Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 18-06-17.01 - Kadi Ahmed 06/24/2018 0:35:37.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.213.1036.18.2013.756 [GMT 2:00]
Running from: C:\Documents and Settings\Kadi Ahmed\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Kadi Ahmed\Application Data\DRPSu
C:\Documents and Settings\Kadi Ahmed\Bureau\Setup.exe
C:\Documents and Settings\Kadi Ahmed\WINDOWS
C:\Documents
C:\WINDOWS\system32\setting.ini
D:\ANNALE~1\5D4A~1.exe
E:\uninstall.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2018-05-23 to 2018-06-23 )))))))))))))))))))))))))))))))
2018-06-23 22:43:18 . 2018-06-23 22:43:18 -------- d-----w- C:\WINDOWS\system32\xircom
2018-06-23 22:43:18 . 2018-06-23 22:43:18 -------- d-----w- C:\WINDOWS\system32\wbem\snmp
2018-06-23 22:43:18 . 2018-06-23 22:43:18 -------- d-----w- C:\WINDOWS\srchasst
2018-06-23 22:43:17 . 2018-06-23 22:43:17 -------- d-----w- C:\Program Files\microsoft frontpage
2018-06-22 09:59:21 . 2018-06-22 09:59:21 -------- d-----w- C:\Program Files\ESET
2018-06-22 09:59:21 . 2018-06-22 09:59:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ESET
2018-06-22 09:09:39 . 2018-06-22 09:09:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ProductData
2018-06-22 09:09:32 . 2018-06-22 23:23:01 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\AppData
2018-06-22 09:09:19 . 2018-06-22 09:09:19 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\LocalLow
2018-06-22 09:09:18 . 2018-06-22 09:09:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{13CFD044-61E4-4EAC-AD61-02536D961216}
2018-06-22 09:09:15 . 2018-06-22 09:09:15 -------- d-----w- C:\Program Files\Fichiers communs\IObit
2018-06-22 09:08:59 . 2018-06-22 09:53:21 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Application Data\IObit
2018-06-22 09:08:59 . 2018-06-22 09:08:59 -------- d-----w- C:\Program Files\IObit
2018-06-22 09:08:48 . 2018-06-22 09:09:47 -------- d-----w- C:\Documents and Settings\All Users\Application Data\IObit
2018-06-21 23:10:45 . 2018-06-22 09:04:38 -------- d-----w- C:\Documents and Settings\All Users\Application Data\RegRun
2018-06-21 23:09:14 . 2018-06-21 23:09:14 -------- d-----w- C:\Program Files (x86)
2018-06-21 23:09:02 . 2018-06-21 23:09:56 -------- d-----w- C:\Program Files\Trojan Killer
2018-06-21 23:02:51 . 2018-06-21 23:02:51 40304 ----a-w- C:\WINDOWS\system32\drivers\Partizan.sys
2018-06-21 23:02:30 . 2018-06-13 13:51:18 14984 ----a-w- C:\WINDOWS\system32\drivers\UnHackMeDrv.sys
2018-06-21 23:02:30 . 2015-12-28 09:32:00 49968 ----a-w- C:\WINDOWS\system32\partizan.exe
2018-06-21 23:02:25 . 2018-06-22 09:10:36 -------- d-----w- C:\Program Files\UnHackMe
2018-06-21 22:37:08 . 2018-06-21 22:37:08 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Local Settings\Application Data\ZHP
2018-06-21 22:16:37 . 2018-06-21 22:16:37 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana
2018-06-21 22:16:36 . 2018-06-21 22:16:36 181496 ----a-w- C:\WINDOWS\system32\drivers\zam32.sys
2018-06-21 22:16:35 . 2018-06-21 22:16:35 181496 ----a-w- C:\WINDOWS\system32\drivers\zamguard32.sys
2018-06-21 22:16:33 . 2018-06-21 22:16:39 -------- d-----w- C:\Program Files\Zemana AntiMalware
2018-06-21 22:15:46 . 2018-06-21 22:15:46 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Local Settings\Application Data\Zemana
2018-06-21 22:14:52 . 2018-06-21 22:14:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\nanoav
2018-06-21 19:35:17 . 2018-06-21 19:37:26 -------- d-----w- C:\KVRT_Data
2018-06-21 19:02:49 . 2018-06-21 20:16:06 -------- d-----w- C:\[Smad-Cage]
2018-06-21 19:02:49 . 2018-06-21 19:02:49 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Application Data\Smadav
2018-06-21 19:02:45 . 2018-06-21 19:02:49 -------- d-----w- C:\Program Files\SMADAV
