cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-07-23.01 - user 30/07/2015 1:39.1.4 - x86
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.1911.1177 [GMT 1:00]
Lancé depuis: c:\users\user\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - Windows: deleted 24 bytes in 1 streams. [/i]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\Documents\~WRL1087.tmp
c:\users\user\ZHPDiag3.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-06-28 au 2015-07-30 ))))))))))))))))))))))))))))))))))))
.
.
2015-07-30 00:51 . 2015-07-30 00:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-29 22:37 . 2015-07-29 22:37 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2015-07-28 21:55 . 2015-07-29 21:45 -------- d-----w- C:\AdsFix
2015-07-28 20:52 . 2015-07-28 20:52 -------- d-----w- C:\found.003
2015-07-26 20:31 . 2015-07-26 20:31 -------- d-----w- c:\programdata\Agnitum
2015-07-26 14:32 . 2015-07-28 00:41 -------- d-----w- c:\users\user\AppData\Roaming\ZHP
2015-07-26 10:59 . 2015-07-26 10:59 -------- d-----w- C:\found.002
2015-07-11 02:33 . 2015-07-11 02:33 4587520 ----a-w- c:\windows\system32\GPhotos.scr
2015-07-05 00:53 . 2015-07-05 00:53 -------- d-----w- c:\users\user\AppData\Roaming\Mariaglorum
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-27 16:56 . 2014-09-28 14:02 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-17 11:16 . 2012-10-04 18:24 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-17 11:16 . 2012-01-26 19:37 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 07:41 . 2014-09-28 14:01 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41 . 2014-09-28 14:01 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41 . 2013-04-05 11:17 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-21 18:49 . 2012-11-30 16:11 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-05-21 18:49 . 2012-11-30 16:10 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-05-21 18:49 . 2012-11-30 16:10 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-05-20 17:59 . 2012-12-08 16:40 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-05-20 17:59 . 2012-12-08 16:39 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-05-19 16:32 . 2012-12-09 16:59 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-26 39408]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\wcmmon.exe" [2011-07-17 1038848]
"ultracopier"="c:\program files\Supercopier\supercopier.exe" [2013-05-23 174080]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-08-28 3878480]
"GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-07-25 813896]
"uTorrent"="c:\users\user\AppData\Roaming\uTorrent\uTorrent.exe" [2015-05-06 1694560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-06-29 53288576]
"Google Photos Backup"="c:\users\user\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2015-07-10 3791176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 172568]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-20 1679360]
"EaseUS EPM tray"="c:\program files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe" [2013-03-29 2081792]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-03-09 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MultiSkypeLauncher.lnk - c:\program files\MultiSkypeLauncher\MultiSkypeLauncher.exe /autologin [2011-6-13 114176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-02-16 43112]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-05-18 2370448]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2014-08-20 242256]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-08-14 39056]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-06-03 327296]
R2 SparkSvc;Baidu Spark Service;c:\program files\baidu\Baidu Browser\sparkservice.exe [2015-06-14 86840]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2013-03-07 14920]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2013-03-07 9160]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-01-11 32000]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-02-22 22400]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]
R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2015-05-11 1361720]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [2013-01-25 14936]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-28 1343400]
R3 WiFiPasswordService;WiFiPasswordService;c:\users\user\AppData\Local\Temp\WiFiPasswordService.exe [x]
R3 XPSVCOM;XPSVCOM;c:\windows\system32\DRIVERS\XPSVCOM.sys [2011-05-24 12416]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-03-10 51824]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-03-10 193464]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-03-10 135808]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-03-10 37928]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-06-09 113680]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-23 1068216]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-03-22 69232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-28 23:14 995144 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-07-26 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-17 11:16]
.
2015-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-02 11:16]
.
2015-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 07:11]
.
2015-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf8ca9bffe3e8d.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 07:11]
.
2015-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d04197b3ba44d9.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 07:11]
.
2015-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383958008-1500198413-680138916-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03 16:46]
.
2015-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383958008-1500198413-680138916-1000UA1cf8f36c0342da4.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03 16:46]
.
2015-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383958008-1500198413-680138916-1000UA1d090cc2f8fe9e5.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03 16:46]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.dz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\program files\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Upload to Facebook
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0y7coxvs.default\
FF - prefs.js: browser.startup.homepage - hxxps://us-mg5.mail.yahoo.com/neo/launch?.rand=5grepflq140qt
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-Viber - c:\users\user\AppData\Local\Viber\Viber.exe
AddRemove-UnityWebPlayer - c:\users\user\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3383958008-1500198413-680138916-1000_Classes\CLSID\{62ef2caf-3ee5-4a2e-832c-87e605c31fc6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000060
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3383958008-1500198413-680138916-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a4,ae,b6,ae,47,5f,d4,c8,f1,ce,e8,d1,1a,bf,73,11,a2,7b,5f,de,9d,
4c,ba,b5,51,88,fa,d2,0d,7a,97,b4,62,ea,0f,cd,a1,50,80,9c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-07-30 01:55:06
ComboFix-quarantined-files.txt 2015-07-30 00:55
.
Avant-CF: 4 884 434 944 octets libres
Après-CF: 4 812 218 368 octets libres
.
- - End Of File - - 982A7EEF3D87F96D890F71C0D0AFD4CB
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité