cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-05-13.01 - farid 13/05/2015 22:41:31.1.4 - x64
Microsoft Windows�7 �dition Int�grale 6.1.7600.0.1252.33.1036.18.3985.1626 [GMT 2:00]
Lanc� depuis: c:\users\farid\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
AV: ZoneAlarm Antivirus *Disabled/Outdated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Outdated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ma-config.com
c:\program files (x86)\ma-config.com\config.xml
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\Logs\npapi.txt
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\server.pem
c:\windows\certutil.log
c:\windows\wininit.ini
H:\Setup.exe
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-04-13 au 2015-05-13 ))))))))))))))))))))))))))))))))))))
.
.
2015-05-12 17:11 . 2015-05-13 19:40 -------- d-----w- c:\programdata\RpData
2015-05-11 21:14 . 2015-05-11 21:14 -------- d--h--w- c:\windows\system32\GroupPolicy
2015-05-10 19:02 . 2015-05-11 20:27 -------- d-----w- c:\programdata\BCloudScan_exe
2015-05-10 17:46 . 2015-05-13 18:05 -------- d-----w- c:\users\farid\AppData\Roaming\Baidu
2015-05-10 17:46 . 2015-05-10 17:46 -------- d-----w- c:\program files (x86)\baidu
2015-05-10 17:09 . 2015-05-10 17:09 14501 ----a-w- c:\programdata\Duplicaterecord.js
2015-05-10 17:09 . 2015-05-13 18:05 -------- d-----w- c:\programdata\Baidu
2015-05-10 17:08 . 2015-05-13 18:07 -------- d-----w- c:\program files (x86)\PC Faster
2015-05-10 16:47 . 2015-05-11 20:54 -------- d-----w- c:\programdata\Baidu Security
2015-05-10 16:47 . 2015-05-11 20:53 -------- d-----w- c:\program files (x86)\Baidu Security
2015-05-10 16:16 . 2015-05-10 16:16 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-05-10 16:16 . 2015-05-10 16:16 -------- d-----w- c:\windows\PCHEALTH
2015-05-09 19:52 . 2015-05-09 19:52 -------- d-----w- C:\RegBackup
2015-05-02 14:43 . 2015-05-02 14:43 -------- d-----w- c:\programdata\Doctor Web
2015-04-28 16:34 . 2015-04-28 16:34 -------- d-----w- c:\users\farid\AppData\Roaming\SuperHideIP
2015-04-28 16:34 . 2015-04-28 16:34 -------- d-----w- c:\programdata\SuperHideIP
2015-04-28 16:34 . 2015-04-28 16:44 -------- d-----w- c:\program files (x86)\SuperHideIP
2015-04-28 16:26 . 2015-04-28 16:26 -------- d-----w- c:\users\farid\AppData\Roaming\PlatinumHideIP
2015-04-25 16:01 . 2015-04-26 18:58 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2015-04-23 20:35 . 2015-04-26 17:38 -------- d-----w- c:\users\farid\AppData\Roaming\DAEMON Tools Lite
2015-04-23 20:35 . 2015-04-26 19:00 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2015-04-23 20:35 . 2015-04-23 20:52 -------- d-----w- c:\programdata\DAEMON Tools Lite
2015-04-23 11:50 . 2015-05-09 11:28 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2015-04-23 11:50 . 2015-05-09 11:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit
2015-04-22 17:09 . 2015-05-09 14:59 -------- d-----w- c:\users\farid\AppData\Roaming\uTorrent
2015-04-20 12:53 . 2015-04-30 15:12 195056 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-04-18 16:49 . 2015-04-19 15:53 136408 ----a-w- c:\windows\system32\drivers\21580E88.sys
2015-04-17 19:11 . 2015-04-17 19:11 -------- d-----w- c:\users\farid\AppData\Local\calibre-cache
2015-04-17 19:10 . 2015-04-17 19:16 -------- d-----w- c:\users\farid\AppData\Roaming\calibre
2015-04-17 19:09 . 2015-04-17 19:09 -------- d-----w- c:\program files (x86)\Calibre2
2015-04-17 18:31 . 2015-04-17 18:35 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7
2015-04-17 15:33 . 2015-04-17 15:33 -------- d-----w- c:\users\farid\.fontconfig
2015-04-17 15:33 . 2015-04-17 15:33 -------- d-----w- c:\users\farid\AppData\Local\Movavi
2015-04-17 15:29 . 2015-04-17 15:29 -------- d-----w- c:\programdata\Movavi
2015-04-16 15:48 . 2015-04-16 15:48 -------- d-----w- c:\program files (x86)\Comodo
2015-04-15 17:53 . 2015-05-09 11:39 -------- d-----w- c:\program files\COMODO
2015-04-15 17:49 . 2015-05-09 11:39 -------- d-----w- c:\programdata\Comodo
2015-04-14 21:16 . 2015-05-07 17:08 -------- d-----w- C:\AdwCleaner
2015-04-14 20:33 . 2015-05-12 17:17 -------- d-----w- c:\users\farid\AppData\Local\ElevatedDiagnostics
2015-04-14 18:34 . 2015-04-14 18:35 -------- d-----w- c:\users\farid\AppData\Roaming\Synthesia
2015-04-14 18:27 . 2015-04-17 18:36 -------- d-----w- c:\program files (x86)\Synthesia
