Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-03-28.01 - ãäíÑ 03/28/2017 18:59:50.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.218.1025.18.1014.399 [GMT 2:00]
Running from: d:\?Ø?Û?æØ??\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2017-02-28 to 2017-03-28 )))))))))))))))))))))))))))))))
.
.
2017-03-28 17:08 . 2017-03-28 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-28 09:30 . 2017-03-22 11:05 10167496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9152865A-0FB4-4B83-BA44-E39B74CB11EA}\mpengine.dll
2017-03-27 19:57 . 2017-03-27 19:57 -------- d-----w- c:\program files\EaseUS
2017-03-27 16:12 . 2017-03-27 16:23 -------- d-----w- c:\program files\Cela.C.M_HW
2017-03-26 11:07 . 2017-02-18 14:05 1331200 ----a-w- c:\windows\system32\appraiser.dll
2017-03-26 11:07 . 2017-02-22 23:24 971776 ----a-w- c:\windows\system32\aeinv.dll
2017-03-26 11:07 . 2017-02-18 14:05 505344 ----a-w- c:\windows\system32\generaltel.dll
2017-03-26 11:07 . 2016-12-31 15:36 442368 ----a-w- c:\windows\system32\devinv.dll
2017-03-26 11:07 . 2016-12-31 15:36 183808 ----a-w- c:\windows\system32\aepic.dll
2017-03-26 11:07 . 2017-02-22 23:29 71400 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-03-26 11:07 . 2016-12-31 15:36 270848 ----a-w- c:\windows\system32\invagent.dll
2017-03-26 11:07 . 2016-12-31 15:36 212480 ----a-w- c:\windows\system32\centel.dll
2017-03-26 11:07 . 2016-12-31 15:36 104960 ----a-w- c:\windows\system32\acmigration.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-28 10:20 . 2017-01-09 18:06 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-13 21:45 . 2017-01-13 21:45 194048 ----a-w- c:\windows\system32\elshyph.dll
2017-01-13 21:45 . 2017-01-13 21:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2017-01-13 21:45 . 2017-01-13 21:45 645120 ----a-w- c:\windows\system32\jsIntl.dll
2017-01-13 21:45 . 2017-01-13 21:45 182272 ----a-w- c:\windows\system32\msls31.dll
2017-01-13 21:45 . 2017-01-13 21:45 62464 ----a-w- c:\windows\system32\tdc.ocx
2017-01-13 21:45 . 2017-01-13 21:45 24576 ----a-w- c:\windows\system32\licmgr10.dll
2017-01-13 21:45 . 2017-01-13 21:45 151552 ----a-w- c:\windows\system32\iexpress.exe
2017-01-13 21:45 . 2017-01-13 21:45 139264 ----a-w- c:\windows\system32\wextract.exe
2017-01-13 21:45 . 2017-01-13 21:45 36352 ----a-w- c:\windows\system32\imgutil.dll
2017-01-13 21:45 . 2017-01-13 21:45 13312 ----a-w- c:\windows\system32\mshta.exe
2017-01-13 21:45 . 2017-01-13 21:45 86016 ----a-w- c:\windows\system32\iesysprep.dll
2017-01-13 21:45 . 2017-01-13 21:45 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2017-01-13 21:45 . 2017-01-13 21:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2017-01-13 21:45 . 2017-01-13 21:45 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2017-01-13 21:44 . 2017-01-13 21:44 49152 ----a-w- c:\windows\system32\taskhost.exe
2017-01-13 21:43 . 2017-01-13 21:43 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2017-01-13 21:43 . 2017-01-13 21:43 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2017-01-13 21:43 . 2017-01-13 21:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2017-01-13 21:43 . 2017-01-13 21:43 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2017-01-13 21:43 . 2017-01-13 21:43 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2017-01-13 21:43 . 2017-01-13 21:43 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2017-01-13 21:43 . 2017-01-13 21:43 1080832 ----a-w- c:\windows\system32\d3d10.dll
2017-01-13 21:43 . 2017-01-13 21:43 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 293376 ----a-w- c:\windows\system32\dxgi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-09-16 6495144]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2015-09-16 6495144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-11-27 702768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2006-10-25 31128]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-03-04 103936]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-03-28 170200]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2014-11-27 113024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-11-27 37352]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2014-11-27 1044784]
S2 AntiVirMailService;Avira ÍãÇíÉ ÇáÈÑíÏ;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2014-11-27 807672]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-11-27 431920]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-11-27 993584]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2014-11-27 37384]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 MaxthonUpdateSvc;Maxthon Core Update Service;c:\program files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2015-05-11 1872152]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2014-11-27 92448]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2010-06-18 324096]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2010-06-18 51072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-03-13 10:08 1368920 ----a-w- c:\program files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 62.240.32.5 62.68.42.2
TCP: Interfaces\{B37A73C7-CDBB-4D48-A4B5-BBF82E321FF4}: NameServer = 8.8.8.8,8.8.4.4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-03-28 19:10:37
ComboFix-quarantined-files.txt 2017-03-28 17:10
.
Pre-Run: 107,177,664,512 bytes free
Post-Run: 106,958,532,608 bytes free
.
