Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-03-21.01 - ibrahim 03/22/2017 16:01:59.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.213.1025.18.1984.1496 [GMT 1:00]
Running from: c:\users\ibrahim\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\windows7.arc
.
.
((((((((((((((((((((((((( Files Created from 2017-02-22 to 2017-03-22 )))))))))))))))))))))))))))))))
.
.
2017-03-22 15:09 . 2017-03-22 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-22 11:45 . 2017-03-22 11:45 -------- d-----w- c:\program files\CPUID
2017-03-21 17:22 . 2017-01-30 11:09 144416 ----a-w- c:\windows\system32\drivers\KeyCrypt32.sys
2017-03-21 17:22 . 2017-03-22 08:01 -------- d-----w- c:\program files\KeyCryptSDK
2017-03-21 17:22 . 2017-03-22 11:43 -------- d-----w- c:\program files\Zemana AntiLogger
2017-03-21 17:11 . 2017-03-21 17:11 -------- d-----w- c:\program files\FastStone Capture
2017-03-21 16:59 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2017-03-21 16:59 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2017-03-21 16:59 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2017-03-21 16:58 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2017-03-21 16:55 . 2012-07-17 13:54 1178920 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
2017-03-21 16:55 . 2012-07-17 13:51 441592 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2017-03-21 16:55 . 2012-07-17 13:50 857352 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
2017-03-21 16:55 . 2012-07-17 13:50 58136 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2017-03-21 16:55 . 2012-07-17 13:49 333056 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
2017-03-21 16:55 . 2012-07-17 13:49 238848 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
2017-03-21 16:55 . 2012-07-17 13:49 145648 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
2017-03-21 16:55 . 2017-03-21 16:56 -------- d-----w- c:\program files\Windows Live
2017-03-21 16:55 . 2017-03-21 16:55 -------- d-----w- c:\program files\Windows Movie Maker
2017-03-21 13:01 . 2017-03-21 13:01 -------- d-----w- c:\program files\MyPlayCity.com
2017-03-21 12:05 . 2017-03-21 12:05 -------- d-----w- c:\program files\Common Files\AV
2017-03-21 12:04 . 2017-03-21 17:09 465024 ----a-w- c:\windows\system32\drivers\aswsp.sys
2017-03-21 12:04 . 2017-03-21 12:05 278776 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2017-03-21 12:04 . 2017-03-21 12:03 118288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-03-21 12:04 . 2017-03-21 12:03 62152 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-03-21 12:04 . 2017-03-21 12:03 34136 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-03-21 12:04 . 2017-03-21 12:03 106392 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-03-21 12:04 . 2017-03-21 12:03 90336 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-03-21 12:04 . 2017-03-21 12:03 756200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-03-21 12:03 . 2017-03-21 12:03 921280 ----a-w- c:\windows\ucrtbase.dll
2017-03-21 12:03 . 2017-03-21 12:03 328208 ----a-w- c:\windows\system32\aswBoot.exe
2017-03-21 11:26 . 2017-03-21 11:26 -------- d-----w- c:\program files\AVAST Software
2017-03-21 11:18 . 2017-03-21 11:18 -------- d-----w- c:\programdata\AVAST Software
2017-03-20 09:20 . 2017-03-20 09:20 -------- d-----w- c:\programdata\AVS4YOU
2017-03-20 09:16 . 2017-03-20 09:19 -------- d-----w- c:\program files\AVS4YOU
2017-03-20 09:16 . 2011-06-23 11:26 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2017-03-20 09:16 . 2011-06-23 11:25 24576 ----a-w- c:\windows\system32\msxml3a.dll
2017-03-19 16:27 . 2017-03-19 16:27 -------- d-----w- c:\programdata\TuneUp Software
2017-03-19 16:26 . 2017-03-19 16:26 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2017-03-19 15:05 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2017-03-19 15:05 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2017-03-19 15:05 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2017-03-19 15:05 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2017-03-19 15:05 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2017-03-19 15:05 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2017-03-19 15:05 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2017-03-19 15:05 . 2014-05-14 08:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2017-03-19 15:05 . 2014-05-14 08:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2017-03-19 10:44 . 2017-02-22 11:48 9992952 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0ACD6C10-ED81-476C-8A84-449488E539A1}\mpengine.dll
