ComboFix 15-07-12.01 - wafa 07/16/2015 0:45.1.4 - x86 Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.966.1036.18.2871.1986 [GMT 2:00] Running from: c:\users\wafa\Desktop\ComboFix.exe AV: avast! Internet Security *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\ALlCheeaapPrrice c:\program files\ALlCheeaapPrrice\EUZ8TPtNJECTeT.dat c:\program files\ALlCheeaapPrrice\EUZ8TPtNJECTeT.exe c:\program files\ALlCheeaapPrrice\EUZ8TPtNJECTeT.tlb c:\program files\BiatSaveR c:\program files\BiatSaveR\RJGT5SkI6snuZV.dat c:\program files\BiatSaveR\RJGT5SkI6snuZV.dll c:\program files\BiatSaveR\RJGT5SkI6snuZV.exe c:\program files\BiatSaveR\RJGT5SkI6snuZV.tlb c:\program files\BitSaaverr c:\program files\BitSaaverr\kAUgjwBzMyMYj4.dat c:\program files\BitSaaverr\kAUgjwBzMyMYj4.dll c:\program files\BitSaaverr\kAUgjwBzMyMYj4.exe c:\program files\BitSaaverr\kAUgjwBzMyMYj4.tlb c:\program files\BitSAVer c:\program files\BitSAVer\utY8wXuAFPSd39.dat c:\program files\BitSAVer\utY8wXuAFPSd39.dll c:\program files\BitSAVer\utY8wXuAFPSd39.exe c:\program files\BitSAVer\utY8wXuAFPSd39.tlb c:\program files\MediaPlayerV1 c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ch\MediaPlayerV1alpha2290.crx c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\chrome\content\icons\default\MediaPlayerV1alpha2290_32.png c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\chrome\content\icons\Thumbs.db c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\chrome\content\overlay.xul c:\program files\MediaPlayerV1\MediaPlayerV1alpha2290\ff\install.rdf c:\program files\Skype\Phone\Skype.exe c:\program files\YoutubeAdblocker c:\program files\YoutubeAdblocker\HyGjGi3fZUzrln.dat c:\program files\YoutubeAdblocker\HyGjGi3fZUzrln.exe c:\program files\YoutubeAdblocker\HyGjGi3fZUzrln.tlb c:\programdata\7903529744119732636 c:\programdata\7903529744119732636\1547aa30421efb5b76b8eb4afac61bce.ini c:\programdata\7903529744119732636\2708f9ff3884b3dd76b8eb4afac61bce.ini c:\programdata\7903529744119732636\37775abd6f6704a276b8eb4afac61bce.ini c:\programdata\7903529744119732636\4775d99c57b1799e76b8eb4afac61bce.ini c:\programdata\7903529744119732636\4b432ab495a8993376b8eb4afac61bce.ini c:\programdata\7903529744119732636\4cc9484e5308b1bc76b8eb4afac61bce.ini c:\programdata\7903529744119732636\800d0e2f346d2d4976b8eb4afac61bce.ini c:\programdata\7903529744119732636\8eb0729fbf1cb05276b8eb4afac61bce.ini c:\programdata\7903529744119732636\954accd1ef18255b76b8eb4afac61bce.ini c:\programdata\7903529744119732636\ab04ecb30c557b3776b8eb4afac61bce.ini c:\programdata\7903529744119732636\ad5e6328e91d5a2576b8eb4afac61bce.ini c:\programdata\7903529744119732636\b064fcb2318aa95b76b8eb4afac61bce.ini c:\programdata\7903529744119732636\b1b04b8135a80c9776b8eb4afac61bce.ini c:\programdata\7903529744119732636\bb54bdc50384f4da76b8eb4afac61bce.ini c:\programdata\7903529744119732636\c5dda8811636467776b8eb4afac61bce.ini c:\programdata\7903529744119732636\cab7ed1b673b5e5e76b8eb4afac61bce.ini c:\programdata\7903529744119732636\cd5b15e575e1c3d076b8eb4afac61bce.ini c:\programdata\7903529744119732636\d10de703829fe2d876b8eb4afac61bce.ini c:\programdata\7903529744119732636\d1b1b8b13a22620276b8eb4afac61bce.ini c:\programdata\7903529744119732636\d1b823d8a4cc414976b8eb4afac61bce.ini c:\programdata\7903529744119732636\d38e8734560118a976b8eb4afac61bce.ini c:\programdata\7903529744119732636\d6ae24e4beaa0e7276b8eb4afac61bce.ini c:\programdata\7903529744119732636\d7f7ceff8d57bf9a76b8eb4afac61bce.ini c:\programdata\7903529744119732636\d88e11b2264d074876b8eb4afac61bce.ini c:\programdata\7903529744119732636\e1a11ca282117dcd76b8eb4afac61bce.ini c:\programdata\ntuser.pol c:\programdata\Wincert\WIN32C~1.DLL c:\users\wafa\AppData\Local\Win_update\Win_update.exe c:\users\wafa\AppData\Roaming\baidu\hao123 c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\bootstrap.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\chrome.manifest c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\content\bg.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\cZ@I.edu\install.rdf c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\bootstrap.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\chrome.manifest c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\content\bg.