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-13 19:16 . 2015-02-24 17:22 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-01 09:54 . 2015-04-12 19:31 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-26 17:53 . 2015-02-24 17:22 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-26 17:53 . 2015-02-24 17:22 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-26 17:53 . 2015-02-24 17:22 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-23 20:36 . 2014-12-20 12:42 381440 ----a-w- c:\windows\system32\drivers\sptd.sys
2015-04-14 20:12 . 2015-01-10 14:20 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 20:12 . 2015-01-10 14:20 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-09 16:41 . 2015-04-09 16:41 136408 ----a-w- c:\windows\system32\drivers\213E499B.sys
2015-04-09 16:41 . 2015-04-09 16:41 136408 ----a-w- c:\windows\system32\drivers\29694974.sys
2015-04-05 17:56 . 2015-04-05 16:41 136408 ----a-w- c:\windows\system32\drivers\44BC10F9.sys
2015-03-27 11:54 . 2015-03-27 11:54 136408 ----a-w- c:\windows\system32\drivers\1C7E75B8.sys
2015-03-20 09:58 . 2015-03-20 09:33 12089064 ----a-w- c:\users\farid\AppData\Roaming\Microsoft\Windows\Templates\iTunes12x64Patch.exe
2015-03-20 08:14 . 2015-03-19 13:06 129752 ----a-w- c:\windows\system32\drivers\04903BCC.sys
2015-02-28 17:26 . 2015-02-28 17:26 129752 ----a-w- c:\windows\system32\drivers\1F1936BD.sys
2015-02-27 16:40 . 2015-02-27 16:40 129752 ----a-w- c:\windows\system32\drivers\32B04566.sys
2015-02-26 17:56 . 2015-02-26 16:41 129752 ----a-w- c:\windows\system32\drivers\24DF77DE.sys
2015-02-21 16:36 . 2015-02-21 15:32 793800 ----a-w- c:\windows\system32\drivers\klif.sys
2015-02-21 16:36 . 2015-02-21 15:32 141320 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-02-15 08:20 . 2015-02-15 08:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C852DCE-69C7-4D1A-8824-E67C8BD2D73D}\offreg.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.20563] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.20500] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16404] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[-] 2009-07-14 . B6E7FEE1CAE4895CC6C644F0244F7591 . 2868224 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2009-07-14 . B6E7FEE1CAE4895CC6C644F0244F7591 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[-] 2009-07-14 . B6E7FEE1CAE4895CC6C644F0244F7591 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bienvenue"="c:\windows\system32\OobeFldr.dll" [2009-07-14 859648]
"WiFi Protector"="c:\program files (x86)\WiFi Protector\WiFiProtLauncher.exe" [2014-11-25 778256]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-03-25 7806232]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-05-01 3898960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB Security"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2011-01-31 623520]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-04-24 137352]
"Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [2015-03-06 778752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP3000 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB3LAD.EXE [2014-12-31 62176]
Who Is On My Wifi.lnk - c:\program files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe [2015-1-6 568320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\PC Faster\PCFApiUtil64.sys;c:\program files (x86)\PC Faster\PCFApiUtil64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SparkUpdater;Baidu Spark Updater;c:\program files (x86)\Baidu\SparkUpdate\Sparkupdate.exe;c:\program files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MaConfigAgent;Ma-Config Agent;c:\program files\ma-config.com\MaConfigAgent.exe;c:\program files\ma-config.com\MaConfigAgent.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PP Assistant Service;PP Assistant Service;c:\program files (x86)\PP??2.0\adevicehelpersvr.exe;c:\program files (x86)\PP??2.0\adevicehelpersvr.exe [x]
S2 SparkSvc;Baidu Spark Service;c:\program files (x86)\baidu\Baidu Browser\sparkservice.exe;c:\program files (x86)\baidu\Baidu Browser\sparkservice.exe [x]
S2 wifiProtService;WiFi Protector Service;c:\program files (x86)\WiFi Protector\wifiProtService.exe;c:\program files (x86)\WiFi Protector\wifiProtService.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tapwp01;TAP-Windows Adapter V9 (WiFi Protector);c:\windows\system32\DRIVERS\tapwp01.sys;c:\windows\SYSNATIVE\DRIVERS\tapwp01.sys [x]
.
