:\program files\Web Publish
2015-07-23 01:43 . 2015-07-23 01:43 -------- d-----w- c:\windows\msapps
2015-07-22 19:20 . 2015-07-22 19:20 -------- d-----w- c:\users\ARABI\AppData\Local\Deployment
2015-07-22 17:29 . 2015-07-22 17:29 -------- d-----w- c:\program files\Microsoft SQL Server
2015-07-22 17:29 . 2015-07-22 18:22 -------- d-----w- c:\program files\Microsoft Silverlight
2015-07-22 17:28 . 2015-07-22 17:28 -------- d-----w- c:\program files\Microsoft Synchronization Services
2015-07-22 17:28 . 2015-07-22 17:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2015-07-22 17:25 . 2015-08-03 19:57 199488 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2015-07-22 17:22 . 2015-08-03 19:56 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2015-07-22 17:22 . 2015-07-22 17:22 -------- d-----w- c:\program files\Microsoft SDKs
2015-07-22 17:22 . 2015-07-22 17:22 -------- d-----w- c:\program files\Microsoft Help Viewer
2015-07-22 17:00 . 2015-07-22 17:00 -------- d-----w- c:\users\ARABI\AppData\Roaming\Thinstall
2015-07-21 22:56 . 2015-07-21 22:56 -------- d-----w- c:\program files\MSECache
2015-07-21 07:13 . 2015-07-01 02:31 51880 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2015-07-21 07:13 . 2015-07-01 04:12 897144 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2015-07-21 07:13 . 2015-07-01 02:31 188584 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-07-20 16:47 . 2015-07-20 16:47 -------- d-----w- c:\program files\ISO to USB
2015-07-20 15:47 . 2015-07-23 22:47 -------- d-----w- c:\program files\EASY VET
2015-07-20 13:08 . 2015-07-20 13:08 -------- d-----w- c:\users\ARABI\AppData\Roaming\IndigoRose
2015-07-20 12:47 . 2015-07-20 12:47 -------- d-----w- c:\programdata\IndigoRose
2015-07-20 12:47 . 2015-07-20 12:47 -------- d-----w- c:\program files\Setup Factory 9
2015-07-20 11:29 . 2015-07-20 11:29 -------- d-----w- c:\program files\Inno Setup 5
2015-07-18 20:03 . 2015-07-18 20:03 -------- d-----w- c:\users\ARABI\AppData\Roaming\GDG Software
2015-07-18 19:01 . 2015-07-18 19:01 -------- d-----w- c:\users\ARABI\AppData\Roaming\360TotalSecurity
2015-07-18 18:58 . 2015-07-18 18:58 -------- d-----w- c:\program files\XLS Padlock 2.0
2015-07-18 18:44 . 2015-07-18 18:52 -------- d-----w- c:\program files\BeFrugalcom AddOn
2015-07-18 18:43 . 2015-07-18 18:43 -------- d-----w- c:\programdata\gaoefmhlcjphecmomledcpnllgmekgee
2015-07-18 18:42 . 2015-07-18 18:52 -------- d-----w- c:\users\ARABI\AppData\Roaming\Hurtful Team
2015-07-18 18:42 . 2015-07-18 18:52 -------- d-----w- c:\programdata\{69107bc8-9d37-56a1-6910-07bc89d3ef22}
2015-07-15 19:10 . 2015-07-15 19:10 0 ----a-w- c:\windows\prleth.sys
2015-07-15 19:10 . 2015-07-15 19:10 0 ----a-w- c:\windows\hgfs.sys
2015-07-15 19:07 . 2015-07-15 19:07 -------- d-----w- c:\users\ARABI\AppData\Roaming\istartsurf
2015-07-15 19:06 . 2015-07-18 18:52 -------- d-----w- c:\program files\DownChecker
2015-07-11 14:03 . 2015-07-11 14:03 -------- d-----w- c:\programdata\FLEXnet
2015-07-11 12:37 . 2015-07-11 12:37 -------- d-----w- c:\users\ARABI\AppData\Roaming\Ulead Systems
2015-07-11 12:34 . 2015-07-11 12:34 -------- d-----w- c:\programdata\InterVideo
2015-07-11 12:32 . 2015-07-11 12:32 -------- d-----w- c:\programdata\Corel
2015-07-11 12:23 . 2015-07-11 12:23 -------- d-----w- c:\program files\Common Files\Protexis
2015-07-11 12:22 . 2015-07-11 12:22 -------- d-----w- c:\program files\Common Files\Corel
2015-07-11 12:20 . 2015-07-11 12:33 -------- d-----w- c:\programdata\Ulead Systems
2015-07-11 12:20 . 2015-07-11 12:20 -------- d-----w- c:\program files\Common Files\Ulead Systems
2015-07-11 11:43 . 2015-07-11 11:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2015-07-11 11:25 . 2015-07-11 11:25 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2015-07-11 11:17 . 2004-01-04 21:22 61440 ----a-w- c:\windows\system32\uvbase.dll
2015-07-11 11:06 . 2005-03-01 16:44 102400 ----a-w- c:\windows\system32\uvDV.dll
2015-07-11 11:04 . 2004-01-27 15:13 114688 ----a-w- c:\windows\system32\u32comm.dll
2015-07-11 11:04 . 2004-01-27 15:13 114688 ----a-w- c:\windows\u32comm.dll
2015-07-11 10:59 . 2015-07-11 10:59 -------- d-----w- c:\programdata\eSellerate
2015-07-11 10:59 . 2015-07-11 11:00 -------- d-----w- c:\programdata\SmartSound Software Inc
2015-07-11 10:58 . 2015-07-11 10:58 -------- d-----w- C:\IExp3.tmp
2015-07-11 10:58 . 2015-07-11 10:58 -------- d-----w- C:\IExp2.tmp
2015-07-11 10:57 . 2015-07-12 03:56 -------- d-----w- c:\program files\Common Files\InstallShield
2015-07-11 10:45 . 2015-07-11 10:45 -------- d-----w- c:\programdata\Anvsoft
2015-07-11 10:45 . 2015-07-11 11:20 -------- d-----w- c:\users\ARABI\AppData\Roaming\Wedding Album Maker
2015-07-11 10:42 . 2015-07-11 10:47 -------- d-----w- c:\program files\Wedding Album Maker Gold
2015-07-05 21:43 . 2015-07-05 21:43 -------- d-----w- c:\users\ARABI\Tracing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-03 10:58 . 2015-07-03 10:59 737280 ----a-w- c:\windows\iun6002.exe
2015-07-01 22:00 . 2015-04-23 14:08 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-01 22:00 . 2015-04-23 14:08 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-01 15:17 . 2015-05-10 15:40 203856 ----a-w- c:\windows\system32\drivers\360Box.sys
2015-07-01 15:17 . 2015-05-10 15:40 66128 ----a-w- c:\windows\system32\drivers\360AvFlt.sys
2015-07-01 15:17 . 2015-05-10 15:40 287056 ----a-w- c:\windows\system32\drivers\qutmdrv.sys
2015-06-18 10:21 . 2015-04-23 18:47 61752 ----a-w- c:\windows\system32\drivers\eagleGet.sys
2015-05-23 18:17 . 2015-05-23 18:17 119808 ----a-r- c:\users\ARABI\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2015-05-18 10:13 . 2015-05-18 10:13 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
2015-05-18 10:02 . 2015-05-18 10:02 219136 ----a-w- c:\windows\system32\ncrypt.dll
2015-05-14 07:56 . 2015-04-23 17:56 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-05-14 07:55 . 2015-04-23 17:54 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-05-14 07:55 . 2015-04-23 17:54 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-07-08 559448]
"AtherosBtStack"="c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-03-08 876160]
"AthBtTray"="c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2012-03-08 695936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 142680]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 176472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 175448]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"QHSafeTray"="c:\program files\360\Total Security\safemon\QHSafeTray.exe" [2015-07-01 1283192]
"Athan"="c:\program files\Athan\Athan.exe" [2014-05-04 1216512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.149\SSScheduler.exe [2015-6-26 277920]
MobileGo Service.lnk - c:\program files\Wondershare\MobileGo for Android\MobileGoService.exe [2014-7-14 103312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 lwnfd_1_10_0_14;lwnfd_1_10_0_14;c:\windows\system32\drivers\lwnfd_1_10_0_14.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R3 androidusb;Google Device Driver;c:\windows\system32\Drivers\wsadb.sys [2015-03-27 34216]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2013-11-29 1296728]
R3 eagleGet;eagleGet;c:\windows\system32\Drivers\eagleGet.sys [2015-06-18 61752]
R3 egGetSvc;egGetSvc;c:\program files\EagleGet\EGMonitor.exe [2015-07-10 233472]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [2015-06-26 235696]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2013-05-06 46160]
R3 TorchCrashHandler;Torch Crash Handler;c:\users\ARABI\AppData\Local\Torch\Update\TorchCrashHandler.exe [2015-07-16 1217032]
S0 HookPort;HookPort;c:\windows\System32\Drivers\Hookport.sys [2015-04-02 58440]
S1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker.sys [2015-04-02 88136]
S1 360Box;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box.sys [2015-07-01 203856]
S1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera.sys [2015-04-02 34888]
S1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2015-04-02 174536]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [2015-04-02 169040]
S1 EfiMon;EfiSystemMon;c:\windows\system32\Drivers\Efimon.sys [2015-04-02 23752]
S1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\DRIVERS\qutmdrv.sys [2015-07-01 287056]
S1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2015-04-02 45896]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 204064]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-12 176128]
S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2012-03-08 87168]
S2 Droid4XService;Droid4XService;c:\program files\Droid4X\Droid4XService.exe [2015-04-15 261864]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2015-06-02 244392]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S2 QHActiveDefense;360 Total Security;c:\program files\360\Total Security\safemon\QHActiveDefense.exe [2015-07-01 858232]
S2 TechSmith Uploader Service;TechSmith Uploader Service;c:\program files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [2015-01-26 3408384]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-03-08 159360]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files\Dell Wireless\Ath_WlanAgent.exe [2012-03-28 77824]
S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys [2015-07-01 66128]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2015-03-02 77952]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-08 299136]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-08 98432]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2015-03-02 25728]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2015-03-02 156288]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2015-03-02 64640]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2015-03-02 117888]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2015-01-04 510248]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2013-09-13 16384]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 22040]
S3 int0800;Intel 28F320C3 Flash Update Device Driver v6.4;c:\windows\system32\DRIVERS\flashud.sys [2009-09-09 42496]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2014-09-26 368912]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-04-10 10783744]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-08-04 98520]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2015-01-15 723160]
S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys [2014-12-08 283864]
S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys [2015-01-13 1565400]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-11-06 25840]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.search.ask.com/?o=APN10648A&gct=hp&d=448-280&v=n16118-730&t=4
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Download all links with EagleGet - c:\program files\EagleGet\IEGraberBHO.dll/202
IE: Download with EagleGet - c:\program files\EagleGet\IEGraberBHO.dll/201
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ ÈíÊßæãäÊ - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: ÊÍãíá ÈæÇÓØÉ ÈíÊßæãäÊ - c:\program files\BitComet\BitComet.exe/AddLink.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ARABI\AppData\Roaming\Mozilla\Firefox\Profiles\vnjzdcoj.default\
FF - prefs.js: browser.search.selectedEngine - istartsurf
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=280&systemid=448&v=n16118-730&apn_dtid=TCH001&apn_ptnrs=AGI&apn_uid=8134720482394325&o=APN10648&q=
FF - prefs.js: network.proxy.ftp - 186.167.65.26
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 186.167.65.26
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 186.167.65.26
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 186.167.65.26
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 186.167.65.26
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-CinemaP-1.9cV23.07 - c:\program files\CinemaP-1.9cV23.07\Uninstall.exe
AddRemove-Down Checker - c:\program files\DownChecker\uninstall.exe
AddRemove-torchimeshmoviestoolbarFF - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\FF\uninstall.exe
AddRemove-torchimeshmoviestoolbarIE - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe
AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\program files\bestadblocker\5GxehWjAGB0y9X.exe
AddRemove-{A2C98B47-B5F4-94AA-281D-4135416774CF} - c:\program files\CauTThePorIcuee\GreVFcTdD0J4cN.exe
AddRemove-{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} - c:\program files\BeFrugalcom AddOn\BeFrugalcom AddOn.exe
AddRemove-Opera 29.0.1795.47 - c:\users\ARABI\AppData\Local\Programs\Opera\Launcher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1719421884-1264264495-3226333432-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):54,dc,71,6c,69,cc,5a,e0,cd,ba,48,c7,09,a0,d1,7b,22,33,54,01,3c,
0f,e3,aa,87,05,bc,de,24,9d,7e,84,ad,8a,77,6a,e9,f8,6e,2a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1719421884-1264264495-3226333432-1000_Classes\CLSID\{d5002718-2b5a-402a-a14c-1965558265dc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000072
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,51,1d,ba,81,de,8f,9f,2d,eb,c7,c8,af,10,fb,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\sppsvc.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2015-08-04 20:21:14 - machine was rebooted
ComboFix-quarantined-files.txt 2015-08-04 18:21
.
Pre-Run: 14 689 062 912 octets libres
Post-Run: 14 869 270 528 octets libres
.
- - End Of File - - 088F714119D197D12214753D1B146A4D
A36C5E4F47E84449FF07ED3517B43A31