- - End Of File - - 6ED97EBB80372CE819A703262B45471D
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.218.1025.18.1014.399 [GMT 2:00]
Running from: d:\?Ø?Û?æØ??\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2017-02-28 to 2017-03-28 )))))))))))))))))))))))))))))))
.
.
2017-03-28 17:08 . 2017-03-28 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-28 09:30 . 2017-03-22 11:05 10167496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9152865A-0FB4-4B83-BA44-E39B74CB11EA}\mpengine.dll
2017-03-27 19:57 . 2017-03-27 19:57 -------- d-----w- c:\program files\EaseUS
2017-03-27 16:12 . 2017-03-27 16:23 -------- d-----w- c:\program files\Cela.C.M_HW
2017-03-26 11:07 . 2017-02-18 14:05 1331200 ----a-w- c:\windows\system32\appraiser.dll
2017-03-26 11:07 . 2017-02-22 23:24 971776 ----a-w- c:\windows\system32\aeinv.dll
2017-03-26 11:07 . 2017-02-18 14:05 505344 ----a-w- c:\windows\system32\generaltel.dll
2017-03-26 11:07 . 2016-12-31 15:36 442368 ----a-w- c:\windows\system32\devinv.dll
2017-03-26 11:07 . 2016-12-31 15:36 183808 ----a-w- c:\windows\system32\aepic.dll
2017-03-26 11:07 . 2017-02-22 23:29 71400 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-03-26 11:07 . 2016-12-31 15:36 270848 ----a-w- c:\windows\system32\invagent.dll
2017-03-26 11:07 . 2016-12-31 15:36 212480 ----a-w- c:\windows\system32\centel.dll
2017-03-26 11:07 . 2016-12-31 15:36 104960 ----a-w- c:\windows\system32\acmigration.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-28 10:20 . 2017-01-09 18:06 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-13 21:45 . 2017-01-13 21:45 194048 ----a-w- c:\windows\system32\elshyph.dll
2017-01-13 21:45 . 2017-01-13 21:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2017-01-13 21:45 . 2017-01-13 21:45 645120 ----a-w- c:\windows\system32\jsIntl.dll
2017-01-13 21:45 . 2017-01-13 21:45 182272 ----a-w- c:\windows\system32\msls31.dll
2017-01-13 21:45 . 2017-01-13 21:45 62464 ----a-w- c:\windows\system32\tdc.ocx
2017-01-13 21:45 . 2017-01-13 21:45 24576 ----a-w- c:\windows\system32\licmgr10.dll
2017-01-13 21:45 . 2017-01-13 21:45 151552 ----a-w- c:\windows\system32\iexpress.exe
2017-01-13 21:45 . 2017-01-13 21:45 139264 ----a-w- c:\windows\system32\wextract.exe
2017-01-13 21:45 . 2017-01-13 21:45 36352 ----a-w- c:\windows\system32\imgutil.dll
2017-01-13 21:45 . 2017-01-13 21:45 13312 ----a-w- c:\windows\system32\mshta.exe
2017-01-13 21:45 . 2017-01-13 21:45 86016 ----a-w- c:\windows\system32\iesysprep.dll
2017-01-13 21:45 . 2017-01-13 21:45 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2017-01-13 21:45 . 2017-01-13 21:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2017-01-13 21:45 . 2017-01-13 21:45 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2017-01-13 21:44 . 2017-01-13 21:44 49152 ----a-w- c:\windows\system32\taskhost.exe
2017-01-13 21:43 . 2017-01-13 21:43 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2017-01-13 21:43 . 2017-01-13 21:43 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2017-01-13 21:43 . 2017-01-13 21:43 220160 ----a-w- c:\windows\system32\d3d10core.dll
2017-01-13 21:43 . 2017-01-13 21:43 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2017-01-13 21:43 . 2017-01-13 21:43 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2017-01-13 21:43 . 2017-01-13 21:43 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2017-01-13 21:43 . 2017-01-13 21:43 1080832 ----a-w- c:\windows\system32\d3d10.dll
2017-01-13 21:43 . 2017-01-13 21:43 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-01-13 21:43 . 2017-01-13 21:43 293376 ----a-w- c:\windows\system32\dxgi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-09-16 6495144]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2015-09-16 6495144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-11-27 702768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2006-10-25 31128]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-03-04 103936]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-03-28 170200]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2014-11-27 113024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-11-27 37352]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2014-11-27 1044784]
S2 AntiVirMailService;Avira ÍãÇíÉ ÇáÈÑíÏ;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2014-11-27 807672]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-11-27 431920]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-11-27 993584]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2014-11-27 37384]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 MaxthonUpdateSvc;Maxthon Core Update Service;c:\program files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2015-05-11 1872152]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2014-11-27 92448]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2010-06-18 324096]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2010-06-18 51072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-03-13 10:08 1368920 ----a-w- c:\program files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 62.240.32.5 62.68.42.2
TCP: Interfaces\{B37A73C7-CDBB-4D48-A4B5-BBF82E321FF4}: NameServer = 8.8.8.8,8.8.4.4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-03-28 19:10:37
ComboFix-quarantined-files.txt 2017-03-28 17:10
.
Pre-Run: 107,177,664,512 bytes free
Post-Run: 106,958,532,608 bytes free
.
- - End Of File - - 6ED97EBB80372CE819A703262B45471D
A36C5E4F47E84449FF07ED3517B43A31