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - MA-CONFIG_AMD64
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - ma-config_amd64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
QQLiveService REG_MULTI_SZ QQLiveService
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-09 12:11 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2015-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-10 20:12]
.
2015-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-20 13:52]
.
2015-05-13 c:\windows\Tasks\iToolsDaemon.job
- c:\program files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2015-03-20 15:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:17 2334928 ----a-w- c:\progra~1\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:17 2334928 ----a-w- c:\progra~1\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:17 2334928 ----a-w- c:\progra~1\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-04-09 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-04-09 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-04-09 442352]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-09-29 13677784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
.
------- Examen suppl�mentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://fr.yahoo.com?fr=fp-comodo
uDefault_Search_URL = hxxp://www.google.com/keyword/%s
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
IE: &Envoyer � OneNote - c:\progra~1\Microsoft Office\Office15\ONBttnIE.dll/105
IE: Ajouter � l'Anti-banni�re - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
IE: Download ALL with IDA
IE: Download remotely with IDA
IE: Download with IDA
IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\Office15\EXCEL.EXE/3000
IE: T�l�charger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: T�l�charger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
Trusted Zone: com\*.Wondershare
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
TCP: DhcpNameServer = 208.67.222.222 8.8.8.8
TCP: Interfaces\{15FB8D9C-CF0F-4ED3-95F7-9B51E49F15D0}: NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\farid\AppData\Roaming\Mozilla\Firefox\Profiles\2orhhsjo.default\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-BsScanner
ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - c:\program files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll
AddRemove-PP??2.0 Win? - c:\program files (x86)\PP??2.0\uninst.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1296536032-2034599267-72910418-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):b9,4b,4b,4b,22,be,ce,39,9f,c6,1d,9a,6b,dd,8a,72,f7,56,75,ea,85,
c5,97,fb,45,d1,a0,bf,ed,86,53,2b,a5,57,c9,6f,34,f8,35,44,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1296536032-2034599267-72910418-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):cf,0b,39,78,3a,2d,36,3e,3a,c6,52,15,67,32,5e,80,97,3a,9d,ee,ca,
e7,47,94,ed,d3,c3,4c,8f,90,2e,6f,16,ce,de,63,3b,b2,7a,18,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1296536032-2034599267-72910418-1000_Classes\Wow6432Node\CLSID\{80405d2d-0dd4-41be-ac4e-846fad53f136}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000003d
"Therad"=dword:00000012
.
[HKEY_USERS\S-1-5-21-1296536032-2034599267-72910418-1000_Classes\Wow6432Node\CLSID\{9a54ec8c-6b9e-48c0-9015-b83a84069a38}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000011
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,1f,74,24,6a,94,13,e2,f9,cc,6f,28,ee,4b,a8,6b,4e,67,04,ca,df,6d,0f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-05-13 22:47:38
ComboFix-quarantined-files.txt 2015-05-13 20:47
.
Avant-CF: 120�769�454�080 octets libres
Apr�s-CF: 120�622�927�872 octets libres
.
- - End Of File - - DDE56DC54C9E9709F04F2FDE2EFEF57D
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité