Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-09-22.01 - Fatima 24/09/2016 16:16:46.1.2 - x86
Microsoft Windows 7 Edition Intégrale 6.1.7601.1.1256.213.1036.18.1789.1171 [GMT 1:00]
Running from: c:\users\Fatima\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\ma-config.inf
c:\program files\ma-config.com\Drivers\ma-config_amd64.cat
c:\program files\ma-config.com\Drivers\ma-config_amd64.sys
c:\program files\ma-config.com\Drivers\ma-config_x86.cat
c:\program files\ma-config.com\Drivers\ma-config_x86.sys
c:\program files\ma-config.com\Langues\LangueMC.ar.resx
c:\program files\ma-config.com\Langues\LangueMC.de.resx
c:\program files\ma-config.com\Langues\LangueMC.en.resx
c:\program files\ma-config.com\Langues\LangueMC.es.resx
c:\program files\ma-config.com\Langues\LangueMC.fr.resx
c:\program files\ma-config.com\Langues\LangueMC.pt.resx
c:\program files\ma-config.com\Langues\LangueMC.ru.resx
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\MCDetection.exe
c:\program files\ma-config.com\MCNoyau.dll
c:\program files\ma-config.com\MCrypt.dll
c:\program files\ma-config.com\MCSettings.exe
c:\program files\ma-config.com\MCStubUser.exe
c:\program files\ma-config.com\sqlite3.dll
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\server.pem
c:\users\Fatima\ZHPCleaner.exe
d:\mes documents\~WRL0510.tmp
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-08-24 to 2016-09-24 )))))))))))))))))))))))))))))))
.
.
2016-09-24 15:23 . 2016-09-24 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-09-24 13:00 . 2016-09-24 13:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{547D5929-8287-4C2E-BEBF-7033421DE531}\offreg.2800.dll
2016-09-16 13:34 . 2016-09-16 13:34 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{547D5929-8287-4C2E-BEBF-7033421DE531}\offreg.5356.dll
2016-09-16 10:41 . 2016-09-16 10:41 -------- d-----w- C:\bureau
2016-09-16 09:22 . 2016-09-16 09:22 -------- d-----w- c:\program files\Common Files\AV
2016-09-15 17:45 . 2016-09-15 17:45 -------- d-----w- c:\windows\MBMTemp
2016-09-15 17:41 . 2016-09-24 15:24 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-15 17:40 . 2016-09-15 17:40 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-09-15 17:40 . 2016-09-15 17:40 -------- d-----w- c:\programdata\Malwarebytes
2016-09-15 17:40 . 2016-03-10 13:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-15 17:40 . 2016-03-10 13:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-15 17:40 . 2016-03-10 13:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-15 17:05 . 2016-09-15 17:05 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{547D5929-8287-4C2E-BEBF-7033421DE531}\offreg.392.dll
2016-09-09 15:30 . 2016-08-05 14:04 143472 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 1728512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-01 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-10-19 280576]
.
c:\users\Fatima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SystemSettings.exe.tmp [2016-9-15 19807]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeyluxeMessenger]
2014-10-01 11:12 10685440 ----a-w- c:\program files\Beyluxe Messenger\Beyluxe Messenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_68ECB98B646B0E76CB0F3855C04D2BD9]
2016-09-14 00:38 967496 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2016-08-17 22:39 29544576 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-07-25 324224]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-03-10 51824]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-03-10 193464]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-03-10 135808]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-03-10 37928]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-08-05 143472]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2014-08-20 242256]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2016-09-24 170200]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2014-04-30 94920]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1108480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-15 17:01 1267528 ----a-w- c:\program files\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-22 09:39]
.
2016-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-22 09:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Fatima\AppData\Roaming\Mozilla\Firefox\Profiles\hsxf600c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-VIAAUD - c:\program files\VIA\VIAudioi\VDeck\VIAAUD.exe
AddRemove-Viber - c:\users\Fatima\AppData\Local\Viber\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3288125265-811740213-3551937419-1000_Classes\CLSID\{1db41e22-17ee-42dc-bc44-387afa48a425}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000c1
"Therad"=dword:00000016
.
[HKEY_USERS\S-1-5-21-3288125265-811740213-3551937419-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b5,ee,06,1e,5c,db,09,8a,66,e0,47,47,34,98,08,dd,ad,aa,5a,0e,9f,
2b,10,b7,1e,f0,54,fc,a1,a5,ed,98,70,3c,56,4c,07,dd,97,10,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2016-09-24 16:27:54 - machine was rebooted
ComboFix-quarantined-files.txt 2016-09-24 15:27
.
Pre-Run: 66 572 996 608 octets libres
Post-Run: 66 482 663 424 octets libres
.
- - End Of File - - D94C76192AA7DF226791A481C7D55AB9
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Edition Intégrale 6.1.7601.1.1256.213.1036.18.1789.1171 [GMT 1:00]
Running from: c:\users\Fatima\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\ma-config.inf
c:\program files\ma-config.com\Drivers\ma-config_amd64.cat
c:\program files\ma-config.com\Drivers\ma-config_amd64.sys
c:\program files\ma-config.com\Drivers\ma-config_x86.cat
c:\program files\ma-config.com\Drivers\ma-config_x86.sys
c:\program files\ma-config.com\Langues\LangueMC.ar.resx
c:\program files\ma-config.com\Langues\LangueMC.de.resx
c:\program files\ma-config.com\Langues\LangueMC.en.resx
c:\program files\ma-config.com\Langues\LangueMC.es.resx
c:\program files\ma-config.com\Langues\LangueMC.fr.resx
c:\program files\ma-config.com\Langues\LangueMC.pt.resx
c:\program files\ma-config.com\Langues\LangueMC.ru.resx
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\MCDetection.exe
c:\program files\ma-config.com\MCNoyau.dll
c:\program files\ma-config.com\MCrypt.dll
c:\program files\ma-config.com\MCSettings.exe
c:\program files\ma-config.com\MCStubUser.exe
c:\program files\ma-config.com\sqlite3.dll
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\server.pem
c:\users\Fatima\ZHPCleaner.exe
d:\mes documents\~WRL0510.tmp
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-08-24 to 2016-09-24 )))))))))))))))))))))))))))))))
.
.
2016-09-24 15:23 . 2016-09-24 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-09-24 13:00 . 2016-09-24 13:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{547D5929-8287-4C2E-BEBF-7033421DE531}\offreg.2800.dll
2016-09-16 13:34 . 2016-09-16 13:34 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{547D5929-8287-4C2E-BEBF-7033421DE531}\offreg.5356.dll
2016-09-16 10:41 . 2016-09-16 10:41 -------- d-----w- C:\bureau
2016-09-16 09:22 . 2016-09-16 09:22 -------- d-----w- c:\program files\Common Files\AV
2016-09-15 17:45 . 2016-09-15 17:45 -------- d-----w- c:\windows\MBMTemp
2016-09-15 17:41 . 2016-09-24 15:24 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-15 17:40 . 2016-09-15 17:40 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-09-15 17:40 . 2016-09-15 17:40 -------- d-----w- c:\programdata\Malwarebytes
2016-09-15 17:40 . 2016-03-10 13:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-15 17:40 . 2016-03-10 13:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-15 17:40 . 2016-03-10 13:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-15 17:05 . 2016-09-15 17:05 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{547D5929-8287-4C2E-BEBF-7033421DE531}\offreg.392.dll
2016-09-09 15:30 . 2016-08-05 14:04 143472 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-06-01 6405912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 1728512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-01 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-10-19 280576]
.
c:\users\Fatima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SystemSettings.exe.tmp [2016-9-15 19807]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeyluxeMessenger]
2014-10-01 11:12 10685440 ----a-w- c:\program files\Beyluxe Messenger\Beyluxe Messenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_68ECB98B646B0E76CB0F3855C04D2BD9]
2016-09-14 00:38 967496 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2016-08-17 22:39 29544576 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-07-25 324224]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-03-10 51824]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-03-10 193464]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-03-10 135808]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-03-10 37928]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-08-05 143472]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2014-08-20 242256]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2016-09-24 170200]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2014-04-30 94920]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1108480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-09-15 17:01 1267528 ----a-w- c:\program files\Google\Chrome\Application\53.0.2785.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-22 09:39]
.
2016-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-22 09:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Fatima\AppData\Roaming\Mozilla\Firefox\Profiles\hsxf600c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-VIAAUD - c:\program files\VIA\VIAudioi\VDeck\VIAAUD.exe
AddRemove-Viber - c:\users\Fatima\AppData\Local\Viber\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3288125265-811740213-3551937419-1000_Classes\CLSID\{1db41e22-17ee-42dc-bc44-387afa48a425}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000c1
"Therad"=dword:00000016
.
[HKEY_USERS\S-1-5-21-3288125265-811740213-3551937419-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b5,ee,06,1e,5c,db,09,8a,66,e0,47,47,34,98,08,dd,ad,aa,5a,0e,9f,
2b,10,b7,1e,f0,54,fc,a1,a5,ed,98,70,3c,56,4c,07,dd,97,10,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2016-09-24 16:27:54 - machine was rebooted
ComboFix-quarantined-files.txt 2016-09-24 15:27
.
Pre-Run: 66 572 996 608 octets libres
Post-Run: 66 482 663 424 octets libres
.
- - End Of File - - D94C76192AA7DF226791A481C7D55AB9
A36C5E4F47E84449FF07ED3517B43A31