2017-03-19 10:44 . 2016-10-26 16:29 407720 ------w- c:\windows\system32\MpSigStub.exe
2017-03-19 09:56 . 2017-03-19 09:58 -------- d-----w- c:\program files\The KMPlayer
2017-03-18 18:41 . 2017-03-21 17:06 -------- d-----w- c:\program files\Bonjour
2017-03-18 18:41 . 2017-03-18 18:41 -------- d-----w- c:\programdata\Apple
2017-03-18 18:40 . 2017-03-18 18:40 -------- d-----w- c:\program files\DearMob
2017-03-18 18:40 . 2017-03-18 18:40 -------- d-----w- c:\program files\Foxit Software
2017-03-18 18:38 . 2017-03-19 06:32 -------- d-----w- c:\program files\CCleaner
2017-03-18 11:52 . 2017-03-18 11:52 -------- d-----w- c:\programdata\Package Cache
2017-03-18 11:50 . 2017-03-18 11:56 -------- d-----w- c:\program files\Kodi
2017-03-18 09:38 . 2017-03-18 11:54 -------- d-----w- c:\program files\MKV Player
2017-03-18 08:05 . 2017-03-18 08:04 6656 ----a-w- c:\windows\system32\SiSApi.dll
2017-03-18 08:05 . 2017-03-18 08:05 -------- d-----w- c:\program files\SiS VGA Utilities
2017-03-18 08:04 . 2017-03-18 08:04 6656 ----a-w- c:\windows\system32\SiSCo.dll
2017-03-18 08:04 . 2017-03-18 08:04 655360 ----a-w- c:\windows\system32\SiSClone.dll
2017-03-18 08:04 . 2017-03-18 08:04 5632 ----a-w- c:\windows\system32\SiSKrl.dll
2017-03-18 08:04 . 2017-03-18 08:04 466432 ----a-w- c:\windows\system32\drivers\SISGRKMD.sys
2017-03-18 08:04 . 2017-03-18 08:04 4080128 ----a-w- c:\windows\system32\SiSGlv.dll
2017-03-18 08:04 . 2017-03-18 08:04 3653632 ----a-w- c:\windows\system32\SISGRUMD.dll
2017-03-18 08:04 . 2017-03-18 08:04 212992 ----a-w- c:\windows\system32\SiSFunc.dll
2017-03-18 07:46 . 2017-03-18 07:46 -------- d-----w- c:\program files\Combined Community Codec Pack
2017-03-18 07:01 . 2017-03-18 18:35 -------- d-----w- C:\KMPlayer
2017-03-18 06:55 . 2017-03-18 06:55 58400 ----a-w- c:\windows\system32\drivers\sisagpx.sys
2017-03-18 06:34 . 2017-03-18 06:34 -------- d-----w- c:\programdata\IDM
2017-03-18 06:34 . 2017-03-18 06:34 -------- d-----w- c:\program files\Internet Download Manager
2017-03-18 06:32 . 2017-03-18 06:32 -------- d-----w- c:\program files\Your Uninstaller 2010
2017-03-17 20:04 . 2017-03-18 18:39 -------- d-----w- c:\windows\Panther
2017-03-17 19:56 . 2017-03-17 19:56 -------- d-----w- C:\Windows.old
2017-03-17 19:35 . 2017-03-18 06:35 -------- d-----w- c:\program files\PdaNet for Android
2017-03-17 13:06 . 2017-03-17 13:06 -------- d-----w- c:\programdata\Ralink
2017-03-17 13:06 . 2011-09-08 04:51 237568 ----a-w- c:\windows\system32\ssleay32.dll
2017-03-17 13:06 . 2011-09-08 04:50 1100288 ----a-w- c:\windows\system32\libeay32.dll
2017-03-17 12:44 . 2017-03-17 12:44 -------- d-----w- c:\programdata\ProductData
2017-03-17 12:44 . 2017-03-17 12:44 -------- d-----w- c:\windows\IObit
2017-03-17 12:43 . 2017-03-17 12:43 -------- d-----w- c:\programdata\IObit
2017-03-17 12:43 . 2017-03-17 12:43 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2017-03-17 12:43 . 2017-03-17 12:43 -------- d-----w- c:\program files\IObit
2017-03-17 12:32 . 2012-06-09 17:21 178688 ----a-w- c:\windows\system32\unrar.dll
2017-03-17 12:32 . 2017-03-17 12:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2017-03-17 12:22 . 2017-03-21 12:22 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-03-17 12:22 . 2017-03-21 12:22 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-03-17 12:22 . 2017-03-21 12:21 -------- d-----w- c:\windows\system32\Macromed
2017-03-17 11:59 . 2017-03-17 12:11 -------- d-----w- c:\program files\Google
2017-03-17 11:25 . 2017-03-21 17:06 -------- d-sh--w- c:\windows\Installer
2017-03-17 11:23 . 2011-11-24 23:26 13440 ----a-w- c:\windows\system32\drivers\pneteth.sys
2017-03-17 11:16 . 2017-03-22 07:38 -------- d-----w- c:\users\ibrahim
2017-03-17 11:15 . 2017-03-17 11:15 -------- d-----w- C:\Recovery
2017-03-17 11:15 . 2017-03-17 11:15 -------- d-sh--we c:\users\Default\ÞÇÆãÉ ÇÈÏÃ
2017-03-17 11:15 . 2017-03-17 11:15 -------- d-sh--we c:\programdata\ÞÇÆãÉ ÇÈÏÃ
2017-03-17 11:15 . 2017-03-17 11:15 -------- d-sh--we c:\programdata\ÓØÍ ÇáãßÊÈ
2017-03-02 06:46 . 2017-03-05 08:55 32256 ---ha-w- C:\~WRL0092.tmp
2017-03-02 06:46 . 2017-03-04 14:42 31744 ---ha-w- C:\~WRL0003.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-21 12:03 1165096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2017-02-14 4005944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2017-03-18 557056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-03-21 205512]
.
c:\users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2017-3-18 1029944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2017-3-17 15661872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam32.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard32.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-03-21 118288]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files\Ralink\Common\RaMediaServer.exe [2012-07-06 1863680]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-03-21 34136]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt32.sys [2017-01-30 144416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-03-21 756200]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-03-21 465024]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2017-03-17 23840]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-03-21 106392]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-10-17 147120]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2013-09-06 1635632]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 13440]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2017-03-18 466432]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-03-17 12:11 1319256 ----a-w- c:\program files\Google\Chrome\Application\57.0.2987.110\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.8.1 192.168.8.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-QQPlayer - c:\program files\Tencent\QQPlayer\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-03-22 16:11:12
ComboFix-quarantined-files.txt 2017-03-22 15:11
.
Pre-Run: 57,410,002,944 bytes free
Post-Run: 57,250,471,936 bytes free
.
- - End Of File - - ED0480E67B544CC7B4FE58622230687A
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.213.1025.18.1984.1496 [GMT 1:00]
Running from: c:\users\ibrahim\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\windows7.arc
.
.
((((((((((((((((((((((((( Files Created from 2017-02-22 to 2017-03-22 )))))))))))))))))))))))))))))))
.
.
2017-03-22 15:09 . 2017-03-22 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-22 11:45 . 2017-03-22 11:45 -------- d-----w- c:\program files\CPUID
2017-03-21 17:22 . 2017-01-30 11:09 144416 ----a-w- c:\windows\system32\drivers\KeyCrypt32.sys
2017-03-21 17:22 . 2017-03-22 08:01 -------- d-----w- c:\program files\KeyCryptSDK
2017-03-21 17:22 . 2017-03-22 11:43 -------- d-----w- c:\program files\Zemana AntiLogger
2017-03-21 17:11 . 2017-03-21 17:11 -------- d-----w- c:\program files\FastStone Capture
2017-03-21 16:59 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2017-03-21 16:59 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2017-03-21 16:59 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2017-03-21 16:58 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2017-03-21 16:55 . 2012-07-17 13:54 1178920 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
2017-03-21 16:55 . 2012-07-17 13:51 441592 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2017-03-21 16:55 . 2012-07-17 13:50 857352 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
2017-03-21 16:55 . 2012-07-17 13:50 58136 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2017-03-21 16:55 . 2012-07-17 13:49 333056 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
2017-03-21 16:55 . 2012-07-17 13:49 238848 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
2017-03-21 16:55 . 2012-07-17 13:49 145648 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
2017-03-21 16:55 . 2017-03-21 16:56 -------- d-----w- c:\program files\Windows Live
2017-03-21 16:55 . 2017-03-21 16:55 -------- d-----w- c:\program files\Windows Movie Maker
2017-03-21 13:01 . 2017-03-21 13:01 -------- d-----w- c:\program files\MyPlayCity.com
2017-03-21 12:05 . 2017-03-21 12:05 -------- d-----w- c:\program files\Common Files\AV
2017-03-21 12:04 . 2017-03-21 17:09 465024 ----a-w- c:\windows\system32\drivers\aswsp.sys
2017-03-21 12:04 . 2017-03-21 12:05 278776 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2017-03-21 12:04 . 2017-03-21 12:03 118288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-03-21 12:04 . 2017-03-21 12:03 62152 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-03-21 12:04 . 2017-03-21 12:03 34136 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-03-21 12:04 . 2017-03-21 12:03 106392 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-03-21 12:04 . 2017-03-21 12:03 90336 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-03-21 12:04 . 2017-03-21 12:03 756200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-03-21 12:03 . 2017-03-21 12:03 921280 ----a-w- c:\windows\ucrtbase.dll
2017-03-21 12:03 . 2017-03-21 12:03 328208 ----a-w- c:\windows\system32\aswBoot.exe
2017-03-21 11:26 . 2017-03-21 11:26 -------- d-----w- c:\program files\AVAST Software
2017-03-21 11:18 . 2017-03-21 11:18 -------- d-----w- c:\programdata\AVAST Software
2017-03-20 09:20 . 2017-03-20 09:20 -------- d-----w- c:\programdata\AVS4YOU
2017-03-20 09:16 . 2017-03-20 09:19 -------- d-----w- c:\program files\AVS4YOU
2017-03-20 09:16 . 2011-06-23 11:26 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2017-03-20 09:16 . 2011-06-23 11:25 24576 ----a-w- c:\windows\system32\msxml3a.dll
2017-03-19 16:27 . 2017-03-19 16:27 -------- d-----w- c:\programdata\TuneUp Software
2017-03-19 16:26 . 2017-03-19 16:26 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2017-03-19 15:05 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2017-03-19 15:05 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2017-03-19 15:05 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2017-03-19 15:05 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2017-03-19 15:05 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2017-03-19 15:05 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2017-03-19 15:05 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2017-03-19 15:05 . 2014-05-14 08:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2017-03-19 15:05 . 2014-05-14 08:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2017-03-19 10:44 . 2017-02-22 11:48 9992952 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0ACD6C10-ED81-476C-8A84-449488E539A1}\mpengine.dll
2017-03-19 10:44 . 2016-10-26 16:29 407720 ------w- c:\windows\system32\MpSigStub.exe
2017-03-19 09:56 . 2017-03-19 09:58 -------- d-----w- c:\program files\The KMPlayer
2017-03-18 18:41 . 2017-03-21 17:06 -------- d-----w- c:\program files\Bonjour
2017-03-18 18:41 . 2017-03-18 18:41 -------- d-----w- c:\programdata\Apple
2017-03-18 18:40 . 2017-03-18 18:40 -------- d-----w- c:\program files\DearMob
2017-03-18 18:40 . 2017-03-18 18:40 -------- d-----w- c:\program files\Foxit Software
2017-03-18 18:38 . 2017-03-19 06:32 -------- d-----w- c:\program files\CCleaner
2017-03-18 11:52 . 2017-03-18 11:52 -------- d-----w- c:\programdata\Package Cache
2017-03-18 11:50 . 2017-03-18 11:56 -------- d-----w- c:\program files\Kodi
2017-03-18 09:38 . 2017-03-18 11:54 -------- d-----w- c:\program files\MKV Player
2017-03-18 08:05 . 2017-03-18 08:04 6656 ----a-w- c:\windows\system32\SiSApi.dll
2017-03-18 08:05 . 2017-03-18 08:05 -------- d-----w- c:\program files\SiS VGA Utilities
2017-03-18 08:04 . 2017-03-18 08:04 6656 ----a-w- c:\windows\system32\SiSCo.dll
2017-03-18 08:04 . 2017-03-18 08:04 655360 ----a-w- c:\windows\system32\SiSClone.dll
2017-03-18 08:04 . 2017-03-18 08:04 5632 ----a-w- c:\windows\system32\SiSKrl.dll
2017-03-18 08:04 . 2017-03-18 08:04 466432 ----a-w- c:\windows\system32\drivers\SISGRKMD.sys
2017-03-18 08:04 . 2017-03-18 08:04 4080128 ----a-w- c:\windows\system32\SiSGlv.dll
2017-03-18 08:04 . 2017-03-18 08:04 3653632 ----a-w- c:\windows\system32\SISGRUMD.dll
2017-03-18 08:04 . 2017-03-18 08:04 212992 ----a-w- c:\windows\system32\SiSFunc.dll
2017-03-18 07:46 . 2017-03-18 07:46 -------- d-----w- c:\program files\Combined Community Codec Pack
2017-03-18 07:01 . 2017-03-18 18:35 -------- d-----w- C:\KMPlayer
2017-03-18 06:55 . 2017-03-18 06:55 58400 ----a-w- c:\windows\system32\drivers\sisagpx.sys
2017-03-18 06:34 . 2017-03-18 06:34 -------- d-----w- c:\programdata\IDM
2017-03-18 06:34 . 2017-03-18 06:34 -------- d-----w- c:\program files\Internet Download Manager
2017-03-18 06:32 . 2017-03-18 06:32 -------- d-----w- c:\program files\Your Uninstaller 2010
2017-03-17 20:04 . 2017-03-18 18:39 -------- d-----w- c:\windows\Panther
2017-03-17 19:56 . 2017-03-17 19:56 -------- d-----w- C:\Windows.old
2017-03-17 19:35 . 2017-03-18 06:35 -------- d-----w- c:\program files\PdaNet for Android
2017-03-17 13:06 . 2017-03-17 13:06 -------- d-----w- c:\programdata\Ralink
2017-03-17 13:06 . 2011-09-08 04:51 237568 ----a-w- c:\windows\system32\ssleay32.dll
2017-03-17 13:06 . 2011-09-08 04:50 1100288 ----a-w- c:\windows\system32\libeay32.dll
2017-03-17 12:44 . 2017-03-17 12:44 -------- d-----w- c:\programdata\ProductData
2017-03-17 12:44 . 2017-03-17 12:44 -------- d-----w- c:\windows\IObit
2017-03-17 12:43 . 2017-03-17 12:43 -------- d-----w- c:\programdata\IObit
2017-03-17 12:43 . 2017-03-17 12:43 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2017-03-17 12:43 . 2017-03-17 12:43 -------- d-----w- c:\program files\IObit
2017-03-17 12:32 . 2012-06-09 17:21 178688 ----a-w- c:\windows\system32\unrar.dll
2017-03-17 12:32 . 2017-03-17 12:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2017-03-17 12:22 . 2017-03-21 12:22 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-03-17 12:22 . 2017-03-21 12:22 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-03-17 12:22 . 2017-03-21 12:21 -------- d-----w- c:\windows\system32\Macromed
2017-03-17 11:59 . 2017-03-17 12:11 -------- d-----w- c:\program files\Google
2017-03-17 11:25 . 2017-03-21 17:06 -------- d-sh--w- c:\windows\Installer
2017-03-17 11:23 . 2011-11-24 23:26 13440 ----a-w- c:\windows\system32\drivers\pneteth.sys
2017-03-17 11:16 . 2017-03-22 07:38 -------- d-----w- c:\users\ibrahim
2017-03-17 11:15 . 2017-03-17 11:15 -------- d-----w- C:\Recovery
2017-03-17 11:15 . 2017-03-17 11:15 -------- d-sh--we c:\users\Default\ÞÇÆãÉ ÇÈÏÃ
2017-03-17 11:15 . 2017-03-17 11:15 -------- d-sh--we c:\programdata\ÞÇÆãÉ ÇÈÏÃ
2017-03-17 11:15 . 2017-03-17 11:15 -------- d-sh--we c:\programdata\ÓØÍ ÇáãßÊÈ
2017-03-02 06:46 . 2017-03-05 08:55 32256 ---ha-w- C:\~WRL0092.tmp
2017-03-02 06:46 . 2017-03-04 14:42 31744 ---ha-w- C:\~WRL0003.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-03-21 12:03 1165096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2017-02-14 4005944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2017-03-18 557056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-03-21 205512]
.
c:\users\ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2017-3-18 1029944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2017-3-17 15661872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam32.sys [x]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard32.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-03-21 118288]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files\Ralink\Common\RaMediaServer.exe [2012-07-06 1863680]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-03-21 34136]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt32.sys [2017-01-30 144416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-03-21 756200]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-03-21 465024]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2017-03-17 23840]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-03-21 106392]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-10-17 147120]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2013-09-06 1635632]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 13440]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2017-03-18 466432]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-03-17 12:11 1319256 ----a-w- c:\program files\Google\Chrome\Application\57.0.2987.110\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.8.1 192.168.8.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-QQPlayer - c:\program files\Tencent\QQPlayer\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-03-22 16:11:12
ComboFix-quarantined-files.txt 2017-03-22 15:11
.
Pre-Run: 57,410,002,944 bytes free
Post-Run: 57,250,471,936 bytes free
.
- - End Of File - - ED0480E67B544CC7B4FE58622230687A
A36C5E4F47E84449FF07ED3517B43A31