cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-06-27.01 - HP 30/06/2015 12:07:01.1.4 - x86
Microsoft Windows 7 Edition Intégrale 6.1.7601.1.1256.966.1033.18.2998.1820 [GMT 1:00]
Running from: c:\users\HP\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\users\HP\AppData\Roaming\sys
c:\users\HP\AppData\Roaming\sys\shine.bin
c:\users\HP\AppData\Roaming\ZHP
c:\users\HP\AppData\Roaming\ZHP\HOSTS.txt
c:\users\HP\AppData\Roaming\ZHP\Licence.txt
c:\users\HP\AppData\Roaming\ZHP\Trace.txt
c:\users\HP\AppData\Roaming\ZHP\ZHPDiag.txt
c:\users\HP\AppData\Roaming\ZHP\ZHPDiag3.exe
c:\users\HP\ZHPDiag3.exe
c:\windows\WINDOWS
c:\windows\windows\logg.dat
c:\windows\windows\rver.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-05-28 to 2015-06-30 )))))))))))))))))))))))))))))))
.
.
2015-06-30 11:12 . 2015-06-30 11:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-30 10:44 . 2015-06-30 10:45 -------- d-----w- c:\program files\ZHPFix
2015-06-30 10:34 . 2015-06-30 10:34 -------- d-----w- c:\program files\Internet Download Manager
2015-06-30 09:09 . 2015-06-30 10:29 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-30 09:09 . 2015-06-18 07:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-30 09:09 . 2015-06-30 09:09 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-06-30 09:09 . 2015-06-30 09:09 -------- d-----w- c:\programdata\Malwarebytes
2015-06-30 09:09 . 2015-06-18 07:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-30 09:09 . 2015-06-18 07:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-30 08:59 . 2015-06-30 09:01 -------- d-----w- C:\AdwCleaner
2015-06-29 23:43 . 2015-06-30 00:06 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-29 23:42 . 2015-06-29 23:57 -------- d-----w- c:\programdata\RogueKiller
2015-06-29 23:30 . 2015-06-30 10:44 -------- d-----w- c:\users\HP\AppData\Roaming\IDM
2015-06-17 09:39 . 2015-05-25 17:00 2384384 ----a-w- c:\windows\system32\win32k.sys
2015-06-08 09:05 . 2015-06-15 18:06 -------- d-----w- c:\users\HP\AppData\Roaming\FreeVideoConverter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-26 13:44 . 2015-05-19 15:58 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-06-26 13:43 . 2015-05-19 15:57 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-06-26 13:42 . 2015-05-26 07:30 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-06-25 09:44 . 2015-05-26 07:31 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-06-25 09:43 . 2015-05-26 07:30 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-06-24 16:48 . 2015-05-29 11:41 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A67A4ADF-0787-4E8B-AE0E-6CF4B1908917}\offreg.dll
2015-06-24 16:00 . 2015-05-19 15:56 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-05-20 12:55 . 2015-05-20 13:57 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-05-05 01:12 . 2015-05-19 17:08 248832 ----a-w- c:\windows\system32\schannel.dll
2015-05-01 13:16 . 2015-05-20 12:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 02:56 . 2015-05-19 17:08 909312 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-19 17:08 1250816 ----a-w- c:\windows\system32\DWrite.dll
2015-04-18 02:56 . 2015-05-19 17:08 342016 ----a-w- c:\windows\system32\certcli.dll
2015-04-13 03:19 . 2015-05-19 17:08 259072 ----a-w- c:\windows\system32\services.exe
2015-04-08 03:14 . 2015-05-19 17:30 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:14 . 2015-05-19 17:30 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-04-08 03:14 . 2015-05-19 17:30 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-04 03:10 . 2015-05-19 17:08 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-04-04 03:10 . 2015-05-19 17:08 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-04-04 03:05 . 2015-05-19 17:08 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-04-04 03:05 . 2015-05-19 17:08 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-04-04 03:05 . 2015-05-19 17:08 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-04-04 03:05 . 2015-05-19 17:08 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-04-04 03:05 . 2015-05-19 17:08 22016 ----a-w- c:\windows\system32\secur32.dll
2015-04-04 03:05 . 2015-05-19 17:08 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-04-04 03:05 . 2015-05-19 17:08 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-04-04 03:05 . 2015-05-19 17:08 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-04-04 03:05 . 2015-05-19 17:08 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-04-04 03:05 . 2015-05-19 17:08 17408 ----a-w- c:\windows\system32\credssp.dll
