ComboFix 15-08-03.01 - ARABI 2015/08/04 19:36:13.1.4 - x86 Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.213.1036.18.3238.1374 [GMT 2:00] Running from: c:\users\ARABI\Documents\EGDownloads\ComboFix.exe AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D} SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\bestadblocker c:\program files\bestadblocker\5GxehWjAGB0y9X.dat c:\program files\bestadblocker\5GxehWjAGB0y9X.tlb c:\program files\CauTThePorIcuee c:\program files\CauTThePorIcuee\GreVFcTdD0J4cN.dat c:\program files\CauTThePorIcuee\GreVFcTdD0J4cN.tlb c:\programdata\8118519532780455004 c:\programdata\8118519532780455004\1daf8a30887b0eff4b6c848146131429.ini c:\programdata\8118519532780455004\64ab042838c723d04b6c848146131429.ini c:\programdata\8118519532780455004\81f3fdb6d6477376326533d009ea51d7.ini c:\programdata\8118519532780455004\d6ca84262a037bef4b6c848146131429.ini c:\users\ARABI\AppData\Local\assembly\tmp c:\users\ARABI\AppData\Roaming\FoxitReaderUpdateInfo.txt c:\windows\msdownld.tmp c:\windows\system\VI30AUT.DLL c:\windows\system32\afD3DEff.dll c:\windows\system32\networkdlllsp.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_F06DEFF2-5B9C-490D-910F-35D3A9119622 -------\Service_DatamngrCoordinator -------\Service_F06DEFF2-5B9C-490D-910F-35D3A9119622 . . ((((((((((((((((((((((((( Files Created from 2015-07-04 to 2015-08-04 ))))))))))))))))))))))))))))))) . . 2015-08-04 17:58 . 2015-08-04 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-08-04 17:18 . 2015-08-04 18:01 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-08-04 17:18 . 2015-08-04 17:18 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2015-08-04 17:18 . 2015-08-04 17:18 -------- d-----w- c:\programdata\Malwarebytes 2015-08-04 17:18 . 2015-06-18 06:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-08-04 17:18 . 2015-06-18 06:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-08-04 17:18 . 2015-06-18 06:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-08-04 17:10 . 2015-08-04 17:21 -------- d-----w- c:\users\ARABI\AppData\Roaming\ZHP 2015-08-03 15:29 . 2015-08-03 15:29 64000 ----a-w- c:\windows\system32\RICHTX32.oca 2015-08-03 15:29 . 2015-08-03 15:29 241664 ----a-w- c:\windows\system32\comctl32.oca 2015-08-03 15:29 . 2015-08-03 15:29 64000 ----a-w- c:\windows\system32\ieframe.oca 2015-08-02 08:18 . 2015-08-02 08:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09E12389-8BB1-4836-A3F7-10777A4951EC}\offreg.dll 2015-07-29 10:42 . 2015-07-29 10:59 -------- d-----w- c:\users\ARABI\AppData\Local\Temporary Projects 2015-07-26 20:03 . 2015-07-26 20:03 -------- d-----r- C:\MSOCache 2015-07-26 14:42 . 2015-07-26 14:42 -------- d-----w- c:\program files\Universal Extractor 2015-07-23 23:00 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2015-07-23 23:00 . 2009-02-27 01:42 31640 ----a-w- c:\windows\system32\msonpmon.dll 2015-07-23 22:15 . 2015-07-23 22:47 -------- d-----w- c:\program files\CinemaP-1.9cV23.07 2015-07-23 20:41 . 2015-07-23 20:41 -------- d-----w- c:\program files\MapInfo MapX 2015-07-23 20:41 . 2015-07-23 20:42 -------- d-----w- c:\windows\Crystal 2015-07-23 20:41 . 2015-07-23 20:41 -------- d-----w- c:\program files\Seagate Software 2015-07-23 20:10 . 2015-07-23 20:10 25600 ----a-w- c:\windows\system32\MSCOMM32.oca 2015-07-23 20:09 . 2015-07-23 20:09 31744 ----a-w- c:\windows\system32\PropList.oca 2015-07-23 20:09 . 2015-07-23 20:09 62464 ----a-w- c:\windows\system32\ARVIEW2.oca 2015-07-23 20:06 . 2015-07-23 20:06 43008 ----a-w- c:\windows\system32\tabctl32.oca 2015-07-23 13:12 . 2015-07-23 13:12 35840 ----a-w- c:\windows\system32\MSADODC.oca 2015-07-23 13:01 . 