2018-06-18 17:04:22 . 2018-06-23 20:24:19 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Application Data\vlc
2018-06-18 10:46:20 . 2018-06-19 07:47:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Package Cache
2018-06-16 11:40:18 . 2018-06-18 17:03:16 -------- d-----w- C:\Program Files\VideoLAN
2018-05-26 05:38:55 . 2018-06-13 18:39:59 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\.MemuHyperv
2018-05-25 20:44:47 . 2018-06-23 22:43:46 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\.MemuHyperv
2018-05-25 20:44:42 . 2018-05-25 20:44:42 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Pictures
2018-05-25 20:44:41 . 2018-05-25 20:44:41 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Videos
2018-05-25 20:44:41 . 2018-05-25 20:44:41 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Music
2018-05-25 20:43:46 . 2018-05-26 05:38:50 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\.android
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2018-04-12 14:26:38 . 2018-04-12 14:26:38 62488 ----a-w- C:\WINDOWS\system32\drivers\epfwtdir.sys
2018-04-12 14:26:38 . 2018-04-12 14:26:38 150784 ----a-w- C:\WINDOWS\system32\drivers\ehdrv.sys
2018-04-12 14:26:38 . 2018-04-12 14:26:38 120728 ----a-w- C:\WINDOWS\system32\drivers\eamonm.sys
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2008-10-01 11:57:50 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 11"="C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe" [2018-05-23 14:57:56 3580688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="C:\Program Files\Smadav\SM?RTP.exe" [?]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2012-08-28 14:34:32 129536]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2012-08-28 14:34:26 164352]
"egui"="C:\Program Files\ESET\ESET Security\ecmds.exe" [2018-04-19 12:16:16 170128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 11:00:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 02:32:48 128512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Append Completion"= yes
"Always Use Tab"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"DisallowRun"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= Mshta.exe
"2"= powershell.exe
"3"= bitsadmin.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\Program Files\\Steam\\bin\\cef\\cef.winxp\\steamwebhelper.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\Half-Life\\hl.exe"=
"E:\\Gqdadaz\\Counter-Strike\\hl.exe"=
"D:\\GameS\\Counter-Strike\\hl.exe"=
"E:\\Gamsdq\\Counter-Strike\\hl.exe"=
"D:\\Nouveau dossier\\karim\\cs 1.6\\hl.exe"=
"E:\\Cheat Engine 6.4\\Games\\Counter-Strike\\hl.exe"=
"C:\\Games\\Counter-Strike\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Gsd\\Counter-Strike\\hl.exe"=
"D:\\Gsd\\Gszames\\Counter-Strike ezas\\hl.exe"=
"C:\\Program Files\\Counter-Strike Global Offensive\\csgo.exe"=
"C:\\Program Files\\Counter-Strike Global Offensive z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2\\csgo.exe"=
"D:\\Age of Empires 1 - Apun Ka Games\\Game\\EMPIRESX.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Documents and Settings\\Kadi Ahmed\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"C:\\Program Files\\BlueStacks\\HD-Player.exe"=
"D:\\GameS\\CS2017\\hl.exe"=
"C:\\Games\\Counter-Strike\\hlds.exe"=
"C:\\Games\\Age of Empires 1 - Apun Ka Games\\Counter-Strike\\hl.exe"=
"C:\\Program Files\\UnHackMe\\wu.exe"=
"C:\\Program Files\\UnHackMe\\RegRunInfo.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 ambakdrv;ambakdrv;C:\WINDOWS\system32\ambakdrv.sys [07-09-2017 23:48:02 26424]
R1 eamonm;eamonm;C:\WINDOWS\system32\drivers\eamonm.sys [12-04-2018 16:26:38 120728]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [12-04-2018 16:26:38 150784]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [12-04-2018 16:26:38 62488]
R1 ZAM;ZAM Helper Driver;C:\WINDOWS\system32\drivers\zam32.sys [22-06-2018 0:16:36 181496]
R1 ZAM_Guard;ZAM Guard Driver;C:\WINDOWS\system32\drivers\zamguard32.sys [22-06-2018 0:16:35 181496]
R2 AdvancedSystemCareService11;Advanced SystemCare Service 11;C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [22-06-2018 11:09:08 1057552]
R2 ammntdrv;ammntdrv;C:\WINDOWS\system32\ammntdrv.sys [07-09-2017 23:48:02 129720]
R2 amwrtdrv;amwrtdrv;C:\WINDOWS\system32\amwrtdrv.sys [07-09-2017 23:48:02 14392]
R2 Backupper Service;AOMEI Backupper Scheduler Service;C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [07-09-2017 23:48:00 29912]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Security\ekrn.exe [19-04-2018 14:17:30 1748896]
R2 memudrv;memudrv;D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [26-05-2018 7:38:48 210416]
R2 MEmusvc;MEmusvc;D:\Program Files\Microvirt\MEmu\MemuService.exe [26-05-2018 7:38:39 269480]
R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [09-09-2008 12:49:50 693512]
R3 cpuz143;cpuz143;C:\WINDOWS\Temp\cpuz143\cpuz143_x32.sys [23-06-2018 19:06:40 49472]
R3 iobit_monitor_server;iobit_monitor_server;C:\Program Files\IObit\Advanced SystemCare\drivers\Monitor_x86.sys [22-06-2018 11:09:13 15216]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [07-09-2017 23:01:02 1691480]
S3 BBSvc;BingBar Service;C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [13-02-2012 22:19:20 193816]
S3 BBUpdate;BBUpdate;C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [13-02-2012 22:19:20 240408]
S3 BstkDrv;BlueStacks Plus Hypervisor;C:\Program Files\BlueStacks\BstkDrv.sys [07-04-2018 14:43:34 218720]
S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [09-09-2008 12:49:52 906504]
S3 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [03-04-2014 20:21:48 315008]
S3 ZAMSvc;ZAM Controller Service;C:\Program Files\Zemana AntiMalware\ZAM.exe [22-06-2018 0:16:33 15775888]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-09-07 22:02:47 1106072 ----a-w- C:\Program Files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
Contents of the 'Scheduled Tasks' folder
2018-06-23 C:\WINDOWS\Tasks\ASC11_PerformanceMonitor.job
- C:\Program Files\IObit\Advanced SystemCare\Monitor.exe [2018-06-22 09:09:10 . 2018-03-29 17:04:34]
2018-06-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2017-09-07 21:57:57 . 2017-09-07 21:57:56]
2018-06-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2017-09-07 21:57:57 . 2017-09-07 21:57:56]
2018-06-23 C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
- C:\WINDOWS\system32\xp_eos.exe [2017-09-07 21:11:42 . 2014-02-26 23:28:44]
2018-06-08 C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- C:\WINDOWS\system32\xp_eos.exe [2017-09-07 21:11:42 . 2014-02-26 23:28:44]
------- Supplementary Scan -------
uStart Page = hxxp://www.google.com/webhp?hl=ar
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with EagleGet - C:\Program Files\EagleGet\IEGraberBHO.dll/202
IE: Download with EagleGet - C:\Program Files\EagleGet\IEGraberBHO.dll/201
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - C:\Documents and Settings\Kadi Ahmed\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\
FF - prefs.js: browser.search.selectedEngine - ЯндекÑ
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&btnI=&q=
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
- - - - ORPHANS REMOVED - - - -
AddRemove-BlueStacks - C:\Documents and Settings\All Users\Application Data\BlueStacks\Client\BlueStacksClientUninstaller.exe
AddRemove-DRPSu Updater - C:\Documents and Settings\Kadi Ahmed\Application Data\DRPSu\DrvUpdater.exe
AddRemove-YandexBrowser - C:\Documents and Settings\Kadi Ahmed\Local Settings\Application Data\Yandex\YandexBrowser\Application\35.0.1916.15705\Installer\setup.exe
Microsoft Windows XP Professionnel 5.1.2600.3.1256.213.1036.18.2013.756 [GMT 2:00]
Running from: C:\Documents and Settings\Kadi Ahmed\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Kadi Ahmed\Application Data\DRPSu
C:\Documents and Settings\Kadi Ahmed\Bureau\Setup.exe
C:\Documents and Settings\Kadi Ahmed\WINDOWS
C:\Documents
C:\WINDOWS\system32\setting.ini
D:\ANNALE~1\5D4A~1.exe
E:\uninstall.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2018-05-23 to 2018-06-23 )))))))))))))))))))))))))))))))
2018-06-23 22:43:18 . 2018-06-23 22:43:18 -------- d-----w- C:\WINDOWS\system32\xircom
2018-06-23 22:43:18 . 2018-06-23 22:43:18 -------- d-----w- C:\WINDOWS\system32\wbem\snmp
2018-06-23 22:43:18 . 2018-06-23 22:43:18 -------- d-----w- C:\WINDOWS\srchasst
2018-06-23 22:43:17 . 2018-06-23 22:43:17 -------- d-----w- C:\Program Files\microsoft frontpage
2018-06-22 09:59:21 . 2018-06-22 09:59:21 -------- d-----w- C:\Program Files\ESET
2018-06-22 09:59:21 . 2018-06-22 09:59:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ESET
2018-06-22 09:09:39 . 2018-06-22 09:09:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ProductData
2018-06-22 09:09:32 . 2018-06-22 23:23:01 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\AppData
2018-06-22 09:09:19 . 2018-06-22 09:09:19 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\LocalLow
2018-06-22 09:09:18 . 2018-06-22 09:09:18 -------- d-----w- C:\Documents and Settings\All Users\Application Data\{13CFD044-61E4-4EAC-AD61-02536D961216}
2018-06-22 09:09:15 . 2018-06-22 09:09:15 -------- d-----w- C:\Program Files\Fichiers communs\IObit
2018-06-22 09:08:59 . 2018-06-22 09:53:21 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Application Data\IObit
2018-06-22 09:08:59 . 2018-06-22 09:08:59 -------- d-----w- C:\Program Files\IObit
2018-06-22 09:08:48 . 2018-06-22 09:09:47 -------- d-----w- C:\Documents and Settings\All Users\Application Data\IObit
2018-06-21 23:10:45 . 2018-06-22 09:04:38 -------- d-----w- C:\Documents and Settings\All Users\Application Data\RegRun
2018-06-21 23:09:14 . 2018-06-21 23:09:14 -------- d-----w- C:\Program Files (x86)
2018-06-21 23:09:02 . 2018-06-21 23:09:56 -------- d-----w- C:\Program Files\Trojan Killer
2018-06-21 23:02:51 . 2018-06-21 23:02:51 40304 ----a-w- C:\WINDOWS\system32\drivers\Partizan.sys
2018-06-21 23:02:30 . 2018-06-13 13:51:18 14984 ----a-w- C:\WINDOWS\system32\drivers\UnHackMeDrv.sys
2018-06-21 23:02:30 . 2015-12-28 09:32:00 49968 ----a-w- C:\WINDOWS\system32\partizan.exe
2018-06-21 23:02:25 . 2018-06-22 09:10:36 -------- d-----w- C:\Program Files\UnHackMe
2018-06-21 22:37:08 . 2018-06-21 22:37:08 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Local Settings\Application Data\ZHP
2018-06-21 22:16:37 . 2018-06-21 22:16:37 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Zemana
2018-06-21 22:16:36 . 2018-06-21 22:16:36 181496 ----a-w- C:\WINDOWS\system32\drivers\zam32.sys
2018-06-21 22:16:35 . 2018-06-21 22:16:35 181496 ----a-w- C:\WINDOWS\system32\drivers\zamguard32.sys
2018-06-21 22:16:33 . 2018-06-21 22:16:39 -------- d-----w- C:\Program Files\Zemana AntiMalware
2018-06-21 22:15:46 . 2018-06-21 22:15:46 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Local Settings\Application Data\Zemana
2018-06-21 22:14:52 . 2018-06-21 22:14:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\nanoav
2018-06-21 19:35:17 . 2018-06-21 19:37:26 -------- d-----w- C:\KVRT_Data
2018-06-21 19:02:49 . 2018-06-21 20:16:06 -------- d-----w- C:\[Smad-Cage]
2018-06-21 19:02:49 . 2018-06-21 19:02:49 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Application Data\Smadav
2018-06-21 19:02:45 . 2018-06-21 19:02:49 -------- d-----w- C:\Program Files\SMADAV
2018-06-18 17:04:22 . 2018-06-23 20:24:19 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Application Data\vlc
2018-06-18 10:46:20 . 2018-06-19 07:47:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Package Cache
2018-06-16 11:40:18 . 2018-06-18 17:03:16 -------- d-----w- C:\Program Files\VideoLAN
2018-05-26 05:38:55 . 2018-06-13 18:39:59 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\.MemuHyperv
2018-05-25 20:44:47 . 2018-06-23 22:43:46 -------- d-----w- C:\WINDOWS\system32\config\systemprofile\.MemuHyperv
2018-05-25 20:44:42 . 2018-05-25 20:44:42 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Pictures
2018-05-25 20:44:41 . 2018-05-25 20:44:41 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Videos
2018-05-25 20:44:41 . 2018-05-25 20:44:41 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\Music
2018-05-25 20:43:46 . 2018-05-26 05:38:50 -------- d-----w- C:\Documents and Settings\Kadi Ahmed\.android
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2018-04-12 14:26:38 . 2018-04-12 14:26:38 62488 ----a-w- C:\WINDOWS\system32\drivers\epfwtdir.sys
2018-04-12 14:26:38 . 2018-04-12 14:26:38 150784 ----a-w- C:\WINDOWS\system32\drivers\ehdrv.sys
2018-04-12 14:26:38 . 2018-04-12 14:26:38 120728 ----a-w- C:\WINDOWS\system32\drivers\eamonm.sys
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2008-10-01 11:57:50 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 11"="C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe" [2018-05-23 14:57:56 3580688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="C:\Program Files\Smadav\SM?RTP.exe" [?]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2012-08-28 14:34:32 129536]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2012-08-28 14:34:26 164352]
"egui"="C:\Program Files\ESET\ESET Security\ecmds.exe" [2018-04-19 12:16:16 170128]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 11:00:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 02:32:48 128512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Append Completion"= yes
"Always Use Tab"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"DisallowRun"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= Mshta.exe
"2"= powershell.exe
"3"= bitsadmin.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"C:\\Program Files\\Steam\\bin\\cef\\cef.winxp\\steamwebhelper.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\Half-Life\\hl.exe"=
"E:\\Gqdadaz\\Counter-Strike\\hl.exe"=
"D:\\GameS\\Counter-Strike\\hl.exe"=
"E:\\Gamsdq\\Counter-Strike\\hl.exe"=
"D:\\Nouveau dossier\\karim\\cs 1.6\\hl.exe"=
"E:\\Cheat Engine 6.4\\Games\\Counter-Strike\\hl.exe"=
"C:\\Games\\Counter-Strike\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Gsd\\Counter-Strike\\hl.exe"=
"D:\\Gsd\\Gszames\\Counter-Strike ezas\\hl.exe"=
"C:\\Program Files\\Counter-Strike Global Offensive\\csgo.exe"=
"C:\\Program Files\\Counter-Strike Global Offensive z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2Z2\\csgo.exe"=
"D:\\Age of Empires 1 - Apun Ka Games\\Game\\EMPIRESX.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Documents and Settings\\Kadi Ahmed\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"C:\\Program Files\\BlueStacks\\HD-Player.exe"=
"D:\\GameS\\CS2017\\hl.exe"=
"C:\\Games\\Counter-Strike\\hlds.exe"=
"C:\\Games\\Age of Empires 1 - Apun Ka Games\\Counter-Strike\\hl.exe"=
"C:\\Program Files\\UnHackMe\\wu.exe"=
"C:\\Program Files\\UnHackMe\\RegRunInfo.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 ambakdrv;ambakdrv;C:\WINDOWS\system32\ambakdrv.sys [07-09-2017 23:48:02 26424]
R1 eamonm;eamonm;C:\WINDOWS\system32\drivers\eamonm.sys [12-04-2018 16:26:38 120728]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [12-04-2018 16:26:38 150784]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [12-04-2018 16:26:38 62488]
R1 ZAM;ZAM Helper Driver;C:\WINDOWS\system32\drivers\zam32.sys [22-06-2018 0:16:36 181496]
R1 ZAM_Guard;ZAM Guard Driver;C:\WINDOWS\system32\drivers\zamguard32.sys [22-06-2018 0:16:35 181496]
R2 AdvancedSystemCareService11;Advanced SystemCare Service 11;C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [22-06-2018 11:09:08 1057552]
R2 ammntdrv;ammntdrv;C:\WINDOWS\system32\ammntdrv.sys [07-09-2017 23:48:02 129720]
R2 amwrtdrv;amwrtdrv;C:\WINDOWS\system32\amwrtdrv.sys [07-09-2017 23:48:02 14392]
R2 Backupper Service;AOMEI Backupper Scheduler Service;C:\Program Files\AOMEI Backupper Standard Edition 2.0.2\ABService.exe [07-09-2017 23:48:00 29912]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Security\ekrn.exe [19-04-2018 14:17:30 1748896]
R2 memudrv;memudrv;D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [26-05-2018 7:38:48 210416]
R2 MEmusvc;MEmusvc;D:\Program Files\Microvirt\MEmu\MemuService.exe [26-05-2018 7:38:39 269480]
R2 PD91Agent;PD91Agent;C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [09-09-2008 12:49:50 693512]
R3 cpuz143;cpuz143;C:\WINDOWS\Temp\cpuz143\cpuz143_x32.sys [23-06-2018 19:06:40 49472]
R3 iobit_monitor_server;iobit_monitor_server;C:\Program Files\IObit\Advanced SystemCare\drivers\Monitor_x86.sys [22-06-2018 11:09:13 15216]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [07-09-2017 23:01:02 1691480]
S3 BBSvc;BingBar Service;C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [13-02-2012 22:19:20 193816]
S3 BBUpdate;BBUpdate;C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [13-02-2012 22:19:20 240408]
S3 BstkDrv;BlueStacks Plus Hypervisor;C:\Program Files\BlueStacks\BstkDrv.sys [07-04-2018 14:43:34 218720]
S3 PD91Engine;PD91Engine;C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [09-09-2008 12:49:52 906504]
S3 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [03-04-2014 20:21:48 315008]
S3 ZAMSvc;ZAM Controller Service;C:\Program Files\Zemana AntiMalware\ZAM.exe [22-06-2018 0:16:33 15775888]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - WS2IFSL
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-09-07 22:02:47 1106072 ----a-w- C:\Program Files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
Contents of the 'Scheduled Tasks' folder
2018-06-23 C:\WINDOWS\Tasks\ASC11_PerformanceMonitor.job
- C:\Program Files\IObit\Advanced SystemCare\Monitor.exe [2018-06-22 09:09:10 . 2018-03-29 17:04:34]
2018-06-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2017-09-07 21:57:57 . 2017-09-07 21:57:56]
2018-06-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2017-09-07 21:57:57 . 2017-09-07 21:57:56]
2018-06-23 C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
- C:\WINDOWS\system32\xp_eos.exe [2017-09-07 21:11:42 . 2014-02-26 23:28:44]
2018-06-08 C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- C:\WINDOWS\system32\xp_eos.exe [2017-09-07 21:11:42 . 2014-02-26 23:28:44]
------- Supplementary Scan -------
uStart Page = hxxp://www.google.com/webhp?hl=ar
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
IE: Download all links with EagleGet - C:\Program Files\EagleGet\IEGraberBHO.dll/202
IE: Download with EagleGet - C:\Program Files\EagleGet\IEGraberBHO.dll/201
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - C:\Documents and Settings\Kadi Ahmed\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\
FF - prefs.js: browser.search.selectedEngine - ЯндекÑ
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&btnI=&q=
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
- - - - ORPHANS REMOVED - - - -
AddRemove-BlueStacks - C:\Documents and Settings\All Users\Application Data\BlueStacks\Client\BlueStacksClientUninstaller.exe
AddRemove-DRPSu Updater - C:\Documents and Settings\Kadi Ahmed\Application Data\DRPSu\DrvUpdater.exe
AddRemove-YandexBrowser - C:\Documents and Settings\Kadi Ahmed\Local Settings\Application Data\Yandex\YandexBrowser\Application\35.0.1916.15705\Installer\setup.exe