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\N4d@wf2.edu\install.rdf c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\bootstrap.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\chrome.manifest c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\content\bg.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\qOUQ@zHXOczS.com\install.rdf c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\bootstrap.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\chrome.manifest c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\content\bg.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\0W58nz4@Tt.org\install.rdf c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\bootstrap.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\chrome.manifest c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\content\bg.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\dbR@x6y3Z88.edu\install.rdf c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\bootstrap.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\chrome.manifest c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\content\bg.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\Oom8@Bg5Wko.com\install.rdf c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\bootstrap.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\chrome.manifest c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\content\bg.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\qu5drM2@n.net\install.rdf c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\bootstrap.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\chrome.manifest c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\content\bg.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\RE8t0@Or7.net\install.rdf c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\bootstrap.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\chrome.manifest c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\content\bg.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\staged\x5jYRkN@YP.net\install.rdf c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\bootstrap.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\chrome.manifest c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\content\bg.js c:\users\wafa\AppData\Roaming\Mozilla\Firefox\Profiles\28626u33.default\extensions\Wb2RdZZN@d.edu\install.rdf c:\windows\Downloaded Program Files\109778558 c:\windows\Downloaded Program Files\109778558\BaiduSetupAx_0.dll c:\windows\Downloaded Program Files\1984317 c:\windows\Downloaded Program Files\1984317\BaiduSetupAx_0.dll c:\windows\Downloaded Program Files\1984317\npxbdsetup.dll c:\windows\Downloaded Program Files\655368 c:\windows\Downloaded Program Files\655368\SetupAx.dll c:\windows\system32\1.txt c:\windows\system32\drivers\MaxTdss.sys c:\windows\system32\roboot.exe c:\windows\system32\ShellExt\CmdOpen.dll c:\windows\system32\Tasks\BackgroundContainer Startup Task c:\windows\Tasks\RegClean Pro_DEFAULT.job c:\windows\Tasks\RegClean Pro_UPDATES.job . . ((((((((((((((((((((((((( Files Created from 2015-06-15 to 2015-07-15 ))))))))))))))))))))))))))))))) . . 2015-07-15 22:52 . 2015-07-15 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-07-15 11:15 . 2015-06-12 07:54 9252600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF7811B-63B7-41CB-A06E-315054D6ECF7}\mpengine.dll 2015-07-14 13:30 . 2015-07-14 13:30 -------- d-----w- c:\program files\TerminusDefender 2015-07-14 13:29 . 2015-07-14 13:30 -------- d-----w- c:\programdata\fdfca3770000471b 2015-07-14 11:59 . 2015-07-14 13:12 -------- d-----w- C:\UsbFix 2015-07-14 09:29 . 2015-07-14 09:29 -------- d-----w- c:\users\wafa\AppData\Local\ESET 2015-07-14 09:27 . 2015-07-14 09:27 -------- d-----w- c:\program files\ESET 2015-07-14 09:00 . 2015-07-14 09:00 -------- d-----w- c:\programdata\IHProtectUpDate 2015-07-14 09:00 . 2015-07-14 11:08 -------- d-----w- c:\program files\MiuiTab 2015-07-14 09:00 . 2015-07-14 09:41 -------- d-----w- c:\programdata\WindowsMangerProtect 2015-07-14 08:58 . 2015-07-14 11:08 -------- d-----w- c:\users\wafa\AppData\Roaming\mystartsearch 2015-07-11 23:39 . 2015-07-14 10:29 -------- d-----w- c:\program files\SystemRaise 2015-07-11 15:02 . 2015-07-11 23:39 -------- d-----w- c:\programdata\2547bfdc00001fe8 2015-07-09 23:00 . 2015-07-09 23:00 -------- d-----w- C:\$AVG 2015-07-09 22:56 . 2015-07-09 23:04 -------- d-----w- c:\users\wafa\AppData\Local\Avg2015 2015-07-09 22:56 . 2015-07-09 22:56 -------- d-----w- c:\users\wafa\AppData\Local\MFAData 2015-07-09 22:15 . 2015-07-11 14:44 -------- d-----w- c:\programdata\{94cc6b0c-37c1-8e15-94cc-c6b0c37cac30} 2015-07-06 11:31 . 2015-07-11 23:39 -------- d-----w- c:\programdata\ea60695f00002953 2015-07-04 13:26 . 2015-07-04 13:26 -------- d-----w- c:\programdata\IDM 2015-07-03 18:09 . 2015-07-03 18:09 -------- d-----w- c:\users\wafa\AppData\Roaming\AVG2015 2015-07-03 18:08 . 2015-07-09 23:03 -------- d-----w- c:\program files\Common Files\AV 2015-07-03 18:08 . 2015-07-03 18:08 -------- d-----w- c:\users\wafa\AppData\Roaming\TuneUp Software 2015-07-03 18:07 . 2015-07-04 22:57 -------- d-----w- c:\programdata\AVG2015 2015-07-03 18:06 . 2015-07-11 14:42 -------- d-----w- c:\program files\AVG 2015-07-03 17:48 . 2015-07-03 17:48 -------- d--h--w- c:\programdata\Common Files 2015-07-03 17:48 . 2015-07-11 14:44 -------- d-----w- c:\programdata\MFAData 2015-07-02 18:10 . 2015-07-02 18:10 -------- d-----w- c:\program files\BiitSaveR 2015-06-22 13:58 . 2015-06-22 13:58 -------- d-----w- c:\program files\Vimium 2015-06-22 13:57 . 2015-06-22 13:57 -------- d-----w- c:\program files\BiitSaveer 2015-06-16 17:42 . 2015-06-16 17:42 -------- d-----w- c:\program files\Shiny Display . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-14 16:39 . 2015-05-13 15:13 24 ----a-w- c:\users\wafa\AppData\Roaming\appdataFr25.bin 2015-06-23 11:27 . 2012-07-13 20:05 246952 ------w- c:\windows\system32\MpSigStub.exe 2015-06-07 20:21 . 2012-07-07 21:09 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2015-05-22 16:29 . 2015-06-11 07:16 571392 ----a-w- c:\windows\system32\generaltel.dll 2015-05-22 16:28 . 2015-06-11 07:16 621568 ----a-w- c:\windows\system32\invagent.dll 2015-05-22 16:28 . 2015-06-11 07:16 333824 ----a-w- c:\windows\system32\devinv.dll 2015-05-22 16:28 . 2015-06-11 07:16 879104 ----a-w- c:\windows\system32\appraiser.dll 2015-05-22 16:28 . 2015-06-11 07:16 37888 ----a-w- c:\windows\system32\acmigration.dll 2015-05-22 16:28 . 2015-06-11 07:16 202752 ----a-w- c:\windows\system32\aepdu.dll 2015-05-22 16:25 . 2015-06-11 07:16 901120 ----a-w- c:\windows\system32\aeinv.dll 2015-05-21 13:18 . 2015-06-11 07:16 163840 ----a-w- c:\windows\system32\aepic.dll 2015-05-20 12:55 . 2015-05-20 13:57 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2015-05-12 18:17 . 2015-03-30 09:12 20 ----a-w- c:\users\wafa\AppData\Roaming\appdataFr3.bin . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512] "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2014-04-17 1596224] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-10-26 859648] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Little transparency.exe] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe backup=c:\windows\pss\Little transparency.exe.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk backup=c:\windows\pss\RocketDock.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^wafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ScreenUpdate.lnk] path=c:\users\wafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenUpdate.lnk backup=c:\windows\pss\ScreenUpdate.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^wafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Win_update.lnk] path=c:\users\wafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Win_update.lnk backup=c:\windows\pss\Win_update.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray] 2013-03-12 14:38 1425952 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2015-05-08 10:58 138096 ----atw- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiMEDIA] 2014-02-21 04:32 1324456 ----a-w- c:\users\wafa\HiPlayer\1.143.0.0\HiPlayer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2012-01-10 21:44 177432 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2012-01-10 21:44 142616 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS] 2010-09-16 02:13 112152 ----a-r- c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2011-03-31 12:38 1092688 ----a-w- c:\program files\Launch Manager\LManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive] 2014-01-06 03:15 1283584 ----a-w- c:\users\wafa\AppData\Roaming\newnext.me\nengine.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2012-01-10 21:44 177944 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2014-10-07 14:39 507776 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe] 2014-09-11 16:10 2087264 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe . R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [x] R2 1938b941;TerminusDefender;c:\windows\system32\rundll32.exe [2009-07-14 44544] R2 DatamngrCoordinator2;Datamngr Coordinator;c:\program files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x] R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2014-01-24 342336] R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [x] R2 MaintainerSvc2.68.0219210;MaintainerSvc2.68.0219210;c:\programdata\f7d523a7-723b-4679-8c70-0e90e3053cba\maintainer.exe [2015-07-15 128240] R2 MaintainerSvc6.37.565328;MaintainerSvc6.37.565328;c:\programdata\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [2015-07-15 128240] R2 Shiny Display;Shiny Display;c:\program files\Shiny Display\Shiny Display.exe [2015-06-16 8016568] R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x] R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2008-08-29 103552] R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [x] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480] R3 MSICDSetup;MSICDSetup;F:\CDriver.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768] R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NTIOLib_1_0_C;NTIOLib_1_0_C;F:\NTIOLib.sys [x] R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 190464] R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2014-12-19 1359040] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 99728] R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520] R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-14 1343400] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-03-06 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456] S0 SDActMon;SDActMon;c:\windows\System32\drivers\SDActMon.sys [2013-07-25 123360] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-07 722416] S1 {01531192-f7ef-415f-a549-cfdb11836731}w;{01531192-f7ef-415f-a549-cfdb11836731}w;c:\windows\system32\drivers\{01531192-f7ef-415f-a549-cfdb11836731}w.sys [2014-04-24 52928] S1 {70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w;{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w;c:\windows\system32\drivers\{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w.sys [2014-12-01 43152] S1 {781c47fe-8e73-4938-873f-2850548c7fb4}w;{781c47fe-8e73-4938-873f-2850548c7fb4}w;c:\windows\system32\drivers\{781c47fe-8e73-4938-873f-2850548c7fb4}w.sys [2014-11-30 43152] S1 {8ca7f150-5454-4b4c-9537-1b831c71d329}w;{8ca7f150-5454-4b4c-9537-1b831c71d329}w;c:\windows\system32\drivers\{8ca7f150-5454-4b4c-9537-1b831c71d329}w.sys [2014-11-19 43152] S1 {93feeb25-9f23-4de1-b697-6a2c12816bac}w;{93feeb25-9f23-4de1-b697-6a2c12816bac}w;c:\windows\system32\drivers\{93feeb25-9f23-4de1-b697-6a2c12816bac}w.sys [2014-11-23 43152] S1 {bf07813e-aac8-4cea-bf69-7178c16076ac}w;{bf07813e-aac8-4cea-bf69-7178c16076ac}w;c:\windows\system32\drivers\{bf07813e-aac8-4cea-bf69-7178c16076ac}w.sys [2014-11-21 43152] S1 {cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w;{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w;c:\windows\system32\drivers\{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w.sys [2014-11-27 43152] S1 {dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w;{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w;c:\windows\system32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w.sys [2014-11-09 43152] S1 {e761f54c-32c6-465c-ba31-504773457b77}w;{e761f54c-32c6-465c-ba31-504773457b77}w;c:\windows\system32\drivers\{e761f54c-32c6-465c-ba31-504773457b77}w.sys [2014-11-26 43152] S1 {f0aab91b-f97e-4d3d-b745-53663865729c}w;{f0aab91b-f97e-4d3d-b745-53663865729c}w;c:\windows\system32\drivers\{f0aab91b-f97e-4d3d-b745-53663865729c}w.sys [2014-11-28 43152] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 