2015-07-23 13:01 70144 ----a-w- c:\windows\system32\msdatlst.oca 2015-07-23 13:01 . 2015-07-23 13:01 69632 ----a-w- c:\windows\system32\dblist32.oca 2015-07-23 13:01 . 2015-07-23 13:01 66048 ----a-w- c:\windows\system32\msdatgrd.oca 2015-07-23 11:36 . 2015-07-23 11:36 30720 ----a-w- c:\windows\system32\LVbuttons.oca 2015-07-23 09:34 . 2015-07-23 09:34 48640 ----a-w- c:\windows\system32\msmask32.oca 2015-07-23 01:44 . 2015-07-23 01:44 -------- d-----w- c:\program files\Web Publish 2015-07-23 01:43 . 2015-07-23 01:43 -------- d-----w- c:\windows\msapps 2015-07-22 19:20 . 2015-07-22 19:20 -------- d-----w- c:\users\ARABI\AppData\Local\Deployment 2015-07-22 17:29 . 2015-07-22 17:29 -------- d-----w- c:\program files\Microsoft SQL Server 2015-07-22 17:29 . 2015-07-22 18:22 -------- d-----w- c:\program files\Microsoft Silverlight 2015-07-22 17:28 . 2015-07-22 17:28 -------- d-----w- c:\program files\Microsoft Synchronization Services 2015-07-22 17:28 . 2015-07-22 17:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2015-07-22 17:25 . 2015-08-03 19:57 199488 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2015-07-22 17:22 . 2015-08-03 19:56 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2015-07-22 17:22 . 2015-07-22 17:22 -------- d-----w- c:\program files\Microsoft SDKs 2015-07-22 17:22 . 2015-07-22 17:22 -------- d-----w- c:\program files\Microsoft Help Viewer 2015-07-22 17:00 . 2015-07-22 17:00 -------- d-----w- c:\users\ARABI\AppData\Roaming\Thinstall 2015-07-21 22:56 . 2015-07-21 22:56 -------- d-----w- c:\program files\MSECache 2015-07-21 07:13 . 2015-07-01 02:31 51880 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll 2015-07-21 07:13 . 2015-07-01 04:12 897144 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2015-07-21 07:13 . 2015-07-01 02:31 188584 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll 2015-07-20 16:47 . 2015-07-20 16:47 -------- d-----w- c:\program files\ISO to USB 2015-07-20 15:47 . 2015-07-23 22:47 -------- d-----w- c:\program files\EASY VET 2015-07-20 13:08 . 2015-07-20 13:08 -------- d-----w- c:\users\ARABI\AppData\Roaming\IndigoRose 2015-07-20 12:47 . 2015-07-20 12:47 -------- d-----w- c:\programdata\IndigoRose 2015-07-20 12:47 . 2015-07-20 12:47 -------- d-----w- c:\program files\Setup Factory 9 2015-07-20 11:29 . 2015-07-20 11:29 -------- d-----w- c:\program files\Inno Setup 5 2015-07-18 20:03 . 2015-07-18 20:03 -------- d-----w- c:\users\ARABI\AppData\Roaming\GDG Software 2015-07-18 19:01 . 2015-07-18 19:01 -------- d-----w- c:\users\ARABI\AppData\Roaming\360TotalSecurity 2015-07-18 18:58 . 2015-07-18 18:58 -------- d-----w- c:\program files\XLS Padlock 2.0 2015-07-18 18:44 . 2015-07-18 18:52 -------- d-----w- c:\program files\BeFrugalcom AddOn 2015-07-18 18:43 . 2015-07-18 18:43 -------- d-----w- c:\programdata\gaoefmhlcjphecmomledcpnllgmekgee 2015-07-18 18:42 . 2015-07-18 18:52 -------- d-----w- c:\users\ARABI\AppData\Roaming\Hurtful Team 2015-07-18 18:42 . 2015-07-18 18:52 -------- d-----w- c:\programdata\{69107bc8-9d37-56a1-6910-07bc89d3ef22} 2015-07-15 19:10 . 2015-07-15 19:10 0 ----a-w- c:\windows\prleth.sys 2015-07-15 19:10 . 2015-07-15 19:10 0 ----a-w- c:\windows\hgfs.sys 2015-07-15 19:07 . 2015-07-15 19:07 -------- d-----w- c:\users\ARABI\AppData\Roaming\istartsurf 2015-07-15 19:06 . 2015-07-18 18:52 -------- d-----w- c:\program files\DownChecker 2015-07-11 14:03 . 2015-07-11 14:03 -------- d-----w- c:\programdata\FLEXnet 2015-07-11 12:37 . 2015-07-11 12:37 -------- d-----w- c:\users\ARABI\AppData\Roaming\Ulead Systems 2015-07-11 12:34 . 2015-07-11 12:34 -------- d-----w- c:\programdata\InterVideo 2015-07-11 12:32 . 