Format du document : text/plain
Prévisualisation
ComboFix 17-01-13.01 - H!ch@m 22/01/2017 20:21:01.1.4 - x86
Microsoft Windows 7 Edition Intégrale 6.1.7601.1.1256.213.1036.18.2871.1195 [GMT 1:00]
Running from: c:\users\H!ch@m\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\H!ch@m\AppData\Local\assembly\tmp
c:\users\H!ch@m\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\users\H!ch@m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b308ef6ba150e10e9c0d5c1108a18575.exe
c:\users\H!ch@m\AppData\Roaming\ZHP
c:\users\H!ch@m\AppData\Roaming\ZHP\Tempo.txt
c:\users\H!ch@m\AppData\Roaming\ZHP\TraceZHPCleaner.txt
c:\users\H!ch@m\AppData\Roaming\ZHP\ZHPCleaner-[R]-22012017-01_44_14.txt
c:\users\H!ch@m\AppData\Roaming\ZHP\ZHPCleaner-[R]-22012017-20_17_45.txt
c:\users\H!ch@m\AppData\Roaming\ZHP\ZHPCleaner-[S]-22012017-01_41_42.txt
c:\users\H!ch@m\AppData\Roaming\ZHP\ZHPCleaner-[S]-22012017-20_16_00.txt
c:\users\H!ch@m\AppData\Roaming\ZHP\ZHPCleaner.txt
c:\users\H!ch@m\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
c:\users\H!ch@m\AppData\Roaming\ZHP\ZHPCleaner_Tempo.txt
c:\users\H!ch@m\AppData\Roaming\ZHP\ZHPQ_Files.txt
E:\Autorun.inf
E:\setup.exe
.
c:\windows\System32\PING.EXE . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
((((((((((((((((((((((((( Files Created from 2016-12-22 to 2017-01-22 )))))))))))))))))))))))))))))))
.
.
2017-01-22 19:57 . 2017-01-22 19:57 -------- d-----w- c:\users\H!ch@m\AppData\Local\temp
2017-01-22 19:57 . 2017-01-22 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-01-22 18:34 . 2017-01-22 18:34 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-01-22 02:06 . 2017-01-22 02:06 -------- d-----w- c:\program files\Enigma Software Group
2017-01-22 01:24 . 2017-01-22 01:24 -------- d-----w- c:\users\H!ch@m\AppData\Roaming\URSoft
2017-01-22 01:24 . 2017-01-22 17:34 -------- d-----w- c:\program files\Your Uninstaller! 7
2017-01-21 23:17 . 2017-01-22 18:33 -------- d-----w- c:\program files\RogueKiller
2017-01-21 23:17 . 2017-01-22 18:33 -------- d-----w- c:\programdata\RogueKiller
2017-01-21 06:35 . 2017-01-21 06:35 -------- d-----w- c:\program files\CPUID
2017-01-21 06:17 . 2017-01-21 06:17 -------- d-----w- C:\avast! sandbox
2017-01-21 05:40 . 2017-01-21 06:01 -------- d-----w- c:\users\H!ch@m\AppData\Roaming\WiperSoft
2017-01-21 05:39 . 2017-01-21 14:07 -------- d-----w- c:\program files\WiperSoft
2017-01-21 03:11 . 2017-01-21 03:11 -------- d-----w- c:\users\H!ch@m\AppData\Roaming\AVAST Software
2017-01-21 03:07 . 2017-01-21 03:06 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-01-21 03:04 . 2017-01-21 03:04 -------- d-----w- c:\program files\AVAST Software
2017-01-21 02:36 . 2017-01-22 17:34 -------- d-----w- c:\program files\RegSeeker
2017-01-21 01:56 . 2017-01-22 17:34 -------- d-----w- c:\program files\Common Files\Saoit
2017-01-20 23:10 . 2017-01-22 17:34 -------- d-----w- c:\users\H!ch@m\AppData\Local\ZenMate
2017-01-20 22:56 . 2017-01-20 22:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D36C6A91-6061-4EB7-816C-A2E891D7CFED}\offreg.6088.dll
2017-01-20 22:47 . 2017-01-20 22:47 -------- d-----w- c:\users\H!ch@m\AppData\Roaming\Innovative Solutions
2017-01-20 22:47 . 2017-01-21 14:11 -------- d-----w- c:\users\H!ch@m\AppData\Local\Innovative Solutions
2017-01-20 22:47 . 2017-01-21 14:07 -------- d-----w- c:\program files\Innovative Solutions
2017-01-20 22:46 . 2017-01-20 22:48 -------- d-----w- c:\programdata\McAfee
