Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-10-17.01 - AhmedBakr 11/07/2017 17:03:18.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.20.1033.18.991.347 [GMT 2:00]
Running from: c:\users\AhmedBakr\Desktop\ahmed\tools\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Kaspersky Internet Security *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Internet Security *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2017-10-07 to 2017-11-07 )))))))))))))))))))))))))))))))
.
.
2017-11-07 15:10 . 2017-11-07 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-11-07 12:36 . 2017-11-07 12:40 -------- d-----w- c:\program files\Google
2017-11-07 12:18 . 2017-11-07 12:18 -------- d-----w- c:\windows\Migration
2017-11-07 12:03 . 2017-11-07 12:03 -------- d-----w- c:\windows\system32\Hotspot Shield
2017-11-06 19:48 . 2017-11-07 12:29 -------- d-----w- c:\program files\Hotspot Shield
2017-11-06 19:48 . 2017-11-07 12:29 -------- d-----w- c:\programdata\Hotspot Shield
2017-11-06 17:54 . 2017-11-06 17:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A17466F6-9867-4D22-8587-1990104A53E3}\offreg.852.dll
2017-11-06 09:32 . 2014-02-16 10:58 244 ----a-w- c:\program files\1.cmd
2017-11-06 09:32 . 2014-02-16 09:41 -------- d-----w- c:\program files\infovox3B.M.T
2017-11-04 16:18 . 2017-11-04 16:18 -------- d-----w- c:\program files\Common Files\Skype
2017-11-04 16:18 . 2017-11-04 16:18 -------- d-----r- c:\program files\Skype
2017-11-04 16:18 . 2017-11-04 16:19 -------- d-----w- c:\programdata\Skype
2017-11-04 16:18 . 2015-07-18 13:08 11616 ----a-w- c:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-11-04 16:18 . 2015-07-18 13:08 11616 ----a-w- c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-04 16:16 . 2017-11-07 12:09 -------- d-----w- c:\programdata\Package Cache
2017-11-04 13:52 . 2017-11-07 13:01 -------- d-----w- C:\AdwCleaner
2017-11-04 13:27 . 2017-11-06 21:50 -------- d-----w- c:\program files\NVDA
2017-11-03 21:38 . 2017-11-03 11:45 -------- d-----w- c:\windows\Panther
2017-11-03 21:20 . 2017-11-03 21:21 -------- d-----w- c:\program files\Common Files\AV
2017-11-03 21:18 . 2017-11-07 13:58 -------- d-----w- c:\programdata\Kaspersky Lab
2017-11-03 21:18 . 2017-11-06 12:15 -------- d-----w- c:\program files\Kaspersky Lab
2017-11-03 21:17 . 2017-11-03 21:58 164056 ----a-w- c:\windows\system32\drivers\klflt.sys
2017-11-03 21:15 . 2017-11-03 21:15 -------- d-----w- c:\program files\Microsoft.NET
2017-11-03 19:40 . 2017-11-03 19:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A17466F6-9867-4D22-8587-1990104A53E3}\offreg.3792.dll
2017-11-03 17:51 . 2017-11-03 17:51 -------- d-----w- c:\program files\HitmanPro
2017-11-03 17:51 . 2017-11-03 17:55 -------- d-----w- c:\programdata\HitmanPro
2017-11-03 16:50 . 2017-11-03 16:50 11282328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A17466F6-9867-4D22-8587-1990104A53E3}\mpengine.dll
2017-11-03 16:30 . 2017-11-07 12:41 -------- d-sh--w- c:\windows\Installer
2017-11-03 16:29 . 2017-11-06 12:16 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2017-11-03 16:24 . 2017-11-04 12:57 -------- d-----w- c:\program files\Mozilla Maintenance Service
2017-11-03 16:14 . 2017-11-01 06:54 59896 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-11-03 16:14 . 2017-11-03 16:14 -------- d-----w- c:\programdata\Malwarebytes
2017-11-03 16:14 . 2017-11-03 16:14 -------- d-----w- c:\program files\Malwarebytes
2017-11-03 11:49 . 2017-11-03 11:49 -------- d-----w- c:\programdata\IDM
2017-11-03 11:49 . 2017-11-06 17:53 -------- d-----w- c:\program files\Internet Download Manager
2017-11-03 11:45 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2017-11-03 11:45 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2017-11-03 11:45 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2017-11-03 11:45 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2017-11-03 11:45 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2017-11-03 11:45 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2017-11-03 11:45 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2017-11-03 11:45 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2017-11-03 11:45 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2017-11-03 11:45 . 2017-11-06 18:49 -------- d-----w- c:\users\AhmedBakr
2017-11-03 11:44 . 2017-11-03 11:44 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-03 21:56 . 2016-12-22 05:13 62168 ----a-w- c:\windows\system32\drivers\klbackupdisk.sys
2017-11-03 21:56 . 2016-12-27 05:57 75992 ----a-w- c:\windows\system32\drivers\klbackupflt.sys
2017-11-03 21:56 . 2017-06-22 04:58 229592 ----a-w- c:\windows\system32\drivers\klhk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0E2877D3-2641-4970-B794-A553E295428D}]
2017-11-03 21:18 1150312 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ieext\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4853DF44-7D6B-48E9-9258-D800EEE54AF6}"= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll" [2017-11-03 1150312]
.
[HKEY_CLASSES_ROOT\clsid\{4853df44-7d6b-48e9-9258-d800eee54af6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2017-11-06 4035696]
"nvda"="c:\program files\NVDA\nvda.exe" [2017-08-24 65112]
.
c:\users\AhmedBakr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
infovox3B.M.T.lnk - c:\program files\infovox3B.M.T\INFOVOX3.EXE [2017-11-6 211800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2017-08-25 12:38 27832272 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVP18.0.0;ÎÏãÉ Kaspersky Anti-Virus 17.0.0;c:\program files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [2017-01-24 354672]
R2 KSDE2.0.0;Kaspersky Secure Connection ÎÏãÉ 2.0.0;c:\program files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [2017-01-24 354672]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-11-01 4563920]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2017-11-03 113624]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-07-18 317408]
S0 cm_km;AO Kaspersky Lab Cryptographic Module x86 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys [2016-12-26 176864]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys [2017-11-03 62168]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys [2017-11-03 75992]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys [2017-11-03 229592]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2016-10-11 49744]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys [2017-06-22 45552]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2017-06-22 75760]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys [2017-06-22 117744]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2017-06-22 165056]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\cmw_srv.exe [2017-09-11 53168]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2017-08-05 149224]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys [2016-05-31 69000]
S3 AFTrafMgr1.3;AFTrafMgr1.3;c:\program files\Hotspot Shield\bin\TrafMgr_1_3_32.sys [2017-09-07 57736]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2017-11-03 164056]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2016-12-23 50400]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2016-12-07 51424]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys [2016-06-06 48056]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2016-01-13 36968]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*Deregistered* - aswMBR
*Deregistered* - aswVmm
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-11-07 12:40 1509208 ----a-w- c:\program files\Google\Chrome\Application\62.0.3202.89\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\AhmedBakr\AppData\Roaming\Mozilla\Firefox\Profiles\t27dskka.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-11-07 17:13:29
ComboFix-quarantined-files.txt 2017-11-07 15:13
.
Pre-Run: 34,235,723,776 bytes free
Post-Run: 34,253,987,840 bytes free
.
- - End Of File - - 882794065968790F31CAE92D985E6A48
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.20.1033.18.991.347 [GMT 2:00]
Running from: c:\users\AhmedBakr\Desktop\ahmed\tools\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Kaspersky Internet Security *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Internet Security *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2017-10-07 to 2017-11-07 )))))))))))))))))))))))))))))))
.
.
2017-11-07 15:10 . 2017-11-07 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-11-07 12:36 . 2017-11-07 12:40 -------- d-----w- c:\program files\Google
2017-11-07 12:18 . 2017-11-07 12:18 -------- d-----w- c:\windows\Migration
2017-11-07 12:03 . 2017-11-07 12:03 -------- d-----w- c:\windows\system32\Hotspot Shield
2017-11-06 19:48 . 2017-11-07 12:29 -------- d-----w- c:\program files\Hotspot Shield
2017-11-06 19:48 . 2017-11-07 12:29 -------- d-----w- c:\programdata\Hotspot Shield
2017-11-06 17:54 . 2017-11-06 17:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A17466F6-9867-4D22-8587-1990104A53E3}\offreg.852.dll
2017-11-06 09:32 . 2014-02-16 10:58 244 ----a-w- c:\program files\1.cmd
2017-11-06 09:32 . 2014-02-16 09:41 -------- d-----w- c:\program files\infovox3B.M.T
2017-11-04 16:18 . 2017-11-04 16:18 -------- d-----w- c:\program files\Common Files\Skype
2017-11-04 16:18 . 2017-11-04 16:18 -------- d-----r- c:\program files\Skype
2017-11-04 16:18 . 2017-11-04 16:19 -------- d-----w- c:\programdata\Skype
2017-11-04 16:18 . 2015-07-18 13:08 11616 ----a-w- c:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-11-04 16:18 . 2015-07-18 13:08 11616 ----a-w- c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-04 16:16 . 2017-11-07 12:09 -------- d-----w- c:\programdata\Package Cache
2017-11-04 13:52 . 2017-11-07 13:01 -------- d-----w- C:\AdwCleaner
2017-11-04 13:27 . 2017-11-06 21:50 -------- d-----w- c:\program files\NVDA
2017-11-03 21:38 . 2017-11-03 11:45 -------- d-----w- c:\windows\Panther
2017-11-03 21:20 . 2017-11-03 21:21 -------- d-----w- c:\program files\Common Files\AV
2017-11-03 21:18 . 2017-11-07 13:58 -------- d-----w- c:\programdata\Kaspersky Lab
2017-11-03 21:18 . 2017-11-06 12:15 -------- d-----w- c:\program files\Kaspersky Lab
2017-11-03 21:17 . 2017-11-03 21:58 164056 ----a-w- c:\windows\system32\drivers\klflt.sys
2017-11-03 21:15 . 2017-11-03 21:15 -------- d-----w- c:\program files\Microsoft.NET
2017-11-03 19:40 . 2017-11-03 19:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A17466F6-9867-4D22-8587-1990104A53E3}\offreg.3792.dll
