Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-04-29.01 - pc 05/08/2016 2:36.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1256.212.1036.18.1526.705 [GMT 1:00]
Running from: c:\users\pc\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\pc\AppData\LocaltEGmA_FKCO.jpg
c:\users\pc\AppData\Roaming\Bifrost
c:\users\pc\AppData\Roaming\Bifrost\logg.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-04-08 to 2016-05-08 )))))))))))))))))))))))))))))))
.
.
2016-05-07 16:59 . 2016-05-07 16:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E6CF146-44B2-44A8-90ED-5E415BC73AB5}\offreg.2312.dll
2016-05-07 16:53 . 2016-05-07 16:54 -------- d-----w- c:\users\pc\AppData\Roaming\ZHP
2016-05-07 16:06 . 2016-05-07 16:35 -------- d-----w- c:\users\pc\AppData\Roaming\Skype
2016-05-07 16:05 . 2016-05-07 16:38 -------- d-----r- c:\program files\Skype
2016-05-07 16:05 . 2016-05-07 16:36 -------- d-----w- c:\programdata\Skype
2016-05-07 13:41 . 2016-05-07 20:20 -------- d-----w- c:\users\pc\AppData\Roaming\VoipConnect
2016-05-07 13:41 . 2016-05-07 13:41 -------- d-----w- c:\program files\VoipConnect.com
2016-05-07 12:41 . 2016-05-07 12:41 -------- d-----w- c:\programdata\FastStone
2016-05-07 12:40 . 2016-05-07 12:40 -------- d-----w- c:\users\pc\AppData\Roaming\FastStone
2016-05-07 12:40 . 2016-05-07 12:40 -------- d-----w- c:\users\pc\AppData\Local\FastStone
2016-05-07 12:40 . 2016-05-07 12:40 -------- d-----w- c:\program files\FastStone Capture
2016-05-06 17:07 . 2016-05-03 03:32 49096 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2016-05-06 17:07 . 2016-05-03 03:32 191432 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2016-05-06 17:07 . 2016-05-03 05:59 907232 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2016-05-06 17:07 . 2016-05-03 03:31 169416 ----a-w- c:\program files\Mozilla Firefox\mozavutil.dll
2016-05-06 17:07 . 2016-05-03 03:31 1545160 ----a-w- c:\program files\Mozilla Firefox\mozavcodec.dll
2016-04-17 19:03 . 2016-04-17 19:04 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E6CF146-44B2-44A8-90ED-5E415BC73AB5}\offreg.3440.dll
2016-04-17 18:13 . 2016-04-17 18:13 -------- d-----w- c:\program files\Microsoft Synchronization Services
2016-04-17 18:12 . 2016-04-17 18:12 -------- d-----w- c:\windows\PCHEALTH
2016-04-17 18:12 . 2016-04-17 18:12 -------- d-----w- c:\program files\Microsoft Sync Framework
2016-04-17 18:12 . 2016-04-17 18:12 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2016-04-17 18:10 . 2016-04-17 18:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2016-04-17 18:08 . 2016-04-17 18:08 -------- d-----w- c:\program files\Microsoft Analysis Services
2016-04-17 18:04 . 2016-04-17 18:04 -------- d-----r- C:\MSOCache
2016-04-16 23:48 . 2016-04-16 23:48 -------- d-----w- c:\users\pc\AppData\Roaming\vlc
2016-04-16 23:46 . 2016-04-16 23:46 -------- d-----w- c:\program files\VideoLAN
2016-04-16 23:39 . 2016-05-08 01:50 -------- d-----w- c:\users\pc\AppData\Roaming\DMCache
2016-04-16 23:39 . 2016-05-08 01:30 -------- d-----w- c:\users\pc\AppData\Roaming\IDM
2016-04-16 23:39 . 2016-04-16 23:39 -------- d-----w- c:\programdata\IDM
2016-04-16 23:39 . 2016-04-16 23:41 -------- d-----w- c:\program files\Internet Download Manager
2016-04-16 23:39 . 2016-04-16 23:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E6CF146-44B2-44A8-90ED-5E415BC73AB5}\offreg.2984.dll
2016-04-16 21:33 . 2016-04-16 21:34 -------- d-----w- c:\program files\CCleaner
2016-04-16 19:40 . 2016-04-16 19:40 -------- d-----w- c:\program files\Common Files\AV
2016-04-16 19:38 . 2016-04-16 19:38 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 12:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2012-08-10 09:27 1353216 ----a-w- c:\progra~1\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2012-08-10 09:27 1353216 ----a-w- c:\progra~1\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2012-08-10 09:27 1353216 ----a-w- c:\progra~1\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt4]
@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"
[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]
2012-08-10 09:27 1353216 ----a-w- c:\progra~1\4Sync\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-03-11 3919928]
"VoipConnect"="c:\program files\VoipConnect.com\VoipConnect\VoipConnect.exe" [2016-02-17 36547168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-04-05 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-03-11 20:29 6667992 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2016-03-11 16:04 3919928 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 204800]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-23 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-01-28 134248]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;Pilote Miniport NDIS6.2 pour contrôleur Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Supplementary Scan -------
.
uStart Page = www.wana.ma
IE: ?&???? ??? Microsoft Excel
IE: ??&??? ??? OneNote
IE: ÅÑ&ÓÇá Åáì OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7A7415E-CCB3-4864-8191-53C91AFF8A5B}: NameServer = 8.8.8.8 154.15.199.142
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fnlv6b7i.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-*LABAL* - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2827374991-3348961224-2700505733-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2496)
c:\progra~1\4Sync\ShellExt.dll
c:\progra~1\4Sync\ShellCp.dll
c:\progra~1\4Sync\SHELLM~1.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2016-05-08 02:56:22 - machine was rebooted
ComboFix-quarantined-files.txt 2016-05-08 01:56
.
Pre-Run: 39,853,142,016 octets libres
Post-Run: 39,651,667,968 octets libres
.
- - End Of File - - BCA83EA68FF5C5DD4DF588C22443D6EC
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professionnel 6.1.7601.1.1256.212.1036.18.1526.705 [GMT 1:00]
Running from: c:\users\pc\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\pc\AppData\LocaltEGmA_FKCO.jpg
c:\users\pc\AppData\Roaming\Bifrost
c:\users\pc\AppData\Roaming\Bifrost\logg.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DCService.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-04-08 to 2016-05-08 )))))))))))))))))))))))))))))))
.
.
2016-05-07 16:59 . 2016-05-07 16:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E6CF146-44B2-44A8-90ED-5E415BC73AB5}\offreg.2312.dll
2016-05-07 16:53 . 2016-05-07 16:54 -------- d-----w- c:\users\pc\AppData\Roaming\ZHP
2016-05-07 16:06 . 2016-05-07 16:35 -------- d-----w- c:\users\pc\AppData\Roaming\Skype
2016-05-07 16:05 . 2016-05-07 16:38 -------- d-----r- c:\program files\Skype
2016-05-07 16:05 . 2016-05-07 16:36 -------- d-----w- c:\programdata\Skype
2016-05-07 13:41 . 2016-05-07 20:20 -------- d-----w- c:\users\pc\AppData\Roaming\VoipConnect
2016-05-07 13:41 . 2016-05-07 13:41 -------- d-----w- c:\program files\VoipConnect.com
2016-05-07 12:41 . 2016-05-07 12:41 -------- d-----w- c:\programdata\FastStone
2016-05-07 12:40 . 2016-05-07 12:40 -------- d-----w- c:\users\pc\AppData\Roaming\FastStone
2016-05-07 12:40 . 2016-05-07 12:40 -------- d-----w- c:\users\pc\AppData\Local\FastStone
2016-05-07 12:40 . 2016-05-07 12:40 -------- d-----w- c:\program files\FastStone Capture
2016-05-06 17:07 . 2016-05-03 03:32 49096 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2016-05-06 17:07 . 2016-05-03 03:32 191432 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2016-05-06 17:07 . 2016-05-03 05:59 907232 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2016-05-06 17:07 . 2016-05-03 03:31 169416 ----a-w- c:\program files\Mozilla Firefox\mozavutil.dll
2016-05-06 17:07 . 2016-05-03 03:31 1545160 ----a-w- c:\program files\Mozilla Firefox\mozavcodec.dll
2016-04-17 19:03 . 2016-04-17 19:04 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E6CF146-44B2-44A8-90ED-5E415BC73AB5}\offreg.3440.dll
2016-04-17 18:13 . 2016-04-17 18:13 -------- d-----w- c:\program files\Microsoft Synchronization Services
2016-04-17 18:12 . 2016-04-17 18:12 -------- d-----w- c:\windows\PCHEALTH
2016-04-17 18:12 . 2016-04-17 18:12 -------- d-----w- c:\program files\Microsoft Sync Framework
2016-04-17 18:12 . 2016-04-17 18:12 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2016-04-17 18:10 . 2016-04-17 18:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2016-04-17 18:08 . 2016-04-17 18:08 -------- d-----w- c:\program files\Microsoft Analysis Services
2016-04-17 18:04 . 2016-04-17 18:04 -------- d-----r- C:\MSOCache
2016-04-16 23:48 . 2016-04-16 23:48 -------- d-----w- c:\users\pc\AppData\Roaming\vlc
2016-04-16 23:46 . 2016-04-16 23:46 -------- d-----w- c:\program files\VideoLAN
2016-04-16 23:39 . 2016-05-08 01:50 -------- d-----w- c:\users\pc\AppData\Roaming\DMCache
2016-04-16 23:39 . 2016-05-08 01:30 -------- d-----w- c:\users\pc\AppData\Roaming\IDM
2016-04-16 23:39 . 2016-04-16 23:39 -------- d-----w- c:\programdata\IDM
2016-04-16 23:39 . 2016-04-16 23:41 -------- d-----w- c:\program files\Internet Download Manager
2016-04-16 23:39 . 2016-04-16 23:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E6CF146-44B2-44A8-90ED-5E415BC73AB5}\offreg.2984.dll
2016-04-16 21:33 . 2016-04-16 21:34 -------- d-----w- c:\program files\CCleaner
2016-04-16 19:40 . 2016-04-16 19:40 -------- d-----w- c:\program files\Common Files\AV
2016-04-16 19:38 . 2016-04-16 19:38 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 12:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2012-08-10 09:27 1353216 ----a-w- c:\progra~1\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2012-08-10 09:27 1353216 ----a-w- c:\progra~1\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2012-08-10 09:27 1353216 ----a-w- c:\progra~1\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShellExt4]
@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"
[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]
2012-08-10 09:27 1353216 ----a-w- c:\progra~1\4Sync\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-03-11 3919928]
"VoipConnect"="c:\program files\VoipConnect.com\VoipConnect\VoipConnect.exe" [2016-02-17 36547168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-04-05 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-03-11 20:29 6667992 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2016-03-11 16:04 3919928 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 204800]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-23 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-01-28 134248]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 yukonw7;Pilote Miniport NDIS6.2 pour contrôleur Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Supplementary Scan -------
.
uStart Page = www.wana.ma
IE: ?&???? ??? Microsoft Excel
IE: ??&??? ??? OneNote
IE: ÅÑ&ÓÇá Åáì OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F7A7415E-CCB3-4864-8191-53C91AFF8A5B}: NameServer = 8.8.8.8 154.15.199.142
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fnlv6b7i.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-*LABAL* - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2827374991-3348961224-2700505733-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2496)
c:\progra~1\4Sync\ShellExt.dll
c:\progra~1\4Sync\ShellCp.dll
c:\progra~1\4Sync\SHELLM~1.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2016-05-08 02:56:22 - machine was rebooted
ComboFix-quarantined-files.txt 2016-05-08 01:56
.
Pre-Run: 39,853,142,016 octets libres
Post-Run: 39,651,667,968 octets libres
.
- - End Of File - - BCA83EA68FF5C5DD4DF588C22443D6EC
A36C5E4F47E84449FF07ED3517B43A31