2017-01-18 12:40 . 2017-01-18 12:40 -------- d-----w- c:\program files\Android
2017-01-16 17:18 . 2017-01-16 17:18 -------- d-----w- c:\users\H!ch@m\AppData\Local\Windscribe
2017-01-16 17:08 . 2017-01-16 17:22 -------- d-----w- c:\program files\TAP-Windows
2017-01-16 17:08 . 2017-01-16 17:22 -------- d-----w- c:\program files\Windscribe
2017-01-14 21:13 . 2017-01-14 21:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D36C6A91-6061-4EB7-816C-A2E891D7CFED}\offreg.3140.dll
2017-01-14 20:20 . 2017-01-21 13:58 -------- d-----w- c:\programdata\purevpn
2017-01-14 20:20 . 2017-01-14 20:21 -------- d-----w- c:\program files\PureVPN
2017-01-14 20:00 . 2016-07-26 17:56 25648 ----a-w- c:\windows\system32\drivers\neo_vpn.sys
2017-01-14 02:57 . 2017-01-14 02:57 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D36C6A91-6061-4EB7-816C-A2E891D7CFED}\offreg.3704.dll
2017-01-14 02:55 . 2016-12-30 22:26 9561744 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D36C6A91-6061-4EB7-816C-A2E891D7CFED}\mpengine.dll
2017-01-13 23:11 . 2013-08-15 17:24 63568 ----a-w- c:\windows\system32\vsocklib.dll
2017-01-13 23:11 . 2013-08-15 17:25 63824 ----a-w- c:\windows\system32\drivers\vsock.sys
2017-01-13 23:10 . 2013-08-27 11:42 358480 ----a-w- c:\windows\system32\vmnetdhcp.exe
2017-01-13 23:10 . 2013-08-27 11:42 26192 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2017-01-13 23:10 . 2013-08-27 11:42 437328 ----a-w- c:\windows\system32\vmnat.exe
2017-01-13 23:10 . 2013-08-27 11:43 776272 ----a-w- c:\windows\system32\vnetlib.dll
2017-01-13 23:10 . 2013-08-26 22:33 43192 ----a-w- c:\windows\system32\drivers\hcmon.sys
2017-01-13 23:10 . 2013-08-26 22:33 31928 ----a-w- c:\windows\system32\drivers\vmusb.sys
2017-01-13 23:05 . 2017-01-13 23:05 -------- d-----w- c:\program files\VMware
2017-01-13 21:20 . 2017-01-13 23:07 -------- d-----w- c:\program files\Common Files\VMware
2017-01-08 22:28 . 2017-01-17 07:08 -------- d-----w- c:\program files\TeamViewer
2017-01-08 19:36 . 2017-01-08 19:36 -------- d-----w- c:\users\H!ch@m\AppData\Local\GWX
2017-01-06 21:02 . 2017-01-14 20:36 -------- d-----w- c:\program files\Cracklock
2017-01-06 20:54 . 2017-01-06 20:54 -------- d-----w- c:\users\H!ch@m\AppData\Local\IsolatedStorage
2017-01-06 19:37 . 2017-01-06 19:41 -------- d-----w- c:\programdata\Hotspot Shield
2017-01-06 19:37 . 2017-01-06 19:42 -------- d-----w- c:\program files\Hotspot Shield
2017-01-06 19:37 . 2015-06-03 23:01 39528 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2017-01-06 19:29 . 2017-01-06 19:29 -------- d-----w- c:\users\H!ch@m\AppData\Roaming\Hotspot Shield
2017-01-02 13:54 . 2017-01-22 17:34 -------- d-----w- c:\program files\Mouse Server
2016-12-25 15:06 . 2016-12-25 15:06 -------- d-----w- c:\programdata\SeriousBit
2016-12-25 15:03 . 2016-01-15 08:41 35344 ----a-w- c:\windows\system32\drivers\nbdrv.sys
2016-12-25 15:03 . 2017-01-22 17:34 -------- d-----w- c:\program files\NetBalancer
2016-12-24 12:56 . 2017-01-17 06:55 -------- d-sh--w- c:\users\H!ch@m\AppData\Roaming\Pr
2016-12-24 12:56 . 2017-01-22 17:35 -------- d-sh--w- c:\users\H!ch@m\AppData\Roaming\Latas
2016-12-24 12:07 . 2017-01-06 19:00 -------- d-----w- c:\users\H!ch@m\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-01 01:18 . 2016-12-01 01:18 875712 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-12-01 01:18 . 2016-12-01 01:18 536768 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-12-01 01:18 . 2016-12-01 01:18 28352 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-12-01 01:18 . 2016-12-01 01:18 18088 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-12-01 01:18 . 2016-12-01 01:18 18088 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-12-01 01:18 . 2016-12-01 01:18 18088 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-24 12:58 . 2016-11-24 12:58 5826416 ----a-w- c:\users\H!ch@m\AppData\Roaming\Fax-Stock.bin
2016-11-23 15:19 . 2016-11-23 15:19 31616 ----a-w- c:\windows\system32\drivers\cfywlan1.sys
2015-08-23 03:49 . 2015-08-23 03:42 6420480 ----a-w- c:\program files\GUT3028.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2015-04-16 15:41 908960 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2015-04-16 15:41 908960 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2015-04-16 15:41 908960 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EagleGet"="c:\program files\EagleGet\Eagleget.exe" [2015-08-19 1891328]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
"NetBalancer"="c:\program files\NetBalancer\SeriousBit.NetBalancer.Tray.exe" [2016-06-23 1915256]
"Windscribe"="c:\program files\Windscribe\Windscribe.exe" [2016-12-08 7948392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-16 8546848]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2011-01-29 623520]
"vmware-tray.exe"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2013-08-27 111696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-06-11 280576]
.
c:\users\H!ch@m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PureVPN.lnk - c:\program files\PureVPN\purevpn.exe -autorun [2017-1-14 3799680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 11.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
backup=c:\windows\pss\Snagit 11.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^H!ch@m^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^b308ef6ba150e10e9c0d5c1108a18575.exe]
path=c:\users\H!ch@m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b308ef6ba150e10e9c0d5c1108a18575.exe
backup=c:\windows\pss\b308ef6ba150e10e9c0d5c1108a18575.exe.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^H!ch@m^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PureVPN.lnk]
path=c:\users\H!ch@m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk
backup=c:\windows\pss\PureVPN.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2016-12-19 21:38 1160408 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 13:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-01-06 13:51 175640 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2015-05-20 21:23 3903056 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-01-06 13:57 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2015-09-02 02:04 721504 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-01-06 13:55 167960 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2015-02-28 03:26 366904 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-12-19 18:37 1979072 ----a-w- c:\users\H!ch@m\AppData\Roaming\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viber]
2016-05-16 12:59 69528656 ----a-w- c:\users\H!ch@m\AppData\Local\Viber\Viber.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray.exe]
2013-08-27 11:42 111696 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2011-07-17 04:56 1038848 ----a-w- c:\program files\WebcamMax\wcmmon.exe
.