2015-04-04 03:04 . 2015-05-19 17:08 22528 ----a-w- c:\windows\system32\lsass.exe
2015-04-04 03:04 . 2015-05-19 17:08 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-04-04 03:01 . 2015-05-19 17:08 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-04-04 03:01 . 2015-05-19 17:08 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-04-04 02:59 . 2015-05-19 17:08 686080 ----a-w- c:\windows\system32\adtschema.dll
2014-12-16 12:39 . 2015-04-01 15:51 3886672 ----a-w- c:\program files\IDMan.exe
2012-10-09 07:26 . 2013-01-02 22:29 17950968 ----a-w- c:\program files\Firefox Setup 15.0.1.exe
2011-11-01 23:40 . 2013-01-02 22:29 24137784 ----a-w- c:\program files\chrome_installer.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-01 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-01 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-01 176408]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2011-01-31 623520]
"CancelAutoPlay_byt"="c:\program files\Mobiconnect\CancelAutoPlay_byt.exe" [2012-12-04 431432]
"UIExec"="c:\program files\Mobiconnect\UIExec.exe" [2012-12-04 157000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 01:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-12-14 21:56 138096 ----atw- c:\users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2015-05-20 14:55 3903056 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-01-28 19:56 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap]
2008-08-26 07:44 282624 ----a-w- c:\progra~1\PROXYL~1\ProxyCap\ProxyCap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-07-24 17:26 21650016 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-24 23:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-10-17 16:51 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
2009-07-12 01:32 5113430 ----a-w- c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 cpuz134;cpuz134;c:\users\HP\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-05-29 83864]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-05-23 102912]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-08-29 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-01-31 15872]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-05-29 181912]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-04 348776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IDMWFP
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-07 09:33]
.
2015-06-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-892030155-2450823676-1605038858-1000Core.job
- c:\users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 21:56]
.
2015-06-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-892030155-2450823676-1605038858-1000UA.job
- c:\users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 21:56]
.
.
------- Supplementary Scan -------
.
IE: Download Link Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_file.htm
IE: Download List Of Files Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_list.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Subscribe To RSS/Podcast Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_rss.htm
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 77.88.8.88 77.88.8.2
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\rcu9scqf.default\
FF - prefs.js: browser.startup.homepage - isco&cmpid=0615tb&pr=sa&d=2014-02-05 20:40&v=18.6.0.922&pid=safeguard&sg=0&sap=hp
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-Viber - c:\users\HP\AppData\Local\Viber\Viber.exe
AddRemove-Free Video Converter_is1 - c:\program files\Free Video Converter\unins000.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-892030155-2450823676-1605038858-1000\Software\Microsoft\Notification de cadeaux MSN]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-892030155-2450823676-1605038858-1000_Classes\CLSID\{239534b0-237a-4047-a2b1-40e9188512d4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000069
"Therad"=dword:00000022
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-892030155-2450823676-1605038858-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):db,24,4f,ba,6e,50,0b,f0,60,71,36,ac,3d,3b,30,26,56,16,48,c5,93,
41,3c,ab,c2,ae,6e,f3,f1,bc,ad,c4,8f,2e,10,e2,97,bf,00,bb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-06-30 12:13:56
ComboFix-quarantined-files.txt 2015-06-30 11:13
.
Pre-Run: 75 828 125 696 octets libres
Post-Run: 75 524 489 216 octets libres
.
- - End Of File - - B376EF44CA6D71DADE66307DC743F5A5
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité