cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-05-09.01 - alffrha 05/12/2015 8:58.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1256.966.1033.18.3071.2260 [GMT 3:00]
Running from: G:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1408528062.1032.bin
c:\programdata\1408528062.1172.bin
c:\programdata\1408528062.2040.bin
c:\programdata\1408528062.2984.bin
c:\programdata\1408528062.3256.bin
c:\programdata\1408528062.3276.bin
c:\programdata\1408528062.3396.bin
c:\programdata\1408528062.3496.bin
c:\programdata\1408528062.3548.bin
c:\programdata\1408528062.3644.bin
c:\programdata\1408528062.728.bin
c:\programdata\1408528062.760.bin
c:\programdata\1409855984.bdinstall.bin
c:\programdata\1410070688.bdinstall.bin
c:\programdata\1427400517.bdinstall.bin
c:\programdata\Local Settings\Temp
c:\programdata\Local Settings\Temp\ccimkzivi.exe
c:\windows\Downloaded Program Files\755263
c:\windows\Downloaded Program Files\895102
c:\windows\system32\tmp96C3.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_NETHFDRV
-------\Legacy_NPF
-------\Service_bd0001
-------\Service_bd0002
.
.
((((((((((((((((((((((((( Files Created from 2015-04-12 to 2015-05-12 )))))))))))))))))))))))))))))))
.
.
2015-05-12 06:05 . 2015-05-12 06:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-05-12 06:05 . 2015-05-12 06:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-12 05:48 . 2015-05-12 05:48 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F67D3AB2-AF3E-4283-A589-22FE2F84EE71}\offreg.dll
2015-05-07 09:49 . 2015-05-07 09:49 -------- d-----w- c:\users\alffrha\AppData\Local\ElevatedDiagnostics
2015-04-13 18:53 . 2015-04-13 18:53 -------- d-----w- C:\found.001
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase0Sync]
@="{63D48440-63AB-44D0-B323-4731DFCDE9E9}"
[HKEY_CLASSES_ROOT\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9}]
2014-07-09 17:06 1283872 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase1Modified]
@="{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}"
[HKEY_CLASSES_ROOT\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}]
2014-07-09 17:06 1283872 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase2Error]
@="{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}"
[HKEY_CLASSES_ROOT\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}]
2014-07-09 17:06 1283872 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase3Shared]
@="{AF8D197E-7022-4c3d-BD88-68AD35C9C169}"
[HKEY_CLASSES_ROOT\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169}]
2014-07-09 17:06 1283872 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-03-11 3301376]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-04-01 4616984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
R2 BDSafeBrowser;BDSafeBrowser;c:\windows\system32\DRIVERS\BDSafeBrowser.sys [2014-11-23 62664]
R2 BDSGRTP;BDSGRTP Service;c:\program files\Common Files\Baidu\BaiduProtect1.3\1.3.0.622\BaiduProtect.exe [2014-11-23 1935976]
R2 ContextualFormatShareware;ContextualFormatShareware;c:\windows\system32\ContextualFormatShareware\ContextualFormatShareware.exe [2014-09-15 60965]
R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2014-08-04 1351360]
R3 WatAdminSvc;���� Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-08-16 1343400]
S0 pmfilt;pmfilt;c:\windows\system32\drivers\pmfilt.sys [2003-09-18 10112]
S0 pmhelp;pmhelp;c:\windows\system32\drivers\pmhelp.sys [2003-09-18 48672]
S0 R592;R592;c:\windows\system32\DRIVERS\R592.sys [2004-01-18 54912]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
S1 bd0004;bd0004;c:\windows\system32\DRIVERS\bd0004.sys [2014-11-23 183112]
S1 BDMWrench;BDMWrench;c:\windows\system32\DRIVERS\BDMWrench.sys [2014-12-08 229712]
S1 VCD;VCD; [x]
S2 BDArKit;BDArKit;c:\windows\system32\DRIVERS\BDArKit.sys [2014-12-13 140104]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-01-25 85768]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
S2 SparkSvc;Baidu Spark Service;c:\program files\baidu\Spark\sparkservice.exe [2014-12-14 84160]
S2 TorchCrashHandler;Torch Crash Handler;c:\users\alffrha\AppData\Local\Torch\Update\TorchCrashHandler.exe [2014-10-19 1217032]
S2 Update Box Rock;Update Box Rock;c:\program files\Box Rock\updateBoxRock.exe [2014-12-14 524008]
S2 Util Box Rock;Util Box Rock;c:\program files\Box Rock\bin\utilBoxRock.exe [2014-12-14 524008]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2011-08-08 876832]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-19 11:33]
.
2014-12-14 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2014-09-28 16:38]
.
2015-02-28 c:\windows\Tasks\SparkUpdater.job
- c:\program files\baidu\Spark\sparkupdate.exe [2014-09-03 12:38]
.
2015-03-27 c:\windows\Tasks\{67A0FDFC-5374-4931-8BED-FDBB912B3C3E}.job
- c:\users\alffrha\appdata\local\360browser\browser\application\360browser.exe [2014-10-24 02:40]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:21624
uInternet Settings,ProxyOverride = *origin.com;*ea.com;*akamaihd.net;
uSearchAssistant = hxxp://www.google.com/ie
IE: ����� ���� ������ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ����� ������ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: ����� ����� FLV ������ Internet Download Manager - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: DhcpNameServer = 185.44.107.137 8.8.8.8
FF - ProfilePath - c:\users\alffrha\AppData\Roaming\Mozilla\Firefox\Profiles\fec34p18.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.bramjnet.com/vb/
FF - prefs.js: network.proxy.type - 4
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
user_pref(extensions.autoDisableScopes,14);
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-Run-Bitdefender Wallet Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
HKU-Default-Run-Bitdefender Wallet - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
HKU-Default-Run-Bitdefender Wallet Application Agent - c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe
HKLM-Explorer_Run-27844 - c:\progra~2\LOCALS~1\Temp\ccimkzivi.exe
AddRemove-Update Service SimpleFiles - c:\program files\SimpleFilesUpdater\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,c2,f9,af,f5,92,0b,4d,9b,f5,ab,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,c2,f9,af,f5,92,0b,4d,9b,f5,ab,\
.
[HKEY_USERS\S-1-5-21-1530710148-4222055012-2640084180-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):41,ca,20,83,70,37,d8,2e,9d,a7,51,aa,e7,b1,5b,7a,2d,4a,a5,3c,4e,
18,a2,07,75,e2,55,14,e6,34,99,39,8c,d7,99,95,1e,40,20,0b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1530710148-4222055012-2640084180-1000_Classes\CLSID\{81d7fb2b-b344-4a37-80e6-e96b8de1761b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_139_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_139_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2015-05-12 09:12:00 - machine was rebooted
ComboFix-quarantined-files.txt 2015-05-12 06:11
.
Pre-Run: 10,914,848,768 bytes free
Post-Run: 10,525,319,168 bytes free
.
- - End Of File - - 1B83A448489E76B4BECAB9D05BBE76B4
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité