Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-07-12.01 - wafa 07/16/2015 13:40:03.3.4 - x86
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.966.1036.18.2871.1864 [GMT 2:00]
Running from: c:\users\wafa\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IDMNetMon.dll
c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IDMShellExt.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-06-16 to 2015-07-16 )))))))))))))))))))))))))))))))
.
.
2015-07-16 11:45 . 2015-07-16 11:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-15 11:15 . 2015-06-12 07:54 9252600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF7811B-63B7-41CB-A06E-315054D6ECF7}\mpengine.dll
2015-07-14 13:30 . 2015-07-14 13:30 -------- d-----w- c:\program files\TerminusDefender
2015-07-14 13:29 . 2015-07-14 13:30 -------- d-----w- c:\programdata\fdfca3770000471b
2015-07-14 11:59 . 2015-07-14 13:12 -------- d-----w- C:\UsbFix
2015-07-14 09:29 . 2015-07-14 09:29 -------- d-----w- c:\users\wafa\AppData\Local\ESET
2015-07-14 09:27 . 2015-07-14 09:27 -------- d-----w- c:\program files\ESET
2015-07-14 09:00 . 2015-07-14 09:00 -------- d-----w- c:\programdata\IHProtectUpDate
2015-07-14 09:00 . 2015-07-14 11:08 -------- d-----w- c:\program files\MiuiTab
2015-07-14 09:00 . 2015-07-14 09:41 -------- d-----w- c:\programdata\WindowsMangerProtect
2015-07-14 08:58 . 2015-07-14 11:08 -------- d-----w- c:\users\wafa\AppData\Roaming\mystartsearch
2015-07-11 23:39 . 2015-07-14 10:29 -------- d-----w- c:\program files\SystemRaise
2015-07-11 15:02 . 2015-07-11 23:39 -------- d-----w- c:\programdata\2547bfdc00001fe8
2015-07-09 23:00 . 2015-07-09 23:00 -------- d-----w- C:\$AVG
2015-07-09 22:56 . 2015-07-09 23:04 -------- d-----w- c:\users\wafa\AppData\Local\Avg2015
2015-07-09 22:56 . 2015-07-09 22:56 -------- d-----w- c:\users\wafa\AppData\Local\MFAData
2015-07-09 22:15 . 2015-07-11 14:44 -------- d-----w- c:\programdata\{94cc6b0c-37c1-8e15-94cc-c6b0c37cac30}
2015-07-06 11:31 . 2015-07-11 23:39 -------- d-----w- c:\programdata\ea60695f00002953
2015-07-04 13:26 . 2015-07-04 13:26 -------- d-----w- c:\programdata\IDM
2015-07-03 18:09 . 2015-07-03 18:09 -------- d-----w- c:\users\wafa\AppData\Roaming\AVG2015
2015-07-03 18:08 . 2015-07-09 23:03 -------- d-----w- c:\program files\Common Files\AV
2015-07-03 18:08 . 2015-07-03 18:08 -------- d-----w- c:\users\wafa\AppData\Roaming\TuneUp Software
2015-07-03 18:07 . 2015-07-04 22:57 -------- d-----w- c:\programdata\AVG2015
2015-07-03 18:06 . 2015-07-11 14:42 -------- d-----w- c:\program files\AVG
2015-07-03 17:48 . 2015-07-03 17:48 -------- d--h--w- c:\programdata\Common Files
2015-07-03 17:48 . 2015-07-11 14:44 -------- d-----w- c:\programdata\MFAData
2015-07-02 18:10 . 2015-07-02 18:10 -------- d-----w- c:\program files\BiitSaveR
2015-06-22 13:58 . 2015-06-22 13:58 -------- d-----w- c:\program files\Vimium
2015-06-22 13:57 . 2015-06-22 13:57 -------- d-----w- c:\program files\BiitSaveer
2015-06-16 17:42 . 2015-06-16 17:42 -------- d-----w- c:\program files\Shiny Display
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 23:44 . 2015-05-13 15:13 24 ----a-w- c:\users\wafa\AppData\Roaming\appdataFr25.bin
2015-06-23 11:27 . 2012-07-13 20:05 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-07 20:21 . 2012-07-07 21:09 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2015-05-22 16:29 . 2015-06-11 07:16 571392 ----a-w- c:\windows\system32\generaltel.dll
2015-05-22 16:28 . 2015-06-11 07:16 621568 ----a-w- c:\windows\system32\invagent.dll
2015-05-22 16:28 . 2015-06-11 07:16 333824 ----a-w- c:\windows\system32\devinv.dll
2015-05-22 16:28 . 2015-06-11 07:16 879104 ----a-w- c:\windows\system32\appraiser.dll
2015-05-22 16:28 . 2015-06-11 07:16 37888 ----a-w- c:\windows\system32\acmigration.dll
2015-05-22 16:28 . 2015-06-11 07:16 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-05-22 16:25 . 2015-06-11 07:16 901120 ----a-w- c:\windows\system32\aeinv.dll
2015-05-21 13:18 . 2015-06-11 07:16 163840 ----a-w- c:\windows\system32\aepic.dll
2015-05-12 18:17 . 2015-03-30 09:12 20 ----a-w- c:\users\wafa\AppData\Roaming\appdataFr3.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IDMShellExt.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-10-26 859648]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Little transparency.exe]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe
backup=c:\windows\pss\Little transparency.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^wafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ScreenUpdate.lnk]
path=c:\users\wafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenUpdate.lnk
backup=c:\windows\pss\ScreenUpdate.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^wafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Win_update.lnk]
path=c:\users\wafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Win_update.lnk
backup=c:\windows\pss\Win_update.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2013-03-12 14:38 1425952 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2015-05-08 10:58 138096 ----atw- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiMEDIA]
2014-02-21 04:32 1324456 ----a-w- c:\users\wafa\HiPlayer\1.143.0.0\HiPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-01-10 21:44 177432 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-01-10 21:44 142616 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
2010-09-16 02:13 112152 ----a-r- c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2011-03-31 12:38 1092688 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]
2014-01-06 03:15 1283584 ----a-w- c:\users\wafa\AppData\Roaming\newnext.me\nengine.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-01-10 21:44 177944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-10-07 14:39 507776 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-09-11 16:10 2087264 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [x]
R2 1938b941;TerminusDefender;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 DatamngrCoordinator2;Datamngr Coordinator;c:\program files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MaintainerSvc2.68.0219210;MaintainerSvc2.68.0219210;c:\programdata\f7d523a7-723b-4679-8c70-0e90e3053cba\maintainer.exe [2015-07-16 128240]
R2 MaintainerSvc6.37.565328;MaintainerSvc6.37.565328;c:\programdata\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [2015-07-16 128240]
R2 Shiny Display;Shiny Display;c:\program files\Shiny Display\Shiny Display.exe [2015-06-16 8016568]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2008-08-29 103552]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 MSICDSetup;MSICDSetup;F:\CDriver.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;F:\NTIOLib.sys [x]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 190464]
R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2014-12-19 1359040]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 99728]
R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-14 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-03-06 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456]
S0 SDActMon;SDActMon;c:\windows\System32\drivers\SDActMon.sys [2013-07-25 123360]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-07 722416]
S1 {01531192-f7ef-415f-a549-cfdb11836731}w;{01531192-f7ef-415f-a549-cfdb11836731}w;c:\windows\system32\drivers\{01531192-f7ef-415f-a549-cfdb11836731}w.sys [2014-04-24 52928]
S1 {70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w;{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w;c:\windows\system32\drivers\{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w.sys [2014-12-01 43152]
S1 {781c47fe-8e73-4938-873f-2850548c7fb4}w;{781c47fe-8e73-4938-873f-2850548c7fb4}w;c:\windows\system32\drivers\{781c47fe-8e73-4938-873f-2850548c7fb4}w.sys [2014-11-30 43152]
S1 {8ca7f150-5454-4b4c-9537-1b831c71d329}w;{8ca7f150-5454-4b4c-9537-1b831c71d329}w;c:\windows\system32\drivers\{8ca7f150-5454-4b4c-9537-1b831c71d329}w.sys [2014-11-19 43152]
S1 {93feeb25-9f23-4de1-b697-6a2c12816bac}w;{93feeb25-9f23-4de1-b697-6a2c12816bac}w;c:\windows\system32\drivers\{93feeb25-9f23-4de1-b697-6a2c12816bac}w.sys [2014-11-23 43152]
S1 {bf07813e-aac8-4cea-bf69-7178c16076ac}w;{bf07813e-aac8-4cea-bf69-7178c16076ac}w;c:\windows\system32\drivers\{bf07813e-aac8-4cea-bf69-7178c16076ac}w.sys [2014-11-21 43152]
S1 {cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w;{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w;c:\windows\system32\drivers\{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w.sys [2014-11-27 43152]
S1 {dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w;{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w;c:\windows\system32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w.sys [2014-11-09 43152]
S1 {e761f54c-32c6-465c-ba31-504773457b77}w;{e761f54c-32c6-465c-ba31-504773457b77}w;c:\windows\system32\drivers\{e761f54c-32c6-465c-ba31-504773457b77}w.sys [2014-11-26 43152]
S1 {f0aab91b-f97e-4d3d-b745-53663865729c}w;{f0aab91b-f97e-4d3d-b745-53663865729c}w;c:\windows\system32\drivers\{f0aab91b-f97e-4d3d-b745-53663865729c}w.sys [2014-11-28 43152]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MaxProtector32;MaxProtector32;c:\windows\system32\drivers\MaxProtector32.sys [2013-07-25 85984]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-31 352848]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-11-29 115752]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 14808]
S2 Update EnterDigital;Update EnterDigital;c:\program files\EnterDigital\updateEnterDigital.exe [2015-07-15 470256]
S2 Util EnterDigital;Util EnterDigital;c:\program files\EnterDigital\bin\utilEnterDigital.exe [2015-07-16 473840]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-13 1066808]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-01-17 350248]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-30 21:39 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 20:00]
.
2015-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559318703-2892093174-3465221388-1000Core.job
- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 10:58]
.
2015-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559318703-2892093174-3465221388-1000UA.job
- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 10:58]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 20:14]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 20:14]
.
.
------- Supplementary Scan -------
.
IE: &Download with DAM - c:\program files\Tensons\Download Accelerator Manager\\addUrl.htm
IE: Download &All with DAM - c:\program files\Tensons\Download Accelerator Manager\\addAllUrls.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Run DAM Media&Grabber - c:\program files\Tensons\Download Accelerator Manager\\runMg.htm
IE: ÊÍãíá ÇáÝíÏíæ ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IEGetAll.htm
IE: ÊÍãíá ÇáãÍÏÏÉ ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: ÊÍãíá ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IEExt.htm
TCP: DhcpNameServer = 192.168.8.1 192.168.8.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
AddRemove-Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):4d,ff,5f,d2,05,d3,75,13,e6,34,a5,08,e5,53,20,a7,d8,db,0d,8d,e3,
d3,bd,d1,51,76,64,10,28,c4,1d,d4,ca,43,3f,d2,ca,ad,20,f2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):31,4e,9e,17,24,df,9f,92,8c,c7,49,51,fb,fb,f7,9d,e9,7d,dd,71,2b,
64,e4,bc,78,d3,69,64,88,d5,ca,9c,da,ed,86,2c,a4,d2,8a,09,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{7f20df79-6309-454e-9ade-0b9bed775c4d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014a
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{de46b4d2-8e71-4d7b-ac22-9f28d556abd3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bf
"Therad"=dword:00000024
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,fb,b7,f5,f8,f7,48,11,a9,0d,2f,01,6d,b3,c0,ae,b6,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-16 13:47:26
ComboFix-quarantined-files.txt 2015-07-16 11:47
ComboFix2.txt 2015-07-15 22:54
.
Pre-Run: 122,429,640,704 octets libres
Post-Run: 122,398,068,736 octets libres
.
- - End Of File - - 3F1E21DCEC92F8EFC877BC2BEB94EBAB
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.966.1036.18.2871.1864 [GMT 2:00]
Running from: c:\users\wafa\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IDMNetMon.dll
c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IDMShellExt.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-06-16 to 2015-07-16 )))))))))))))))))))))))))))))))
.
.
2015-07-16 11:45 . 2015-07-16 11:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-15 11:15 . 2015-06-12 07:54 9252600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBF7811B-63B7-41CB-A06E-315054D6ECF7}\mpengine.dll
2015-07-14 13:30 . 2015-07-14 13:30 -------- d-----w- c:\program files\TerminusDefender
2015-07-14 13:29 . 2015-07-14 13:30 -------- d-----w- c:\programdata\fdfca3770000471b
2015-07-14 11:59 . 2015-07-14 13:12 -------- d-----w- C:\UsbFix
2015-07-14 09:29 . 2015-07-14 09:29 -------- d-----w- c:\users\wafa\AppData\Local\ESET
2015-07-14 09:27 . 2015-07-14 09:27 -------- d-----w- c:\program files\ESET
2015-07-14 09:00 . 2015-07-14 09:00 -------- d-----w- c:\programdata\IHProtectUpDate
2015-07-14 09:00 . 2015-07-14 11:08 -------- d-----w- c:\program files\MiuiTab
2015-07-14 09:00 . 2015-07-14 09:41 -------- d-----w- c:\programdata\WindowsMangerProtect
2015-07-14 08:58 . 2015-07-14 11:08 -------- d-----w- c:\users\wafa\AppData\Roaming\mystartsearch
2015-07-11 23:39 . 2015-07-14 10:29 -------- d-----w- c:\program files\SystemRaise
2015-07-11 15:02 . 2015-07-11 23:39 -------- d-----w- c:\programdata\2547bfdc00001fe8
2015-07-09 23:00 . 2015-07-09 23:00 -------- d-----w- C:\$AVG
2015-07-09 22:56 . 2015-07-09 23:04 -------- d-----w- c:\users\wafa\AppData\Local\Avg2015
2015-07-09 22:56 . 2015-07-09 22:56 -------- d-----w- c:\users\wafa\AppData\Local\MFAData
2015-07-09 22:15 . 2015-07-11 14:44 -------- d-----w- c:\programdata\{94cc6b0c-37c1-8e15-94cc-c6b0c37cac30}
2015-07-06 11:31 . 2015-07-11 23:39 -------- d-----w- c:\programdata\ea60695f00002953
2015-07-04 13:26 . 2015-07-04 13:26 -------- d-----w- c:\programdata\IDM
2015-07-03 18:09 . 2015-07-03 18:09 -------- d-----w- c:\users\wafa\AppData\Roaming\AVG2015
2015-07-03 18:08 . 2015-07-09 23:03 -------- d-----w- c:\program files\Common Files\AV
2015-07-03 18:08 . 2015-07-03 18:08 -------- d-----w- c:\users\wafa\AppData\Roaming\TuneUp Software
2015-07-03 18:07 . 2015-07-04 22:57 -------- d-----w- c:\programdata\AVG2015
2015-07-03 18:06 . 2015-07-11 14:42 -------- d-----w- c:\program files\AVG
2015-07-03 17:48 . 2015-07-03 17:48 -------- d--h--w- c:\programdata\Common Files
2015-07-03 17:48 . 2015-07-11 14:44 -------- d-----w- c:\programdata\MFAData
2015-07-02 18:10 . 2015-07-02 18:10 -------- d-----w- c:\program files\BiitSaveR
2015-06-22 13:58 . 2015-06-22 13:58 -------- d-----w- c:\program files\Vimium
2015-06-22 13:57 . 2015-06-22 13:57 -------- d-----w- c:\program files\BiitSaveer
2015-06-16 17:42 . 2015-06-16 17:42 -------- d-----w- c:\program files\Shiny Display
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 23:44 . 2015-05-13 15:13 24 ----a-w- c:\users\wafa\AppData\Roaming\appdataFr25.bin
2015-06-23 11:27 . 2012-07-13 20:05 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-07 20:21 . 2012-07-07 21:09 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2015-05-22 16:29 . 2015-06-11 07:16 571392 ----a-w- c:\windows\system32\generaltel.dll
2015-05-22 16:28 . 2015-06-11 07:16 621568 ----a-w- c:\windows\system32\invagent.dll
2015-05-22 16:28 . 2015-06-11 07:16 333824 ----a-w- c:\windows\system32\devinv.dll
2015-05-22 16:28 . 2015-06-11 07:16 879104 ----a-w- c:\windows\system32\appraiser.dll
2015-05-22 16:28 . 2015-06-11 07:16 37888 ----a-w- c:\windows\system32\acmigration.dll
2015-05-22 16:28 . 2015-06-11 07:16 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-05-22 16:25 . 2015-06-11 07:16 901120 ----a-w- c:\windows\system32\aeinv.dll
2015-05-21 13:18 . 2015-06-11 07:16 163840 ----a-w- c:\windows\system32\aepic.dll
2015-05-12 18:17 . 2015-03-30 09:12 20 ----a-w- c:\users\wafa\AppData\Roaming\appdataFr3.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IDMShellExt.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-10-26 859648]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Little transparency.exe]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Little transparency.exe
backup=c:\windows\pss\Little transparency.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^wafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ScreenUpdate.lnk]
path=c:\users\wafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenUpdate.lnk
backup=c:\windows\pss\ScreenUpdate.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^wafa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Win_update.lnk]
path=c:\users\wafa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Win_update.lnk
backup=c:\windows\pss\Win_update.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray]
2013-03-12 14:38 1425952 ----a-w- c:\program files\Fighters\Tray\FightersTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2015-05-08 10:58 138096 ----atw- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiMEDIA]
2014-02-21 04:32 1324456 ----a-w- c:\users\wafa\HiPlayer\1.143.0.0\HiPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-01-10 21:44 177432 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-01-10 21:44 142616 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSS]
2010-09-16 02:13 112152 ----a-r- c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2011-03-31 12:38 1092688 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NextLive]
2014-01-06 03:15 1283584 ----a-w- c:\users\wafa\AppData\Roaming\newnext.me\nengine.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-01-10 21:44 177944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-10-07 14:39 507776 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-09-11 16:10 2087264 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [x]
R2 1938b941;TerminusDefender;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 DatamngrCoordinator2;Datamngr Coordinator;c:\program files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MaintainerSvc2.68.0219210;MaintainerSvc2.68.0219210;c:\programdata\f7d523a7-723b-4679-8c70-0e90e3053cba\maintainer.exe [2015-07-16 128240]
R2 MaintainerSvc6.37.565328;MaintainerSvc6.37.565328;c:\programdata\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [2015-07-16 128240]
R2 Shiny Display;Shiny Display;c:\program files\Shiny Display\Shiny Display.exe [2015-06-16 8016568]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2008-08-29 103552]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 MSICDSetup;MSICDSetup;F:\CDriver.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;F:\NTIOLib.sys [x]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 190464]
R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2014-12-19 1359040]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 99728]
R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-14 1343400]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-03-06 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456]
S0 SDActMon;SDActMon;c:\windows\System32\drivers\SDActMon.sys [2013-07-25 123360]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-07-07 722416]
S1 {01531192-f7ef-415f-a549-cfdb11836731}w;{01531192-f7ef-415f-a549-cfdb11836731}w;c:\windows\system32\drivers\{01531192-f7ef-415f-a549-cfdb11836731}w.sys [2014-04-24 52928]
S1 {70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w;{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w;c:\windows\system32\drivers\{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}w.sys [2014-12-01 43152]
S1 {781c47fe-8e73-4938-873f-2850548c7fb4}w;{781c47fe-8e73-4938-873f-2850548c7fb4}w;c:\windows\system32\drivers\{781c47fe-8e73-4938-873f-2850548c7fb4}w.sys [2014-11-30 43152]
S1 {8ca7f150-5454-4b4c-9537-1b831c71d329}w;{8ca7f150-5454-4b4c-9537-1b831c71d329}w;c:\windows\system32\drivers\{8ca7f150-5454-4b4c-9537-1b831c71d329}w.sys [2014-11-19 43152]
S1 {93feeb25-9f23-4de1-b697-6a2c12816bac}w;{93feeb25-9f23-4de1-b697-6a2c12816bac}w;c:\windows\system32\drivers\{93feeb25-9f23-4de1-b697-6a2c12816bac}w.sys [2014-11-23 43152]
S1 {bf07813e-aac8-4cea-bf69-7178c16076ac}w;{bf07813e-aac8-4cea-bf69-7178c16076ac}w;c:\windows\system32\drivers\{bf07813e-aac8-4cea-bf69-7178c16076ac}w.sys [2014-11-21 43152]
S1 {cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w;{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w;c:\windows\system32\drivers\{cb0b6f3d-aa8b-4a68-acf6-6ff30e1d0243}w.sys [2014-11-27 43152]
S1 {dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w;{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w;c:\windows\system32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}w.sys [2014-11-09 43152]
S1 {e761f54c-32c6-465c-ba31-504773457b77}w;{e761f54c-32c6-465c-ba31-504773457b77}w;c:\windows\system32\drivers\{e761f54c-32c6-465c-ba31-504773457b77}w.sys [2014-11-26 43152]
S1 {f0aab91b-f97e-4d3d-b745-53663865729c}w;{f0aab91b-f97e-4d3d-b745-53663865729c}w;c:\windows\system32\drivers\{f0aab91b-f97e-4d3d-b745-53663865729c}w.sys [2014-11-28 43152]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MaxProtector32;MaxProtector32;c:\windows\system32\drivers\MaxProtector32.sys [2013-07-25 85984]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-31 352848]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-11-29 115752]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 14808]
S2 Update EnterDigital;Update EnterDigital;c:\program files\EnterDigital\updateEnterDigital.exe [2015-07-15 470256]
S2 Util EnterDigital;Util EnterDigital;c:\program files\EnterDigital\bin\utilEnterDigital.exe [2015-07-16 473840]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-13 1066808]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-01-17 350248]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-30 21:39 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 20:00]
.
2015-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559318703-2892093174-3465221388-1000Core.job
- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 10:58]
.
2015-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2559318703-2892093174-3465221388-1000UA.job
- c:\users\wafa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-14 10:58]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 20:14]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-04 20:14]
.
.
------- Supplementary Scan -------
.
IE: &Download with DAM - c:\program files\Tensons\Download Accelerator Manager\\addUrl.htm
IE: Download &All with DAM - c:\program files\Tensons\Download Accelerator Manager\\addAllUrls.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Run DAM Media&Grabber - c:\program files\Tensons\Download Accelerator Manager\\runMg.htm
IE: ÊÍãíá ÇáÝíÏíæ ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IEGetAll.htm
IE: ÊÍãíá ÇáãÍÏÏÉ ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: ÊÍãíá ÈæÇÓØÉ Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\IEExt.htm
TCP: DhcpNameServer = 192.168.8.1 192.168.8.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
AddRemove-Internet Download Manager - c:\users\wafa\AppData\Local\Temp\Temp2_IDMan.zip\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):4d,ff,5f,d2,05,d3,75,13,e6,34,a5,08,e5,53,20,a7,d8,db,0d,8d,e3,
d3,bd,d1,51,76,64,10,28,c4,1d,d4,ca,43,3f,d2,ca,ad,20,f2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):31,4e,9e,17,24,df,9f,92,8c,c7,49,51,fb,fb,f7,9d,e9,7d,dd,71,2b,
64,e4,bc,78,d3,69,64,88,d5,ca,9c,da,ed,86,2c,a4,d2,8a,09,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{7f20df79-6309-454e-9ade-0b9bed775c4d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014a
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2559318703-2892093174-3465221388-1000_Classes\CLSID\{de46b4d2-8e71-4d7b-ac22-9f28d556abd3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bf
"Therad"=dword:00000024
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,fb,b7,f5,f8,f7,48,11,a9,0d,2f,01,6d,b3,c0,ae,b6,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-16 13:47:26
ComboFix-quarantined-files.txt 2015-07-16 11:47
ComboFix2.txt 2015-07-15 22:54
.
Pre-Run: 122,429,640,704 octets libres
Post-Run: 122,398,068,736 octets libres
.
- - End Of File - - 3F1E21DCEC92F8EFC877BC2BEB94EBAB
A36C5E4F47E84449FF07ED3517B43A31