MaxProtector32;MaxProtector32;c:\windows\system32\drivers\MaxProtector32.sys [2013-07-25 85984] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120] S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-31 352848] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 14808] S2 Update EnterDigital;Update EnterDigital;c:\program files\EnterDigital\updateEnterDigital.exe [2015-07-15 470256] S2 Util EnterDigital;Util EnterDigital;c:\program files\EnterDigital\bin\utilEnterDigital.exe [2015-07-15 470256] S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-13 1066808] S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-01-17 350248] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-10-30 21:39 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 20:00] . 2015-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559318703-2892093174-3465221388-1000Core.job - c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 10:58] . 2015-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559318703-2892093174-3465221388-1000UA.job - c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 10:58] . 2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 20:14] . 2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 20:14] . . ------- Supplementary Scan ------- . IE: &Download with DAM - c:\program files\Tensons\Download Accelerator Manager\\addUrl.htm IE: Download &All with DAM - c:\program files\Tensons\Download Accelerator Manager\\addAllUrls.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Run DAM Media&Grabber - c:\program files\Tensons\Download Accelerator Manager\\runMg.htm IE: ÊÍãíá ÇáÝíÏíæ ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: ÊÍãíá Çáßá ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IEGetAll.htm IE: ÊÍãíá ÇáãÍÏÏÉ ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: ÊÍãíá ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IEExt.htm TCP: DhcpNameServer = 192.168.8.1 192.168.8.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file) URLSearchHooks-{77e8143b-6759-416e-b521-82cfed75150b} - c:\program files\DivX_Browser_Bar\prxtbDivX.dll Toolbar-10 - (no file) Toolbar-{77e8143b-6759-416e-b521-82cfed75150b} - c:\program files\DivX_Browser_Bar\prxtbDivX.dll ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file) HKLM-Run-SDAutoScan - (no file) HKU-Default-Run-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe HKU-Default-Run-Skype - c:\program files\Skype\Phone\Skype.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe MSConfigStartUp-BackgroundContainer - c:\users\wafa\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll MSConfigStartUp-Google Update - c:\users\wafa\AppData\Local\Google\Update\GoogleUpdate.exe MSConfigStartUp-HSPALauncher - c:\progra~1\HSPAUS~1\HSPALA~1.EXE MSConfigStartUp-IDMan - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IDMan.exe MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe MSConfigStartUp-WebcamMaxAutoRun - c:\program files\WebcamMax\wcmmon.exe AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\program files\youtubeadblocker\HyGjGi3fZUzrln.exe AddRemove-UnityWebPlayer - c:\users\wafa\AppData\Local\Unity\WebPlayer\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):4d,ff,5f,d2,05,d3,75,13,e6,34,a5,08,e5,53,20,a7,d8,db,0d,8d,e3, d3,bd,d1,51,76,64,10,28,c4,1d,d4,ca,43,3f,d2,ca,ad,20,f2,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):31,4e,9e,17,24,df,9f,92,8c,c7,49,51,fb,fb,f7,9d,e9,7d,dd,71,2b, 64,e4,bc,78,d3,69,64,88,d5,ca,9c,da,ed,86,2c,a4,d2,8a,09,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{7f20df79-6309-454e-9ade-0b9bed775c4d}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000014a "Therad"=dword:0000001d "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{de46b4d2-8e71-4d7b-ac22-9f28d556abd3}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000bf "Therad"=dword:00000024 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,fb,b7,f5,f8,f7,48,11,a9,0d,2f,01,6d,b3,c0,ae,b6,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-07-16 00:54:02 ComboFix-quarantined-files.txt 2015-07-15 22:54 . Pre-Run: 123,153,645,568 octets libres Post-Run: 123,196,080,128 octets libres . - - End Of File - - 7D79E2DEF41CB4E75ED9D4E685B893F1 A36C5E4F47E84449FF07ED3517B43A31