ComboFix 15-07-20.01 - FaDi-YaSiNe 07/20/2015 20:26:43.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.213.1033.18.2940.2063 [GMT 1:00]
Running from: c:\users\FaDi-YaSiNe\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\FaDi-YaSiNe\ZHPDiag3.exe
c:\windows\system32\,
.
.
((((((((((((((((((((((((( Files Created from 2015-06-20 to 2015-07-20 )))))))))))))))))))))))))))))))
.
.
2015-07-20 19:33 . 2015-07-20 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-20 17:40 . 2015-07-20 17:40 52440 ----a-w- c:\windows\system32\drivers\ltfh.sys
2015-07-20 17:10 . 2015-07-20 17:10 -------- d-----w- c:\users\FaDi-YaSiNe\AppData\Roaming\Tencent
2015-07-20 17:09 . 2015-07-20 17:09 -------- d-----w- c:\program files\Tencent
2015-07-20 16:41 . 2015-07-20 16:56 -------- d-----w- C:\AdwCleaner
2015-07-19 11:29 . 2015-07-20 18:03 -------- d-----w- c:\users\FaDi-YaSiNe\AppData\Roaming\ZHP
2015-07-19 11:16 . 2015-07-20 18:54 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-19 11:16 . 2015-07-19 11:16 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-07-19 11:16 . 2015-07-19 11:16 -------- d-----w- c:\programdata\Malwarebytes
2015-07-19 11:16 . 2015-06-18 07:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-19 11:16 . 2015-06-18 07:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-19 11:16 . 2015-06-18 07:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-18 06:54 . 2015-07-14 10:44 26176 ---ha-w- c:\windows\system32\hamachi.sys
2015-07-18 06:54 . 2015-07-18 06:54 -------- d-----w- c:\program files\LogMeIn Hamachi
2015-07-07 15:21 . 2012-01-20 13:01 1355776 ----a-w- c:\windows\system32\MSVBVM50.DLL
2015-06-27 12:09 . 2015-07-20 19:22 -------- d-----w- c:\users\FaDi-YaSiNe\AppData\Local\LogMeIn Hamachi
2015-06-27 12:09 . 2015-06-27 12:09 -------- d-----w- c:\users\FaDi-YaSiNe\AppData\Local\LogMeIn
2015-06-27 12:09 . 2015-06-27 12:09 -------- d-----w- c:\programdata\LogMeIn
2015-06-22 17:12 . 2015-06-22 17:12 -------- d-----w- c:\users\FaDi-YaSiNe\AppData\Local\ElevatedDiagnostics
2015-06-21 18:09 . 2015-06-30 16:40 -------- d-----w- c:\program files\Counter-Strike 1.6
2015-06-21 10:18 . 2015-06-21 10:37 -------- d-----w- c:\users\FaDi-YaSiNe\AppData\Roaming\TeamViewer
2015-06-21 10:18 . 2015-06-25 09:30 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-17 16:33 . 2015-04-27 16:00 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-17 16:33 . 2015-04-27 16:00 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-29 17:03 . 2015-05-29 17:03 36520 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
2015-05-29 14:01 . 2015-05-29 14:03 737280 ----a-w- c:\windows\iun6002.exe
2015-05-21 00:22 . 2009-08-18 18:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2015-05-21 00:22 . 2009-08-18 18:24 23776 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-05-20 12:55 . 2015-05-20 13:57 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-06-30 53288576]
"uTorrent"="c:\users\FaDi-YaSiNe\AppData\Roaming\uTorrent\uTorrent.exe" [2015-05-07 1694560]
"eRclient"="c:\users\FaDi-YaSiNe\AppData\Roaming\eRclient\eRclient.exe" [2013-10-31 1269248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
"Athan"="c:\program files\Athan\Athan.exe" [2014-05-04 1216512]
"Connectify Hotspot"="c:\program files\Connectify\Connectify.exe" [2015-04-09 4159736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 151064]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-07-14 5579624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2015-06-18 54072]
.
c:\users\FaDi-YaSiNe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\FaDi-YaSiNe\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe /autostart [2015-6-1 1792664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-27 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-06-03 327296]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2000-01-01 716504]
R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2014-08-25 1350848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-01-30 51824]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys [2015-05-29 36520]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-01-30 193464]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-01-30 135808]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-01-30 37928]
S2 Connectify;Connectify;c:\program files\Connectify\ConnectifyService.exe [2015-04-09 217088]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2015-07-14 1878888]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-07-14 411920]
S2 SparkSvc;Baidu Spark Service;c:\program files\baidu\Spark33.8.9999.10081\sparkservice.exe [2015-05-07 86840]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-07-03 05:09 285368 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-27 16:33]
.
.
------- Supplementary Scan -------
.
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\users\FaDi-YaSiNe\AppData\Roaming\Mozilla\Firefox\Profiles\bi95hchq.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2609532684-4132931585-3515289822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*:*Ba%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2609532684-4132931585-3515289822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*:*Ba%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2609532684-4132931585-3515289822-1000_Classes\CLSID\{2a400219-0e1d-4f3f-b93e-4f3f2ad8a895}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ba
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-2609532684-4132931585-3515289822-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):03,33,69,b5,c6,55,69,a6,55,0a,5a,00,03,0f,9a,66,4f,f0,89,8f,4f,
60,41,05,62,c0,11,c8,f5,a7,38,c1,73,fb,2d,f8,65,0e,5f,5e,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-20 20:35:39
ComboFix-quarantined-files.txt 2015-07-20 19:35
.
Pre-Run: 64,099,864,576 bytes free
Post-Run: 64,801,927,168 bytes free
.
- - End Of File - - A3EED57003D32380F36CBAA17043008A
A36C5E4F47E84449FF07ED3517B43A31