ComboFix 17-04-16.01 - tarek 04/26/2017 22:26:03.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.966.1025.18.2037.1134 [GMT 3:00]
Running from: c:\users\tarek\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2017-03-26 to 2017-04-26 )))))))))))))))))))))))))))))))
.
.
2017-04-26 19:34 . 2017-04-26 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-04-25 08:50 . 2017-04-25 08:50 -------- d-----w- c:\programdata\{C57FE420-6939-4E16-A1BD-CAA50C9F1884}
2017-04-25 08:09 . 2017-04-25 10:13 -------- d-----w- C:\AdwCleaner
2017-04-24 08:25 . 2017-04-24 08:25 -------- d-----w- c:\program files\ESET
2017-04-23 08:23 . 2017-04-25 18:13 -------- d-----w- c:\users\tarek\AppData\Roaming\ZHP
2017-04-23 08:23 . 2017-04-23 08:26 -------- d-----w- c:\users\tarek\AppData\Local\ZHP
2017-04-22 08:24 . 2015-01-29 15:21 50320 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2017-04-22 08:24 . 2015-09-14 10:03 38520 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2017-04-22 08:23 . 2017-04-22 08:23 -------- d-----w- c:\program files\Panda Security
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-04-24 18:43 . 2015-12-21 06:51 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-04-11 14:17 . 2014-05-13 08:50 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-04-11 14:17 . 2014-05-13 08:50 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-04-11 14:17 . 2017-03-14 11:17 6230616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2017-03-02 10:26 . 2014-06-28 07:48 27040 ---ha-w- c:\windows\system32\hamachi.sys
2017-02-12 16:34 . 2017-02-12 16:34 99328 ----a-r- c:\users\tarek\AppData\Roaming\Microsoft\Installer\{33036E23-E7CE-4860-AFA3-1B0D92C98989}\Icon33036E236.exe
2017-02-12 16:34 . 2017-02-12 16:34 45568 ----a-r- c:\users\tarek\AppData\Roaming\Microsoft\Installer\{33036E23-E7CE-4860-AFA3-1B0D92C98989}\Icon33036E233.exe
2017-02-12 16:34 . 2017-02-12 16:34 19456 ----a-r- c:\users\tarek\AppData\Roaming\Microsoft\Installer\{33036E23-E7CE-4860-AFA3-1B0D92C98989}\Icon33036E234.exe
2015-03-26 11:48 . 2015-03-26 11:48 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 13:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-08-19 6490904]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"AirDroid 3"="c:\program files\AirDroid\AirDroid.exe" [2017-01-25 8652408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2016-01-14 14696704]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2017-03-02 5883912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
R2 ADSafeSvc;ADSafeSvc;c:\program files\ADSafe\ADSafeSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2012-11-08 110920]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-11-08 333128]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2012-03-08 75816]
R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2012-02-22 130152]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2012-02-22 150568]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2012-02-22 435240]
R3 cpuz134;cpuz134;c:\users\tarek\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2016-01-08 99296]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DMRedirect;DMRedirect;c:\windows\system32\drivers\DMRedirect.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2012-07-24 65152]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys [2012-07-24 32512]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2012-07-24 88832]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-21 46192]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-07-28 134248]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-12-21 359560]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-12-21 792712]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-10-25 73984]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-10-25 165120]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2015-01-29 50320]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-09-15 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2014-02-27 215768]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys [2015-10-13 542512]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2016-04-01 770304]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2016-01-08 191200]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-09-15 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-09-15 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-09-15 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;ÎÏãÉ Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-15 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WsDrvInst;Wondershare Driver Install Service;c:\program files\Wondershare\MobileGo\DriverInstall.exe [x]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2013-09-04 51784]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2013-09-04 41544]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2013-09-04 15944]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-09-04 186952]
S2 CG6Service;CyberGhost 6 Service;c:\program files\CyberGhost\CyberGhost.Service.exe [2016-08-18 71728]
S2 chromoting;þÎÏãÉ ÓØÍ ÇáãßÊÈ ÇáÈÚíÏ ãä Chrome;c:\program files\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [2017-02-07 72024]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2013-12-02 36936]
S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2013-09-04 23624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2017-03-02 2282504]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-05-31 8192]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2017-02-27 405424]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 Phenixbackup;Phenixbackup;c:\program files\Sitech\Phenix\Phenixhotbackup.exe [2016-07-10 2583040]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2016-01-14 268032]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-01-08 754784]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S2 WsAppService;Wondershare Application Framework Service;c:\program files\Wondershare\WAF\2.3.1.1\WsAppService.exe [2016-10-10 437392]
S3 int0800;Intel 28F320C3 Flash Update Device Driver v6.4;c:\windows\system32\DRIVERS\flashud.sys [2009-09-09 42496]
S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys [2015-12-22 302808]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-04-03 22:24 1319256 ----a-w- c:\program files\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &ÊÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: ÌÇÑí ÅÑÓÇá ÇáÕÝÍÉ Åáì &ÌåÇÒ Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: ÌÇÑí ÅÑÓÇá ÇáÕæÑÉ Åáì &ÌåÇÒ Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: localhost
Trusted Zone: moe.gov.eg
TCP: DhcpNameServer = 86.51.35.24 86.51.34.24
DPF: {6C9B3550-8DF6-415D-9B8F-4B1E74D08355} - file:///C:/Users/Public/Documents/dvrdata/%7B52F0BB64-1C66-452E-ACC0-1F77EA54BB83%7D/www/IndigoScreen.cab
FF - ProfilePath - c:\users\tarek\AppData\Roaming\Mozilla\Firefox\Profiles\ajiyv7np.default-1450206470513\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.sa/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mysql]
"ImagePath"="\"C:/Program Files/Sitech/Phenix/Mysql/bin\mysqld\" --defaults-file=\"c:\programdata\{C57FE420-6939-4E16-A1BD-CAA50C9F1884}\mysqldata\my.ini\" Mysql"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mysql]
"ImagePath"="\"C:/Program Files/Sitech/Phenix/Mysql/bin\mysqld\" --defaults-file=\"c:\programdata\{C57FE420-6939-4E16-A1BD-CAA50C9F1884}\mysqldata\my.ini\" Mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@DACL=(02 0013)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_25_0_0_148_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
@DACL=(02 0013)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@DACL=(02 0013)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_25_0_0_148_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@DACL=(02 0013)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NASIR-PC\Forms\A*4* ]
"FormKeyword"=hex:41,34,00
"ResourceNameID"="@localspl.dll.mui,208"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NASIR-PC\Forms\A*4* \LanguagePairs]
"1025"="A4ý"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\H1B *(-,E *E* ]
"FormKeyword"=hex:45,5f,53,49,5a,45,3a,48,50,00
"ResourceNameID"="@hpzstw71.dll,3398"
.
Completion time: 2017-04-26 22:36:43
ComboFix-quarantined-files.txt 2017-04-26 19:36
ComboFix2.txt 2017-04-25 17:23
.
Pre-Run: 16,218,116,096 bytes free
Post-Run: 17,421,570,048 bytes free
.
- - End Of File - - C289E1EE9914F10BFA31F42129B846EE
A36C5E4F47E84449FF07ED3517B43A31