2017-11-03 17:51 . 2017-11-03 17:51 -------- d-----w- c:\program files\HitmanPro
2017-11-03 17:51 . 2017-11-03 17:55 -------- d-----w- c:\programdata\HitmanPro
2017-11-03 16:50 . 2017-11-03 16:50 11282328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A17466F6-9867-4D22-8587-1990104A53E3}\mpengine.dll
2017-11-03 16:30 . 2017-11-07 12:41 -------- d-sh--w- c:\windows\Installer
2017-11-03 16:29 . 2017-11-06 12:16 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2017-11-03 16:24 . 2017-11-04 12:57 -------- d-----w- c:\program files\Mozilla Maintenance Service
2017-11-03 16:14 . 2017-11-01 06:54 59896 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-11-03 16:14 . 2017-11-03 16:14 -------- d-----w- c:\programdata\Malwarebytes
2017-11-03 16:14 . 2017-11-03 16:14 -------- d-----w- c:\program files\Malwarebytes
2017-11-03 11:49 . 2017-11-03 11:49 -------- d-----w- c:\programdata\IDM
2017-11-03 11:49 . 2017-11-06 17:53 -------- d-----w- c:\program files\Internet Download Manager
2017-11-03 11:45 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2017-11-03 11:45 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2017-11-03 11:45 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2017-11-03 11:45 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2017-11-03 11:45 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2017-11-03 11:45 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2017-11-03 11:45 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2017-11-03 11:45 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2017-11-03 11:45 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2017-11-03 11:45 . 2017-11-06 18:49 -------- d-----w- c:\users\AhmedBakr
2017-11-03 11:44 . 2017-11-03 11:44 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-03 21:56 . 2016-12-22 05:13 62168 ----a-w- c:\windows\system32\drivers\klbackupdisk.sys
2017-11-03 21:56 . 2016-12-27 05:57 75992 ----a-w- c:\windows\system32\drivers\klbackupflt.sys
2017-11-03 21:56 . 2017-06-22 04:58 229592 ----a-w- c:\windows\system32\drivers\klhk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0E2877D3-2641-4970-B794-A553E295428D}]
2017-11-03 21:18 1150312 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ieext\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4853DF44-7D6B-48E9-9258-D800EEE54AF6}"= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll" [2017-11-03 1150312]
.
[HKEY_CLASSES_ROOT\clsid\{4853df44-7d6b-48e9-9258-d800eee54af6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2017-11-06 4035696]
"nvda"="c:\program files\NVDA\nvda.exe" [2017-08-24 65112]
.
c:\users\AhmedBakr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
infovox3B.M.T.lnk - c:\program files\infovox3B.M.T\INFOVOX3.EXE [2017-11-6 211800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2017-08-25 12:38 27832272 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVP18.0.0;ÎÏãÉ Kaspersky Anti-Virus 17.0.0;c:\program files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [2017-01-24 354672]
R2 KSDE2.0.0;Kaspersky Secure Connection ÎÏãÉ 2.0.0;c:\program files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [2017-01-24 354672]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-11-01 4563920]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2017-11-03 113624]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-07-18 317408]
S0 cm_km;AO Kaspersky Lab Cryptographic Module x86 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys [2016-12-26 176864]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys [2017-11-03 62168]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys [2017-11-03 75992]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys [2017-11-03 229592]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2016-10-11 49744]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys [2017-06-22 45552]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2017-06-22 75760]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys [2017-06-22 117744]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2017-06-22 165056]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\cmw_srv.exe [2017-09-11 53168]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2017-08-05 149224]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys [2016-05-31 69000]
S3 AFTrafMgr1.3;AFTrafMgr1.3;c:\program files\Hotspot Shield\bin\TrafMgr_1_3_32.sys [2017-09-07 57736]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2017-11-03 164056]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2016-12-23 50400]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2016-12-07 51424]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys [2016-06-06 48056]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2016-01-13 36968]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*Deregistered* - aswMBR
*Deregistered* - aswVmm
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-11-07 12:40 1509208 ----a-w- c:\program files\Google\Chrome\Application\62.0.3202.89\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\AhmedBakr\AppData\Roaming\Mozilla\Firefox\Profiles\t27dskka.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-11-07 17:13:29
ComboFix-quarantined-files.txt 2017-11-07 15:13
.
Pre-Run: 34,235,723,776 bytes free
Post-Run: 34,253,987,840 bytes free
.
- - End Of File - - 882794065968790F31CAE92D985E6A48
A36C5E4F47E84449FF07ED3517B43A31