cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-06-30.01 - TOSHIBA 01/07/2015 19:35:20.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8152.6215 [GMT 2:00]
Running from: c:\users\TOSHIBA\desktop\ComboFix.exe
AV: Kaspersky Total Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Total Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Total Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\TOSHIBA\AppData\Roaming\DRPSu
c:\users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Explore.lnk
c:\users\TOSHIBA\WINDOWS
c:\users\TOSHIBA\WINDOWS\servicing\Sessions\30402971_382224683.back.xml
c:\users\TOSHIBA\WINDOWS\servicing\Sessions\30402971_382224683.xml
c:\users\TOSHIBA\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
c:\users\TOSHIBA\WINDOWS\System32\winevt\Logs\Application.evtx
c:\users\TOSHIBA\WINDOWS\System32\winevt\Logs\System.evtx
c:\windows\BACKUP.11012534.inst_tspx.exe
c:\windows\BACKUP.15917616.inst_tsp.exe
c:\windows\BACKUP.16770558.inst_tspx.exe
c:\windows\BACKUP.16963752.inst_tsp.exe
c:\windows\BACKUP.21608941.killproc.exe
c:\windows\BACKUP.93460991.inst_tspx.exe
c:\windows\BACKUP.96577861.inst_tsp.exe
.
c:\windows\SysWow64\drivers\ntfs.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2015-06-01 to 2015-07-01 )))))))))))))))))))))))))))))))
.
.
2015-07-01 15:10 . 2015-07-01 15:10 -------- d-----w- c:\program files (x86)\ZHPFix
2015-07-01 12:12 . 2015-07-01 14:36 -------- d-----w- C:\AdwCleaner
2015-06-25 12:53 . 2015-06-25 12:53 136408 ----a-w- c:\windows\system32\drivers\42901B13.sys
2015-06-22 12:57 . 2015-06-22 12:57 136408 ----a-w- c:\windows\system32\drivers\133C342F.sys
2015-06-22 12:05 . 2015-06-22 12:05 136408 ----a-w- c:\windows\system32\drivers\30F60C72.sys
2015-06-17 20:00 . 2015-04-27 19:23 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-06-17 20:00 . 2015-04-27 19:23 188416 ----a-w- c:\windows\system32\cryptsvc.dll
2015-06-17 20:00 . 2015-04-27 19:23 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-06-17 20:00 . 2015-04-27 19:23 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-06-17 20:00 . 2015-04-27 19:05 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-06-17 20:00 . 2015-04-27 19:04 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-06-17 20:00 . 2015-04-27 19:04 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-06-17 20:00 . 2015-04-27 19:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2015-06-17 19:59 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-06-17 14:05 . 2015-06-17 14:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-06-16 20:13 . 2015-06-25 21:03 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-06-14 16:16 . 2015-06-14 16:16 136408 ----a-w- c:\windows\system32\drivers\7AD55B05.sys
2015-06-11 17:24 . 2015-06-11 17:24 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\Hard Disk Sentinel
2015-06-11 01:25 . 2015-06-11 01:25 -------- d-----w- c:\users\TOSHIBA\AppData\Local\Microsoft Help
2015-06-11 00:57 . 2015-06-11 00:57 -------- d-----w- c:\users\TOSHIBA\AppData\Local\GWX
2015-06-05 20:08 . 2015-05-25 18:19 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-06-05 20:06 . 2015-05-09 03:27 3147776 ----a-w- c:\windows\system32\wucltux.dll
2015-06-05 14:34 . 2015-06-05 14:34 -------- d--h--w- c:\program files\Uninstall Information
2015-06-05 14:33 . 2015-06-06 01:33 -------- d-----w- c:\users\Administrator.TOSHIBA-TOSH
2015-06-04 21:18 . 2015-06-28 12:23 -------- d-----w- c:\users\TOSHIBA\AppData\Local\CrashDumps
2015-06-02 19:48 . 2015-06-02 19:48 -------- d-----w- c:\program files\Bitdefender
2015-06-02 19:44 . 2015-06-02 19:44 -------- d-----w- c:\programdata\Bitdefender
2015-06-02 19:44 . 2015-06-26 22:04 -------- d-----w- c:\users\TOSHIBA\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-01 17:52 . 2014-12-01 12:31 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-29 11:51 . 2014-10-22 19:13 225976 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-06-22 13:08 . 2014-11-22 12:12 85360 ----a-w- c:\windows\system32\drivers\klwtp.sys
2015-06-22 13:08 . 2014-11-10 15:48 190648 ----a-w- c:\windows\system32\drivers\kneps.sys
2015-06-22 13:08 . 2014-10-10 15:02 39280 ----a-w- c:\windows\system32\drivers\klim6.sys
2015-06-22 13:08 . 2014-10-09 10:31 65208 ----a-w- c:\windows\system32\drivers\kltdi.sys
2015-06-22 13:08 . 2013-04-12 12:34 24944 ----a-w- c:\windows\system32\drivers\klpd.sys
2015-06-22 13:08 . 2014-08-19 10:31 64368 ----a-w- c:\windows\system32\drivers\kldisk.sys
2015-06-22 13:08 . 2014-03-31 08:47 478392 ----a-w- c:\windows\system32\drivers\kl1.sys
