Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 18-08-08.01 - startimes 01/01/2019 18:09:28.1.4 - x86 NETWORK
Running from: c:\users\startimes\Downloads\ComboFix.exe
AV: ESET Security *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Pare-feu *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Security *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\startimes\AppData\Local\assembly\tmp
c:\users\startimes\AppData\Roaming\53998399-D2B8-89D9-7391-33BC7515723E
c:\users\startimes\AppData\Roaming\53998399-D2B8-89D9-7391-33BC7515723E\C85BD43C.dat
c:\windows\ST6UNST.000
c:\windows\system32\KeyGenMe.exe
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ADMIN
.
.
((((((((((((((((((((((((( Files Created from 2018-12-01 to 2019-01-01 )))))))))))))))))))))))))))))))
.
.
2018-12-31 23:03 . 2019-01-01 17:20 -------- d-----w- c:\users\startimes\AppData\Roaming\Smadav
2018-12-31 23:03 . 2018-12-31 23:30 -------- d-----w- c:\program files\SMADAV
2018-12-31 23:01 . 2019-01-01 07:57 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2018-12-31 23:01 . 2018-12-31 23:02 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2018-12-31 22:53 . 2019-01-01 07:51 24688 ----a-w- c:\windows\system32\drivers\truesight.sys
2018-12-31 19:59 . 2018-12-31 23:22 -------- d---a-w- C:\KRD2018_Data
2018-12-31 16:12 . 2019-01-01 08:30 -------- d-----w- C:\TDSSKiller_Quarantine
2018-12-31 16:05 . 2018-12-31 18:51 -------- d-----w- c:\users\startimes\AppData\Local\FSDART
2018-12-31 16:05 . 2018-12-31 16:11 -------- d-----w- c:\programdata\F-Secure
2018-12-31 15:54 . 2018-12-31 15:54 -------- d-----w- c:\programdata\Norton
2018-12-30 22:53 . 2018-12-31 15:26 -------- d-----w- c:\programdata\RogueKiller
2018-12-30 22:53 . 2018-12-31 15:26 -------- d-----w- c:\program files\RogueKiller
2018-12-30 22:42 . 2018-12-30 22:42 -------- d-----w- c:\program files\CCleaner
2018-12-30 22:28 . 2018-12-30 22:28 -------- d-----w- c:\windows\ERUNT
2018-12-30 19:23 . 2018-12-30 19:23 1179648 ----a-w- c:\windows\is-Q59TO.exe
2018-12-30 19:22 . 2018-12-30 19:22 -------- d-----w- c:\program files\Wondershare
2018-12-30 19:22 . 2018-12-30 19:22 -------- d-----w- c:\programdata\Wondershare
2018-12-29 11:49 . 2018-12-06 16:34 12051024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E9858A3-AA55-4871-9DC5-40C9EBA6D449}\mpengine.dll
2018-12-22 19:48 . 2018-12-14 06:41 498176 ----a-w- c:\windows\system32\vbscript.dll
2018-12-22 19:48 . 2018-12-14 06:18 4494848 ----a-w- c:\windows\system32\jscript9.dll
2018-12-15 12:46 . 2018-12-15 12:46 -------- d-----w- c:\program files\ESET
2018-12-08 23:06 . 2018-12-08 23:06 -------- d-----w- c:\users\startimes\AppData\Local\TheStorm.app
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-10 22:04 . 2014-12-10 23:44 499424 ------w- c:\windows\system32\MpSigStub.exe
2018-12-07 18:13 . 2015-10-26 19:12 842240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-12-07 18:13 . 2015-10-26 19:12 175104 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-12-05 01:52 . 2015-11-06 19:55 461280 ----a-w- c:\windows\system32\networkdlllsp.dll
2018-11-29 09:54 . 2018-11-29 09:54 92176 ----a-w- c:\windows\system32\drivers\edevmon.sys
2018-11-29 09:54 . 2018-11-29 09:54 124776 ----a-w- c:\windows\system32\drivers\eamonm.sys
2018-11-17 19:54 . 2018-11-17 19:54 37576 ----a-w- c:\windows\system32\drivers\Neo_0020.sys
2018-11-17 19:51 . 2018-11-17 19:51 37576 ----a-w- c:\windows\system32\drivers\Neo_0080.sys
2018-11-16 15:42 . 2018-11-16 15:42 149688 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2018-11-11 01:11 . 2018-11-14 15:32 171008 ----a-w- c:\windows\system32\winsrv.dll
2018-11-11 01:10 . 2018-11-14 15:32 380928 ----a-w- c:\windows\system32\rpcss.dll
2018-11-11 01:10 . 2018-11-14 15:32 26112 ----a-w- c:\windows\system32\oleres.dll
2018-11-11 01:10 . 2018-11-14 15:32 1425920 ----a-w- c:\windows\system32\ole32.dll
2018-11-11 01:10 . 2018-11-14 15:32 294400 ----a-w- c:\windows\system32\KernelBase.dll
2018-11-11 01:09 . 2018-11-14 15:32 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-11 00:47 . 2018-11-14 15:32 7168 ----a-w- c:\windows\system32\comcat.dll
2018-11-11 00:43 . 2018-11-14 15:32 271360 ----a-w- c:\windows\system32\conhost.exe
2018-11-11 00:40 . 2018-11-14 15:32 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-11 00:40 . 2018-11-14 15:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-11 00:40 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-11 00:40 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-08 20:09 . 2016-09-12 03:26 54240 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2018-10-27 03:27 . 2018-11-14 15:32 121856 ----a-w- c:\windows\system32\wshom.ocx
2018-10-27 03:27 . 2018-11-14 15:32 173568 ----a-w- c:\windows\system32\scrobj.dll
2018-10-27 03:27 . 2018-11-14 15:32 164352 ----a-w- c:\windows\system32\scrrun.dll
2018-10-27 03:04 . 2018-11-14 15:32 141824 ----a-w- c:\windows\system32\wscript.exe
2018-10-27 03:04 . 2018-11-14 15:32 126976 ----a-w- c:\windows\system32\cscript.exe
2018-10-27 03:04 . 2018-11-14 15:32 15360 ----a-w- c:\windows\system32\dispex.dll
2018-10-27 03:04 . 2018-11-14 15:32 25088 ----a-w- c:\windows\system32\wshcon.dll
2018-10-17 14:37 . 2018-10-17 14:37 94712 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2018-10-17 14:37 . 2018-10-17 14:37 72912 ----a-w- c:\windows\system32\drivers\epfw.sys
2018-10-17 14:37 . 2018-10-17 14:37 43816 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2018-10-17 14:37 . 2018-10-17 14:37 149192 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2018-10-06 13:42 . 2018-11-14 15:32 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DiskEncIcon]
@="{6C7EF34C-32F2-4320-A0FF-9C745E84ADC4}"
[HKEY_CLASSES_ROOT\CLSID\{6C7EF34C-32F2-4320-A0FF-9C745E84ADC4}]
2013-06-03 02:28 2396160 ----a-w- c:\program files\KernSafe\TotalMounter Pro\TotalMounterShl64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DiskEncIcon2]
@="{16D58894-02FD-45C1-94BD-EEF252E35040}"
[HKEY_CLASSES_ROOT\CLSID\{16D58894-02FD-45C1-94BD-EEF252E35040}]
2013-06-03 02:28 2396160 ----a-w- c:\program files\KernSafe\TotalMounter Pro\TotalMounterShl64.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2018-11-16 4042808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2018-11-29 169616]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2018-08-29 2480336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"{264A07C5-6D82-4BDB-98B4-FC38204B66CA}"="start" [X]
"{2A572D2F-AB35-4B54-923C-08BFA35180FF}"="start" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2018-11-29 124776]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2018-10-17 149192]
R1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2018-10-17 94712]
R1 YSDrv;VBox Support Driver;c:\program files\Bignox\BigNoxVM\RT\YSDrv.sys [2018-12-30 220432]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2015-09-11 224776]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2013-11-27 3105144]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe [2018-11-29 1833552]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2014-07-09 98304]
R2 FLEXnet License Server;FLEXnet License Server;c:\program files\Common Files\Leica Geosystems\License-Server\lmgrd.exe [2016-11-28 1396200]
R2 HideIPLaucherService;HideIPLaucherService;c:\program files\Hide ALL IP\LauncherService.exe [2018-09-20 510496]
R2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2018-11-16 149688]
R2 iVolume;iVolume;c:\windows\system32\Drivers\ivolume.sys [2013-12-11 69424]
R2 lgs-clmrdsvr;CLM Remote Daemon (svr);c:\program files\Leica Geosystems\CLM-Administration\clmrdsvr.exe [2017-04-18 4198224]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [2018-08-29 152272]
R2 MediatekRegistryWriter;MediatekRegistryWriter;c:\program files\MediatekWiFi\Common\RaRegistry.exe [2014-12-04 405136]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2014-04-08 383264]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2013-01-09 293216]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2016-03-01 87568]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-02 15768]
R3 da8def3f1424bf6d;da8def3f1424bf6d;c:\users\startimes\Desktop\QUnpack32\86d26f9b41dece64.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2017-06-19 24424]
R3 DFX12;DFX Audio Enhancer;c:\windows\system32\drivers\dfx12.sys [2017-06-19 26104]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ekrnEpfw;ESET Firewall Helper;c:\program files\ESET\ESET Security\ekrn.exe [2018-11-29 1833552]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [x]
R3 fengyue0;fengyue0;e:\dz-soft\Dz-Haker\Hunter\SM-Debug\plugin\fengyue0.sys [x]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2014-07-09 3813376]
R3 FXDrv32;FXDrv32;E:\FXDrv32.sys [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 375776]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2018-12-14 104960]
R3 mila;mila;c:\users\startimes\Desktop\Shadow_Ollydbg\Plugin\mila.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2016-03-28 18944]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2015-11-19 1731416]
R3 qcusbnet;Qualcomm USB-NDIS miniport;c:\windows\system32\DRIVERS\qcusbnet.sys [2017-03-15 366136]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2017-03-15 216632]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2013-09-09 46096]
R3 smplg;smplg;c:\xdvb\Plugins\smplg.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-10-02 26880]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 Tuts4you;Tuts4you;c:\users\startimes\Desktop\Ollydbg working for LCF-AT script\Plugin\Tuts4you.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-07-16 119952]
R3 XDva513;XDva513;c:\windows\system32\XDva513.sys [x]
R3 XDva514;XDva514;c:\windows\system32\XDva514.sys [x]
R3 XDva536;XDva536;c:\windows\system32\XDva536.sys [x]
R3 xetram;xetram;c:\users\STARTI~1\AppData\Local\Temp\xetram.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys [2018-11-29 92176]
S1 EpfwLWF;ESET Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2018-11-08 54240]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2018-10-17 43816]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-20 273448]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0020.sys [2018-11-17 37576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-12-18 15:45 2100192 ----a-w- c:\program files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:NewsFeed
uInternet Settings,ProxyOverride = *.local
IE: ÅÑ&ÓÇá Åáì OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
Trusted Zone: localhost
TCP: Interfaces\{09A36AB7-2B1A-4B64-B374-32F2CA4DC3E1}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{09A36AB7-2B1A-4B64-B374-32F2CA4DC3E1}\44A414755424F524141443: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{09A36AB7-2B1A-4B64-B374-32F2CA4DC3E1}\85730235: DhcpNameServer = 192.168.43.1
TCP: Interfaces\{3FCBB588-B330-46F4-88BD-F078883675E1}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\startimes\AppData\Roaming\Mozilla\Firefox\Profiles\nevq75jd.default-1538746993289\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
HKLM-RunOnce-SymInstallStub - c:\users\STARTI~1\AppData\Local\Temp\7zS8A35.tmp\SymInstallStub.exe
SafeBoot-30112097.sys
SafeBoot-65961412.sys
SafeBoot-MBAMService
AddRemove-Nokia PC Suite - c:\programdata\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\nokia-pc-suite_7-1-180-94_fr_28522.exe
AddRemove-{3bcf8c72-b231-4d28-9f39-3405c22d8b5a} - c:\programdata\Package Cache\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}\vcredist_x86.exe
AddRemove-{4549ceb8-695a-42eb-a183-4820d542a15f} - c:\programdata\Package Cache\{4549ceb8-695a-42eb-a183-4820d542a15f}\vcredist_x86.exe
AddRemove-{8e70e4e1-06d7-470b-9f74-a51bef21088e} - c:\programdata\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{cd09eea6-d0b3-4246-bb80-e047ceadf61f} - c:\programdata\Package Cache\{cd09eea6-d0b3-4246-bb80-e047ceadf61f}\vs_ultimate.exe
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,91,55,9c,00,44,2a,4e,bd,99,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,91,55,9c,00,44,2a,4e,bd,99,25,\
.
[HKEY_USERS\S-1-5-21-2350992436-3413861381-2557407480-1003\Software\SecuROM\License information*]
"datasecu"=hex:7c,37,e1,75,82,75,72,92,a5,af,24,e9,56,0f,30,88,75,4a,90,ae,67,
8e,2c,8a,7e,08,fe,86,e6,0b,7d,9c,a6,74,5d,0e,e5,88,fa,b2,ed,3f,8b,80,4f,9f,\
"rkeysecu"=hex:fb,6f,a7,34,1e,1d,9f,8c,96,71,a5,aa,ec,a9,99,41
.
[HKEY_USERS\S-1-5-21-2350992436-3413861381-2557407480-1003_Classes\CLSID\{545d7480-21cf-4e80-9c70-8473644ba4f4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000066
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-2350992436-3413861381-2557407480-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):fa,6b,12,75,21,d9,e5,dd,30,c0,6b,26,46,9f,17,48,57,2b,d1,66,c8,
50,1f,6f,31,9a,88,2b,4c,76,3f,1e,a3,80,94,8d,64,5b,0f,a5,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2350992436-3413861381-2557407480-1003_Classes\CLSID\{df58ef57-0cc4-43e9-9dd7-49a6883de58b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e9
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-2350992436-3413861381-2557407480-1003_Classes\CLSID\{e959cb9a-f3a5-470d-a63f-196216c66087}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011f
"Therad"=dword:00000015
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1044)
c:\program files\KernSafe\TotalMounter Pro\TotalMounterShl64.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2019-01-01 19:35:15 - machine was rebooted
ComboFix-quarantined-files.txt 2019-01-01 18:35
.
Pre-Run: 18 625 208 320 octets libres
Post-Run: 18 288 377 856 octets libres
.
- - End Of File - - EBC2C7155423F9E9D621458FA6074446
A36C5E4F47E84449FF07ED3517B43A31
Running from: c:\users\startimes\Downloads\ComboFix.exe
AV: ESET Security *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Pare-feu *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Security *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\startimes\AppData\Local\assembly\tmp
c:\users\startimes\AppData\Roaming\53998399-D2B8-89D9-7391-33BC7515723E
c:\users\startimes\AppData\Roaming\53998399-D2B8-89D9-7391-33BC7515723E\C85BD43C.dat
c:\windows\ST6UNST.000
c:\windows\system32\KeyGenMe.exe
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ADMIN
.
.
((((((((((((((((((((((((( Files Created from 2018-12-01 to 2019-01-01 )))))))))))))))))))))))))))))))
.
.
2018-12-31 23:03 . 2019-01-01 17:20 -------- d-----w- c:\users\startimes\AppData\Roaming\Smadav
2018-12-31 23:03 . 2018-12-31 23:30 -------- d-----w- c:\program files\SMADAV
2018-12-31 23:01 . 2019-01-01 07:57 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2018-12-31 23:01 . 2018-12-31 23:02 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2018-12-31 22:53 . 2019-01-01 07:51 24688 ----a-w- c:\windows\system32\drivers\truesight.sys
2018-12-31 19:59 . 2018-12-31 23:22 -------- d---a-w- C:\KRD2018_Data
2018-12-31 16:12 . 2019-01-01 08:30 -------- d-----w- C:\TDSSKiller_Quarantine
2018-12-31 16:05 . 2018-12-31 18:51 -------- d-----w- c:\users\startimes\AppData\Local\FSDART
2018-12-31 16:05 . 2018-12-31 16:11 -------- d-----w- c:\programdata\F-Secure
2018-12-31 15:54 . 2018-12-31 15:54 -------- d-----w- c:\programdata\Norton
2018-12-30 22:53 . 2018-12-31 15:26 -------- d-----w- c:\programdata\RogueKiller
2018-12-30 22:53 . 2018-12-31 15:26 -------- d-----w- c:\program files\RogueKiller
2018-12-30 22:42 . 2018-12-30 22:42 -------- d-----w- c:\program files\CCleaner
2018-12-30 22:28 . 2018-12-30 22:28 -------- d-----w- c:\windows\ERUNT
2018-12-30 19:23 . 2018-12-30 19:23 1179648 ----a-w- c:\windows\is-Q59TO.exe
2018-12-30 19:22 . 2018-12-30 19:22 -------- d-----w- c:\program files\Wondershare
2018-12-30 19:22 . 2018-12-30 19:22 -------- d-----w- c:\programdata\Wondershare
2018-12-29 11:49 . 2018-12-06 16:34 12051024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E9858A3-AA55-4871-9DC5-40C9EBA6D449}\mpengine.dll