2015-07-11 12:32 -------- d-----w- c:\programdata\Corel 2015-07-11 12:23 . 2015-07-11 12:23 -------- d-----w- c:\program files\Common Files\Protexis 2015-07-11 12:22 . 2015-07-11 12:22 -------- d-----w- c:\program files\Common Files\Corel 2015-07-11 12:20 . 2015-07-11 12:33 -------- d-----w- c:\programdata\Ulead Systems 2015-07-11 12:20 . 2015-07-11 12:20 -------- d-----w- c:\program files\Common Files\Ulead Systems 2015-07-11 11:43 . 2015-07-11 11:43 -------- d-----w- c:\program files\Common Files\Adobe AIR 2015-07-11 11:25 . 2015-07-11 11:25 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2015-07-11 11:17 . 2004-01-04 21:22 61440 ----a-w- c:\windows\system32\uvbase.dll 2015-07-11 11:06 . 2005-03-01 16:44 102400 ----a-w- c:\windows\system32\uvDV.dll 2015-07-11 11:04 . 2004-01-27 15:13 114688 ----a-w- c:\windows\system32\u32comm.dll 2015-07-11 11:04 . 2004-01-27 15:13 114688 ----a-w- c:\windows\u32comm.dll 2015-07-11 10:59 . 2015-07-11 10:59 -------- d-----w- c:\programdata\eSellerate 2015-07-11 10:59 . 2015-07-11 11:00 -------- d-----w- c:\programdata\SmartSound Software Inc 2015-07-11 10:58 . 2015-07-11 10:58 -------- d-----w- C:\IExp3.tmp 2015-07-11 10:58 . 2015-07-11 10:58 -------- d-----w- C:\IExp2.tmp 2015-07-11 10:57 . 2015-07-12 03:56 -------- d-----w- c:\program files\Common Files\InstallShield 2015-07-11 10:45 . 2015-07-11 10:45 -------- d-----w- c:\programdata\Anvsoft 2015-07-11 10:45 . 2015-07-11 11:20 -------- d-----w- c:\users\ARABI\AppData\Roaming\Wedding Album Maker 2015-07-11 10:42 . 2015-07-11 10:47 -------- d-----w- c:\program files\Wedding Album Maker Gold 2015-07-05 21:43 . 2015-07-05 21:43 -------- d-----w- c:\users\ARABI\Tracing . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-03 10:58 . 2015-07-03 10:59 737280 ----a-w- c:\windows\iun6002.exe 2015-07-01 22:00 . 2015-04-23 14:08 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-07-01 22:00 . 2015-04-23 14:08 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-07-01 15:17 . 2015-05-10 15:40 203856 ----a-w- c:\windows\system32\drivers\360Box.sys 2015-07-01 15:17 . 2015-05-10 15:40 66128 ----a-w- c:\windows\system32\drivers\360AvFlt.sys 2015-07-01 15:17 . 2015-05-10 15:40 287056 ----a-w- c:\windows\system32\drivers\qutmdrv.sys 2015-06-18 10:21 . 2015-04-23 18:47 61752 ----a-w- c:\windows\system32\drivers\eagleGet.sys 2015-05-23 18:17 . 2015-05-23 18:17 119808 ----a-r- c:\users\ARABI\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2015-05-18 10:13 . 2015-05-18 10:13 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys 2015-05-18 10:02 . 2015-05-18 10:02 219136 ----a-w- c:\windows\system32\ncrypt.dll 2015-05-14 07:56 . 2015-04-23 17:56 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2015-05-14 07:55 . 2015-04-23 17:54 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2015-05-14 07:55 . 2015-04-23 17:54 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-07-08 559448] "AtherosBtStack"="c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-03-08 876160] "AthBtTray"="c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2012-03-08 695936] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 142680] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 176472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 175448] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384] "QHSafeTray"="c:\program files\360\Total Security\safemon\QHSafeTray.exe" [2015-07-01 1283192] "Athan"="c:\program files\Athan\Athan.exe" [2014-05-04 1216512] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.149\SSScheduler.exe [2015-6-26 277920] MobileGo Service.lnk - c:\program files\Wondershare\MobileGo for Android\MobileGoService.exe [2014-7-14 103312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R1 lwnfd_1_10_0_14;lwnfd_1_10_0_14;c:\windows\system32\drivers\lwnfd_1_10_0_14.sys [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488] R3 androidusb;Google Device Driver;c:\windows\system32\Drivers\wsadb.sys [2015-03-27 34216] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2013-11-29 1296728] R3 eagleGet;eagleGet;c:\windows\system32\Drivers\eagleGet.sys [2015-06-18 61752] R3 egGetSvc;egGetSvc;c:\program files\EagleGet\EGMonitor.exe [2015-07-10 233472] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [2015-06-26 235696] R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2013-05-06 46160] R3 TorchCrashHandler;Torch Crash Handler;c:\users\ARABI\AppData\Local\Torch\Update\TorchCrashHandler.exe [2015-07-16 1217032] S0 HookPort;HookPort;c:\windows\System32\Drivers\Hookport.sys [2015-04-02 58440] S1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker.sys [2015-04-02 88136] S1 360Box;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box.sys [2015-07-01 203856] S1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera.sys [2015-04-02 34888] S1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2015-04-02 174536] S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [2015-04-02 169040] S1 EfiMon;EfiSystemMon;c:\windows\system32\Drivers\Efimon.sys [2015-04-02 23752] S1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\DRIVERS\qutmdrv.sys [2015-07-01 287056] S1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2015-04-02 45896] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 204064] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-12 176128] S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2012-03-08 87168] S2 Droid4XService;Droid4XService;c:\program files\Droid4X\Droid4XService.exe [2015-04-15 261864] S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2015-06-02 244392] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880] S2 QHActiveDefense;360 Total Security;c:\program files\360\Total Security\safemon\QHActiveDefense.exe [2015-07-01 858232] S2 TechSmith Uploader Service;TechSmith Uploader Service;c:\program files\Common Files\TechSmith Shared\Uploader\UploaderService.exe [2015-01-26 3408384] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-03-08 159360] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files\Dell Wireless\Ath_WlanAgent.exe [2012-03-28 77824] S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys [2015-07-01 66128] S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2015-03-02 77952] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-08 299136] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-08 98432] S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2015-03-02 25728] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2015-03-02 156288] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2015-03-02 64640] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2015-03-02 117888] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2015-01-04 510248] S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2013-09-13 16384] S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 22040] S3 int0800;Intel 28F320C3 Flash Update Device Driver v6.4;c:\windows\system32\DRIVERS\flashud.sys [2009-09-09 42496] S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2014-09-26 368912] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2011-04-10 10783744] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-08-04 98520] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2015-01-15 723160] S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys [2014-12-08 283864] S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys [2015-01-13 1565400] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-11-06 25840] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.search.ask.com/?o=APN10648A&gct=hp&d=448-280&v=n16118-730&t=4 uInternet Settings,ProxyServer = http=;ftp=;https=; IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Download all links with EagleGet - c:\program files\EagleGet\IEGraberBHO.dll/202 IE: Download with EagleGet - c:\program files\EagleGet\IEGraberBHO.dll/201 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: ÊÍãíá Çáßá ÈæÇÓØÉ ÈíÊßæãäÊ - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: ÊÍãíá ÈæÇÓØÉ ÈíÊßæãäÊ - c:\program files\BitComet\BitComet.exe/AddLink.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\ARABI\AppData\Roaming\Mozilla\Firefox\Profiles\vnjzdcoj.default\ FF - prefs.js: browser.search.selectedEngine - istartsurf FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=280&systemid=448&v=n16118-730&apn_dtid=TCH001&apn_ptnrs=AGI&apn_uid=8134720482394325&o=APN10648&q= FF - prefs.js: network.proxy.ftp - 186.167.65.26 FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.gopher - 186.167.65.26 FF - prefs.js: network.proxy.gopher_port - 8080 FF - prefs.js: network.proxy.http - 186.167.65.26 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - 186.167.65.26 FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - 186.167.65.26 FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) AddRemove-CinemaP-1.9cV23.07 - c:\program files\CinemaP-1.9cV23.07\Uninstall.exe AddRemove-Down Checker - c:\program files\DownChecker\uninstall.exe AddRemove-torchimeshmoviestoolbarFF - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\FF\uninstall.exe AddRemove-torchimeshmoviestoolbarIE - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:\program files\bestadblocker\5GxehWjAGB0y9X.exe AddRemove-{A2C98B47-B5F4-94AA-281D-4135416774CF} - c:\program files\CauTThePorIcuee\GreVFcTdD0J4cN.exe AddRemove-{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} - c:\program files\BeFrugalcom AddOn\BeFrugalcom AddOn.exe AddRemove-Opera 29.0.1795.47 - c:\users\ARABI\AppData\Local\Programs\Opera\Launcher.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1719421884-1264264495-3226333432-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):54,dc,71,6c,69,cc,5a,e0,cd,ba,48,c7,09,a0,d1,7b,22,33,54,01,3c, 0f,e3,aa,87,05,bc,de,24,9d,7e,84,ad,8a,77,6a,e9,f8,6e,2a,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-1719421884-1264264495-3226333432-1000_Classes\CLSID\{d5002718-2b5a-402a-a14c-1965558265dc}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000072 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,51,1d,ba,81,de,8f,9f,2d,eb,c7,c8,af,10,fb,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\windows\system32\atieclxx.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\sppsvc.exe c:\program files\Malwarebytes Anti-Malware\mbam.exe c:\windows\system32\conhost.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\HidFind.exe c:\program files\DellTPad\Apntex.exe c:\windows\system32\conhost.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe . ************************************************************************** . Completion time: 2015-08-04 20:21:14 - machine was rebooted ComboFix-quarantined-files.txt 2015-08-04 18:21 . Pre-Run: 14 689 062 912 octets libres Post-Run: 14 869 270 528 octets libres . - - End Of File - - 088F714119D197D12214753D1B146A4D A36C5E4F47E84449FF07ED3517B43A31