Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-01-29.01 - OMAR 28/01/2017 21:52:50.1.2 - x86
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.212.1036.18.3326.2321 [GMT 0:00]
Running from: c:\users\OMAR\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.408.1 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: Pare-feu personnel d'ESET *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.408.1 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Fonts\NSimar.exe
c:\windows\system32\drivers\SkyNetNXPBDA.sys
c:\windows\TEMP\VPN_6244\9218E5A4.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkyNetNXPBDA
.
.
((((((((((((((((((((((((( Files Created from 2016-12-28 to 2017-01-28 )))))))))))))))))))))))))))))))
.
.
2017-01-28 15:43 . 2017-01-28 18:00 -------- d-----w- C:\FRST
2017-01-28 04:19 . 2017-01-28 04:19 -------- d-----w- c:\programdata\IDM
2017-01-27 21:51 . 2017-01-27 21:51 -------- d-----w- C:\zoek
2017-01-27 20:13 . 2017-01-27 20:45 -------- d-----w- C:\Pre_Scan
2017-01-27 07:27 . 2017-01-27 07:27 -------- d-----w- c:\users\OMAR\AppData\Local\IE Tab
2017-01-26 23:05 . 2017-01-26 23:09 -------- d-----w- C:\AdwCleaner
2017-01-26 22:28 . 2017-01-27 07:19 -------- d-----w- c:\users\OMAR\AppData\Roaming\ZHP
2017-01-26 19:11 . 2017-01-26 19:11 -------- d-----w- c:\program files\HDDGURU LLF Tool
2017-01-26 17:12 . 2017-01-26 17:12 -------- d-----w- c:\program files\SDA
2017-01-26 16:19 . 2017-01-26 16:20 -------- d-----w- c:\programdata\MobileBrServ
2017-01-26 06:29 . 2017-01-26 06:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7F8AB4-2C25-42A6-BAF5-06853D3C5D0E}\offreg.2768.dll
2017-01-24 16:39 . 2016-07-22 07:21 146048 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2017-01-24 16:39 . 2016-07-22 07:21 107648 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2017-01-21 11:06 . 2017-01-21 11:06 -------- d-----w- c:\program files\Microsoft Silverlight
2017-01-21 10:55 . 2017-01-21 10:55 -------- d-----w- c:\users\OMAR\AppData\Roaming\Moonchild Productions
2017-01-21 10:55 . 2017-01-21 10:55 -------- d-----w- c:\users\OMAR\AppData\Local\Moonchild Productions
2017-01-21 10:55 . 2017-01-21 10:55 -------- d-----w- c:\program files\Pale Moon
2017-01-21 09:54 . 2017-01-21 10:05 -------- d-----w- c:\users\OMAR\AppData\Local\IIIQF
2017-01-21 09:11 . 2017-01-21 09:11 -------- d-----w- c:\program files\PlayReady
2017-01-20 07:23 . 2017-01-20 07:36 -------- d--h--w- c:\program files\DrFoneAndroid_Temp
2017-01-20 07:07 . 2017-01-20 07:31 -------- d-----w- c:\programdata\Wondershare
2017-01-20 06:58 . 2017-01-20 06:58 -------- d-----w- c:\users\OMAR\AppData\Roaming\MyPhoneExplorer
2017-01-20 06:58 . 2017-01-20 06:58 -------- d-----w- c:\program files\MyPhoneExplorer
2017-01-04 09:17 . 2017-01-04 09:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7F8AB4-2C25-42A6-BAF5-06853D3C5D0E}\offreg.2440.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-26 19:42 . 2016-02-22 08:25 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-12 06:45 . 2016-03-12 17:23 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-01-12 06:45 . 2016-03-12 17:23 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-12-16 08:12 . 2016-12-16 08:12 11936 ----a-w- c:\windows\system32\drivers\inpout32.sys
2016-11-22 06:15 . 2016-11-22 06:15 122496 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-11-22 06:15 . 2016-10-09 16:42 52872 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-11-22 06:15 . 2015-12-08 15:25 206472 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-11-22 06:15 . 2015-11-27 13:03 71304 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-11-22 06:15 . 2015-11-27 13:03 162952 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-11-22 06:15 . 2015-11-27 13:03 156288 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-11-14 08:15 . 2016-11-14 08:15 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7F8AB4-2C25-42A6-BAF5-06853D3C5D0E}\offreg.2140.dll
2016-11-12 04:37 . 2016-11-12 04:37 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7F8AB4-2C25-42A6-BAF5-06853D3C5D0E}\offreg.2672.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-12-15 4001848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
backup=c:\windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Who Is On My Wifi.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Who Is On My Wifi.lnk
backup=c:\windows\pss\Who Is On My Wifi.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^OMAR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Games Arcade (BETA).lnk]
path=c:\users\OMAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk
backup=c:\windows\pss\Facebook Games Arcade (BETA).lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR.exe]
2016-06-02 12:09 1023664 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2016-06-02 12:01 318128 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2015-10-08 07:00 366904 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftEther VPN Client UI Helper]
2016-06-27 04:45 3957704 ----a-w- c:\program files\SoftEther VPN Client\vpnclient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2010-06-14 23:33 1314816 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-10-05 21:43 1977536 ----a-w- c:\users\OMAR\AppData\Roaming\uTorrent\uTorrent.exe
.
R1 Falcaudio;IDS FALCON/EAGLE AUDIO;c:\windows\system32\DRIVERS\falcaud.sys [2011-02-11 15232]
R2 Falcon_WDM;IDS FALCON DirectShow (WDM) Video Capture;c:\windows\system32\DRIVERS\FalconWDM.sys [2011-08-15 304128]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2016-07-22 107648]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-06 375808]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2016-07-22 146048]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2016-11-22 71304]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-11-22 206472]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2016-11-22 156288]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2016-11-22 52872]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2014-08-14 37408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2016-11-22 122496]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2016-11-22 2166040]
S2 FoxitReaderService;Foxit Reader Service;c:\program files\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [2016-06-21 1647808]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-10-17 147120]
S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2016-12-16 11936]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2014-02-15 239184]
S2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient.exe [2016-06-27 3957704]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-07-22 754784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2016-01-17 78848]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2016-08-15 83248]
S3 MTKSCVAD;Ralink Virtual Audio device;c:\windows\system32\drivers\mtkvad.sys [2012-07-16 37376]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0052.sys [2016-06-27 37920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-14 22:31 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-01-28 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-12 06:45]
.
2017-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-12 06:45]
.
.
------- Supplementary Scan -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-27_ssconn - c:\program files\Samsung\USB Drivers\27_ssconn\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Kerish Doctor\KerishDoctor.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\windows\system32\sppsvc.exe
c:\program files\ESET\ESET Smart Security\egui.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Completion time: 2017-01-28 22:03:03 - machine was rebooted
ComboFix-quarantined-files.txt 2017-01-28 22:03
.
Pre-Run: 59 074 691 072 octets libres
Post-Run: 58 830 299 136 octets libres
.
- - End Of File - - C5241B4E0DD0F76B8EA6A4B6425AFA7A
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.212.1036.18.3326.2321 [GMT 0:00]
Running from: c:\users\OMAR\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.408.1 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: Pare-feu personnel d'ESET *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.408.1 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Fonts\NSimar.exe
c:\windows\system32\drivers\SkyNetNXPBDA.sys
c:\windows\TEMP\VPN_6244\9218E5A4.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkyNetNXPBDA
.
.
((((((((((((((((((((((((( Files Created from 2016-12-28 to 2017-01-28 )))))))))))))))))))))))))))))))
.
.
2017-01-28 15:43 . 2017-01-28 18:00 -------- d-----w- C:\FRST
2017-01-28 04:19 . 2017-01-28 04:19 -------- d-----w- c:\programdata\IDM
2017-01-27 21:51 . 2017-01-27 21:51 -------- d-----w- C:\zoek
2017-01-27 20:13 . 2017-01-27 20:45 -------- d-----w- C:\Pre_Scan
2017-01-27 07:27 . 2017-01-27 07:27 -------- d-----w- c:\users\OMAR\AppData\Local\IE Tab
2017-01-26 23:05 . 2017-01-26 23:09 -------- d-----w- C:\AdwCleaner
2017-01-26 22:28 . 2017-01-27 07:19 -------- d-----w- c:\users\OMAR\AppData\Roaming\ZHP
2017-01-26 19:11 . 2017-01-26 19:11 -------- d-----w- c:\program files\HDDGURU LLF Tool
2017-01-26 17:12 . 2017-01-26 17:12 -------- d-----w- c:\program files\SDA
2017-01-26 16:19 . 2017-01-26 16:20 -------- d-----w- c:\programdata\MobileBrServ
2017-01-26 06:29 . 2017-01-26 06:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7F8AB4-2C25-42A6-BAF5-06853D3C5D0E}\offreg.2768.dll
2017-01-24 16:39 . 2016-07-22 07:21 146048 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2017-01-24 16:39 . 2016-07-22 07:21 107648 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2017-01-21 11:06 . 2017-01-21 11:06 -------- d-----w- c:\program files\Microsoft Silverlight
2017-01-21 10:55 . 2017-01-21 10:55 -------- d-----w- c:\users\OMAR\AppData\Roaming\Moonchild Productions
2017-01-21 10:55 . 2017-01-21 10:55 -------- d-----w- c:\users\OMAR\AppData\Local\Moonchild Productions
2017-01-21 10:55 . 2017-01-21 10:55 -------- d-----w- c:\program files\Pale Moon
2017-01-21 09:54 . 2017-01-21 10:05 -------- d-----w- c:\users\OMAR\AppData\Local\IIIQF
2017-01-21 09:11 . 2017-01-21 09:11 -------- d-----w- c:\program files\PlayReady
2017-01-20 07:23 . 2017-01-20 07:36 -------- d--h--w- c:\program files\DrFoneAndroid_Temp
2017-01-20 07:07 . 2017-01-20 07:31 -------- d-----w- c:\programdata\Wondershare
2017-01-20 06:58 . 2017-01-20 06:58 -------- d-----w- c:\users\OMAR\AppData\Roaming\MyPhoneExplorer
2017-01-20 06:58 . 2017-01-20 06:58 -------- d-----w- c:\program files\MyPhoneExplorer
2017-01-04 09:17 . 2017-01-04 09:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7F8AB4-2C25-42A6-BAF5-06853D3C5D0E}\offreg.2440.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-26 19:42 . 2016-02-22 08:25 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-12 06:45 . 2016-03-12 17:23 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-01-12 06:45 . 2016-03-12 17:23 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-12-16 08:12 . 2016-12-16 08:12 11936 ----a-w- c:\windows\system32\drivers\inpout32.sys
2016-11-22 06:15 . 2016-11-22 06:15 122496 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-11-22 06:15 . 2016-10-09 16:42 52872 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-11-22 06:15 . 2015-12-08 15:25 206472 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-11-22 06:15 . 2015-11-27 13:03 71304 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-11-22 06:15 . 2015-11-27 13:03 162952 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-11-22 06:15 . 2015-11-27 13:03 156288 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-11-14 08:15 . 2016-11-14 08:15 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7F8AB4-2C25-42A6-BAF5-06853D3C5D0E}\offreg.2140.dll
2016-11-12 04:37 . 2016-11-12 04:37 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A7F8AB4-2C25-42A6-BAF5-06853D3C5D0E}\offreg.2672.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-12-15 4001848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
backup=c:\windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Who Is On My Wifi.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Who Is On My Wifi.lnk
backup=c:\windows\pss\Who Is On My Wifi.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^OMAR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Games Arcade (BETA).lnk]
path=c:\users\OMAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk
backup=c:\windows\pss\Facebook Games Arcade (BETA).lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR.exe]
2016-06-02 12:09 1023664 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2016-06-02 12:01 318128 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2015-10-08 07:00 366904 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftEther VPN Client UI Helper]
2016-06-27 04:45 3957704 ----a-w- c:\program files\SoftEther VPN Client\vpnclient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2010-06-14 23:33 1314816 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-10-05 21:43 1977536 ----a-w- c:\users\OMAR\AppData\Roaming\uTorrent\uTorrent.exe
.
R1 Falcaudio;IDS FALCON/EAGLE AUDIO;c:\windows\system32\DRIVERS\falcaud.sys [2011-02-11 15232]
R2 Falcon_WDM;IDS FALCON DirectShow (WDM) Video Capture;c:\windows\system32\DRIVERS\FalconWDM.sys [2011-08-15 304128]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2016-07-22 107648]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-06 375808]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2016-07-22 146048]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2016-11-22 71304]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-11-22 206472]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2016-11-22 156288]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2016-11-22 52872]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2014-08-14 37408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2016-11-22 122496]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2016-11-22 2166040]
S2 FoxitReaderService;Foxit Reader Service;c:\program files\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [2016-06-21 1647808]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-10-17 147120]
S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2016-12-16 11936]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2014-02-15 239184]
S2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient.exe [2016-06-27 3957704]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-07-22 754784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2016-01-17 78848]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2016-08-15 83248]
S3 MTKSCVAD;Ralink Virtual Audio device;c:\windows\system32\drivers\mtkvad.sys [2012-07-16 37376]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0052.sys [2016-06-27 37920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-14 22:31 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-01-28 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-12 06:45]
.
2017-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-12 06:45]
.
.
------- Supplementary Scan -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-27_ssconn - c:\program files\Samsung\USB Drivers\27_ssconn\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Kerish Doctor\KerishDoctor.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\windows\system32\sppsvc.exe
c:\program files\ESET\ESET Smart Security\egui.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Completion time: 2017-01-28 22:03:03 - machine was rebooted
ComboFix-quarantined-files.txt 2017-01-28 22:03
.
Pre-Run: 59 074 691 072 octets libres
Post-Run: 58 830 299 136 octets libres
.
- - End Of File - - C5241B4E0DD0F76B8EA6A4B6425AFA7A
A36C5E4F47E84449FF07ED3517B43A31