2018-12-22 19:48 . 2018-12-14 06:41 498176 ----a-w- c:\windows\system32\vbscript.dll
2018-12-22 19:48 . 2018-12-14 06:18 4494848 ----a-w- c:\windows\system32\jscript9.dll
2018-12-15 12:46 . 2018-12-15 12:46 -------- d-----w- c:\program files\ESET
2018-12-08 23:06 . 2018-12-08 23:06 -------- d-----w- c:\users\startimes\AppData\Local\TheStorm.app
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-10 22:04 . 2014-12-10 23:44 499424 ------w- c:\windows\system32\MpSigStub.exe
2018-12-07 18:13 . 2015-10-26 19:12 842240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-12-07 18:13 . 2015-10-26 19:12 175104 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-12-05 01:52 . 2015-11-06 19:55 461280 ----a-w- c:\windows\system32\networkdlllsp.dll
2018-11-29 09:54 . 2018-11-29 09:54 92176 ----a-w- c:\windows\system32\drivers\edevmon.sys
2018-11-29 09:54 . 2018-11-29 09:54 124776 ----a-w- c:\windows\system32\drivers\eamonm.sys
2018-11-17 19:54 . 2018-11-17 19:54 37576 ----a-w- c:\windows\system32\drivers\Neo_0020.sys
2018-11-17 19:51 . 2018-11-17 19:51 37576 ----a-w- c:\windows\system32\drivers\Neo_0080.sys
2018-11-16 15:42 . 2018-11-16 15:42 149688 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2018-11-11 01:11 . 2018-11-14 15:32 171008 ----a-w- c:\windows\system32\winsrv.dll
2018-11-11 01:10 . 2018-11-14 15:32 380928 ----a-w- c:\windows\system32\rpcss.dll
2018-11-11 01:10 . 2018-11-14 15:32 26112 ----a-w- c:\windows\system32\oleres.dll
2018-11-11 01:10 . 2018-11-14 15:32 1425920 ----a-w- c:\windows\system32\ole32.dll
2018-11-11 01:10 . 2018-11-14 15:32 294400 ----a-w- c:\windows\system32\KernelBase.dll
2018-11-11 01:09 . 2018-11-14 15:32 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-11-11 01:09 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-11-11 00:47 . 2018-11-14 15:32 7168 ----a-w- c:\windows\system32\comcat.dll
2018-11-11 00:43 . 2018-11-14 15:32 271360 ----a-w- c:\windows\system32\conhost.exe
2018-11-11 00:40 . 2018-11-14 15:32 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-11-11 00:40 . 2018-11-14 15:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-11-11 00:40 . 2018-11-14 15:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-11-11 00:40 . 2018-11-14 15:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-11-08 20:09 . 2016-09-12 03:26 54240 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2018-10-27 03:27 . 2018-11-14 15:32 121856 ----a-w- c:\windows\system32\wshom.ocx
2018-10-27 03:27 . 2018-11-14 15:32 173568 ----a-w- c:\windows\system32\scrobj.dll
2018-10-27 03:27 . 2018-11-14 15:32 164352 ----a-w- c:\windows\system32\scrrun.dll
2018-10-27 03:04 . 2018-11-14 15:32 141824 ----a-w- c:\windows\system32\wscript.exe
2018-10-27 03:04 . 2018-11-14 15:32 126976 ----a-w- c:\windows\system32\cscript.exe
2018-10-27 03:04 . 2018-11-14 15:32 15360 ----a-w- c:\windows\system32\dispex.dll
2018-10-27 03:04 . 2018-11-14 15:32 25088 ----a-w- c:\windows\system32\wshcon.dll
2018-10-17 14:37 . 2018-10-17 14:37 94712 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2018-10-17 14:37 . 2018-10-17 14:37 72912 ----a-w- c:\windows\system32\drivers\epfw.sys
2018-10-17 14:37 . 2018-10-17 14:37 43816 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2018-10-17 14:37 . 2018-10-17 14:37 149192 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2018-10-06 13:42 . 2018-11-14 15:32 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DiskEncIcon]
@="{6C7EF34C-32F2-4320-A0FF-9C745E84ADC4}"
[HKEY_CLASSES_ROOT\CLSID\{6C7EF34C-32F2-4320-A0FF-9C745E84ADC4}]
2013-06-03 02:28 2396160 ----a-w- c:\program files\KernSafe\TotalMounter Pro\TotalMounterShl64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DiskEncIcon2]
@="{16D58894-02FD-45C1-94BD-EEF252E35040}"
[HKEY_CLASSES_ROOT\CLSID\{16D58894-02FD-45C1-94BD-EEF252E35040}]
2013-06-03 02:28 2396160 ----a-w- c:\program files\KernSafe\TotalMounter Pro\TotalMounterShl64.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2018-11-16 4042808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2018-11-29 169616]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2018-08-29 2480336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"{264A07C5-6D82-4BDB-98B4-FC38204B66CA}"="start" [X]
"{2A572D2F-AB35-4B54-923C-08BFA35180FF}"="start" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2018-11-29 124776]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2018-10-17 149192]
R1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2018-10-17 94712]
R1 YSDrv;VBox Support Driver;c:\program files\Bignox\BigNoxVM\RT\YSDrv.sys [2018-12-30 220432]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2015-09-11 224776]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2013-11-27 3105144]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe [2018-11-29 1833552]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2014-07-09 98304]
R2 FLEXnet License Server;FLEXnet License Server;c:\program files\Common Files\Leica Geosystems\License-Server\lmgrd.exe [2016-11-28 1396200]
R2 HideIPLaucherService;HideIPLaucherService;c:\program files\Hide ALL IP\LauncherService.exe [2018-09-20 510496]
R2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2018-11-16 149688]
R2 iVolume;iVolume;c:\windows\system32\Drivers\ivolume.sys [2013-12-11 69424]
R2 lgs-clmrdsvr;CLM Remote Daemon (svr);c:\program files\Leica Geosystems\CLM-Administration\clmrdsvr.exe [2017-04-18 4198224]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [2018-08-29 152272]
R2 MediatekRegistryWriter;MediatekRegistryWriter;c:\program files\MediatekWiFi\Common\RaRegistry.exe [2014-12-04 405136]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2014-04-08 383264]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2013-01-09 293216]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2016-03-01 87568]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-02 15768]
R3 da8def3f1424bf6d;da8def3f1424bf6d;c:\users\startimes\Desktop\QUnpack32\86d26f9b41dece64.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1.sys [2017-06-19 24424]
R3 DFX12;DFX Audio Enhancer;c:\windows\system32\drivers\dfx12.sys [2017-06-19 26104]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ekrnEpfw;ESET Firewall Helper;c:\program files\ESET\ESET Security\ekrn.exe [2018-11-29 1833552]
R3 fdrawcmd;Low-level Floppy Driver;c:\windows\system32\drivers\fdrawcmd.sys [x]
R3 fengyue0;fengyue0;e:\dz-soft\Dz-Haker\Hunter\SM-Debug\plugin\fengyue0.sys [x]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2014-07-09 3813376]
R3 FXDrv32;FXDrv32;E:\FXDrv32.sys [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 375776]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2018-12-14 104960]
R3 mila;mila;c:\users\startimes\Desktop\Shadow_Ollydbg\Plugin\mila.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2016-03-28 18944]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2015-11-19 1731416]
R3 qcusbnet;Qualcomm USB-NDIS miniport;c:\windows\system32\DRIVERS\qcusbnet.sys [2017-03-15 366136]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2017-03-15 216632]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2013-09-09 46096]
R3 smplg;smplg;c:\xdvb\Plugins\smplg.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-10-02 26880]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 Tuts4you;Tuts4you;c:\users\startimes\Desktop\Ollydbg working for LCF-AT script\Plugin\Tuts4you.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys [2016-07-16 119952]
R3 XDva513;XDva513;c:\windows\system32\XDva513.sys [x]
R3 XDva514;XDva514;c:\windows\system32\XDva514.sys [x]
R3 XDva536;XDva536;c:\windows\system32\XDva536.sys [x]
R3 xetram;xetram;c:\users\STARTI~1\AppData\Local\Temp\xetram.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys [2018-11-29 92176]
S1 EpfwLWF;ESET Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2018-11-08 54240]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2018-10-17 43816]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-20 273448]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0020.sys [2018-11-17 37576]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-12-18 15:45 2100192 ----a-w- c:\program files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:NewsFeed
uInternet Settings,ProxyOverride = *.local
IE: ÅÑ&ÓÇá Åáì OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
Trusted Zone: localhost
TCP: Interfaces\{09A36AB7-2B1A-4B64-B374-32F2CA4DC3E1}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{09A36AB7-2B1A-4B64-B374-32F2CA4DC3E1}\44A414755424F524141443: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{09A36AB7-2B1A-4B64-B374-32F2CA4DC3E1}\85730235: DhcpNameServer = 192.168.43.1
TCP: Interfaces\{3FCBB588-B330-46F4-88BD-F078883675E1}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\startimes\AppData\Roaming\Mozilla\Firefox\Profiles\nevq75jd.default-1538746993289\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
HKLM-RunOnce-SymInstallStub - c:\users\STARTI~1\AppData\Local\Temp\7zS8A35.tmp\SymInstallStub.exe
SafeBoot-30112097.sys
SafeBoot-65961412.sys
SafeBoot-MBAMService
AddRemove-Nokia PC Suite - c:\programdata\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\nokia-pc-suite_7-1-180-94_fr_28522.exe
AddRemove-{3bcf8c72-b231-4d28-9f39-3405c22d8b5a} - c:\programdata\Package Cache\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}\vcredist_x86.exe
AddRemove-{4549ceb8-695a-42eb-a183-4820d542a15f} - c:\programdata\Package Cache\{4549ceb8-695a-42eb-a183-4820d542a15f}\vcredist_x86.exe
AddRemove-{8e70e4e1-06d7-470b-9f74-a51bef21088e} - c:\programdata\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{cd09eea6-d0b3-4246-bb80-e047ceadf61f} - c:\programdata\Package Cache\{cd09eea6-d0b3-4246-bb80-e047ceadf61f}\vs_ultimate.exe
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,91,55,9c,00,44,2a,4e,bd,99,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,91,55,9c,00,44,2a,4e,bd,99,25,\
.
[HKEY_USERS\S-1-5-21-2350992436-3413861381-2557407480-1003\Software\SecuROM\License information*]
"datasecu"=hex:7c,37,e1,75,82,75,72,92,a5,af,24,e9,56,0f,30,88,75,4a,90,ae,67,
8e,2c,8a,7e,08,fe,86,e6,0b,7d,9c,a6,74,5d,0e,e5,88,fa,b2,ed,3f,8b,80,4f,9f,\
"rkeysecu"=hex:fb,6f,a7,34,1e,1d,9f,8c,96,71,a5,aa,ec,a9,99,41
.
[HKEY_USERS\S-1-5-21-2350992436-3413861381-2557407480-1003_Classes\CLSID\{545d7480-21cf-4e80-9c70-8473644ba4f4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000066
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-2350992436-3413861381-2557407480-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):fa,6b,12,75,21,d9,e5,dd,30,c0,6b,26,46,9f,17,48,57,2b,d1,66,c8,
50,1f,6f,31,9a,88,2b,4c,76,3f,1e,a3,80,94,8d,64,5b,0f,a5,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2350992436-3413861381-2557407480-1003_Classes\CLSID\{df58ef57-0cc4-43e9-9dd7-49a6883de58b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e9
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-2350992436-3413861381-2557407480-1003_Classes\CLSID\{e959cb9a-f3a5-470d-a63f-196216c66087}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000011f
"Therad"=dword:00000015
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1044)
c:\program files\KernSafe\TotalMounter Pro\TotalMounterShl64.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ara.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2019-01-01 19:35:15 - machine was rebooted
ComboFix-quarantined-files.txt 2019-01-01 18:35
.
Pre-Run: 18 625 208 320 octets libres
Post-Run: 18 288 377 856 octets libres
.
- - End Of File - - EBC2C7155423F9E9D621458FA6074446
A36C5E4F47E84449FF07ED3517B43A31