R1 qrnfd_1_10_0_12;qrnfd_1_10_0_12;c:\windows\system32\drivers\qrnfd_1_10_0_12.sys [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2013-08-27 14401104]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-10-13 89856]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2015-04-02 25104]
R3 eagleGet;eagleGet;c:\windows\system32\Drivers\eagleGet.sys [2015-07-29 94720]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-05-20 102912]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2015-04-01 110280]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [2015-07-22 509408]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 ShareItSvc;ShareItSvc;c:\program files\SHAREit\SHAREit\Shareit.Service.exe [2016-04-15 33224]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-10-13 184192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\drivers\usb80236.sys [2013-02-12 15872]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2013-08-15 71888]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-08-15 63824]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2015-06-03 39528]
S1 nbdrv;NetBalancer Filter;c:\windows\system32\DRIVERS\nbdrv.sys [2016-01-15 35344]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 egGetSvc;egGetSvc;c:\program files\EagleGet\EGMonitor.exe [2015-08-19 235520]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\cmw_srv.exe [2015-09-19 1867472]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product hss [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968]
S2 NetBalancerService;NetBalancerService;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2016-06-23 179064]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-10-13 743688]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2013-08-26 719416]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 704512]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi20-shared.sys [2013-02-22 23632]
S2 WindscribeService;WindscribeService;c:\program files\Windscribe\WindscribeService.exe [2016-12-08 53352]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-09-23 294952]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-09-23 33320]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2011-01-06 132352]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-01-06 232960]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\neo_vpn.sys [2016-07-26 25648]
S3 NETwNs32;___ Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETwsn00.sys [2014-05-09 10381008]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2015-06-03 36968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-16 14:25 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download all links with EagleGet - c:\program files\EagleGet\IEGraberBHO.dll/202
IE: Download with EagleGet - c:\program files\EagleGet\IEGraberBHO.dll/201
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\H!ch@m\AppData\Roaming\Mozilla\Firefox\Profiles\5xthzhe0.default-1479913138085\
FF - prefs.js: browser.startup.homepage - google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-ultracopier - c:\program files\Supercopier\supercopier.exe
MSConfigStartUp-b308ef6ba150e10e9c0d5c1108a18575 - c:\users\H!ch@m\AppData\Local\Temp\Help.exe
MSConfigStartUp-Connectify Hotspot - c:\program files\Connectify\Connectify.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-mHotspot - c:\program files\mHotspot\mHotspot.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Web Companion - c:\program files\Lavasoft\Web Companion\Application\WebCompanion.exe
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2460075080-491719790-2508453021-1000_Classes\CLSID\{225655f8-ce11-48af-97ce-da026be3d40e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006d
"Therad"=dword:00000014
.
[HKEY_USERS\S-1-5-21-2460075080-491719790-2508453021-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7e,f3,f3,29,80,3b,5e,a9,eb,c2,e2,45,40,25,55,1c,fe,8b,ae,62,18,
4a,21,af,c7,9d,05,17,a7,92,b3,ee,e1,04,cb,ea,e1,5f,25,e1,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2460075080-491719790-2508453021-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ab,af,93,d6,95,86,b6,1f,6a,f7,ed,6b,81,75,d9,50,02,7a,eb,32,89,
b7,cb,ef,f8,4c,d1,0e,31,fe,78,af,22,3f,22,f0,5e,e4,74,b6,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2460075080-491719790-2508453021-1000_Classes\CLSID\{83e87bb3-4c12-4ef4-9945-5cc07575b300}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b4
"Therad"=dword:0000000f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\TeamViewer\TeamViewer_Service.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\runonce.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\conhost.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\System32\notepad.exe
c:\program files\Hotspot Shield\bin\hsscp.exe
c:\program files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\program files\Apple Software Update\SoftwareUpdate.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2017-01-22 21:09:45 - machine was rebooted
ComboFix-quarantined-files.txt 2017-01-22 20:09
.
Pre-Run: 27 203 190 784 octets libres
Post-Run: 26 310 434 816 octets libres
.
- - End Of File - - 1FB2A7A40D4C2A88591CC3F04F8E9502
A36C5E4F47E84449FF07ED3517B43A31