2015-06-22 13:08 . 2013-08-08 14:11 39280 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2015-06-22 13:08 . 2014-10-30 02:22 40304 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2015-06-22 13:08 . 2014-12-13 16:21 850608 ----a-w- c:\windows\system32\drivers\klif.sys
2015-06-22 13:08 . 2014-11-28 16:19 159960 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-06-22 13:08 . 2013-01-14 18:10 247016 ----a-w- c:\windows\system32\drivers\cm_km_w.sys
2015-06-18 06:41 . 2014-12-01 12:31 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-12-01 12:31 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-12-01 12:31 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-12 07:50 . 2015-06-30 11:47 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{577CD129-6412-4FB1-9F89-19A97C7A7B2F}\mpengine.dll
2015-06-10 14:02 . 2013-08-28 20:27 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-06-05 22:58 . 2012-03-02 19:04 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-05 22:58 . 2012-03-02 19:04 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-25 18:01 . 2015-06-05 20:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 00:38 . 2015-05-25 00:38 250672 ----a-w- c:\windows\system32\mfevtps.exe
2015-05-25 00:38 . 2015-05-25 00:38 864072 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2015-05-25 00:38 . 2015-05-25 00:38 106120 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2015-05-21 01:16 . 2015-05-21 01:16 107872 ----a-w- c:\windows\system32\drivers\zam64.sys
2015-05-21 01:15 . 2015-05-21 01:15 107872 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2015-05-18 13:27 . 2015-05-18 10:16 136408 ----a-w- c:\windows\system32\drivers\70870A2D.sys
2015-05-16 15:16 . 2015-05-16 15:16 136408 ----a-w- c:\windows\system32\drivers\0D8A5385.sys
2015-05-13 19:10 . 2015-05-13 19:10 136408 ----a-w- c:\windows\system32\drivers\7F531BE9.sys
2015-05-11 14:13 . 2015-05-11 13:16 136408 ----a-w- c:\windows\system32\drivers\64E070F9.sys
2015-05-11 14:02 . 2014-10-06 20:34 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-01 13:17 . 2015-05-13 10:02 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 10:02 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-28 10:16 . 2015-04-27 22:23 136408 ----a-w- c:\windows\system32\drivers\36794D52.sys
2015-04-27 13:16 . 2015-04-27 13:16 136408 ----a-w- c:\windows\system32\drivers\047F2B4A.sys
2015-04-22 18:44 . 2015-04-22 18:44 136408 ----a-w- c:\windows\system32\drivers\53101F1E.sys
2015-04-20 16:16 . 2015-04-20 16:16 136408 ----a-w- c:\windows\system32\drivers\24DF1210.sys
2015-04-20 03:17 . 2015-05-13 09:52 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 09:52 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 09:52 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 09:53 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 09:53 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-17 20:39 . 2015-04-17 19:26 136408 ----a-w- c:\windows\system32\drivers\6DA538D7.sys
2015-04-16 00:47 . 2015-04-16 00:47 243712 ----a-w- c:\windows\system32\InstallDriver.exe
2015-04-15 20:25 . 2015-04-15 20:25 136408 ----a-w- c:\windows\system32\drivers\174A4A0D.sys
2015-04-15 03:00 . 2015-04-15 03:00 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-04-14 01:33 . 2015-04-14 01:33 1614504 ----a-w- c:\windows\system32\FM20.DLL
2015-04-13 03:28 . 2015-05-13 09:53 328704 ----a-w- c:\windows\system32\services.exe
2015-04-11 22:04 . 2015-04-11 22:04 136408 ----a-w- c:\windows\system32\drivers\6D5A5D3A.sys
2015-04-11 03:19 . 2015-05-20 11:33 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-04-08 03:29 . 2015-05-13 09:52 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 09:52 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 09:52 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-04-07 18:47 . 2014-12-17 21:11 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AntiLogger"="c:\program files (x86)\AntiLogger\AntiLogger.exe" [2014-12-30 14679464]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2015-04-08 2618680]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoThemesTab"= 0 (0x0)
"NoDispAppearence"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
"AppInit_DLLs"=c:\progra~2\KeyCryptSDK\KeyCrypt32(1).dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kissvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\kyrdl.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 ijbsgx;ijbsgx; [x]
R0 opsw;opsw; [x]
R0 tljkva;tljkva; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 pwftap;PRIVATE WiFi Adapter;c:\windows\system32\DRIVERS\pwftap.sys;c:\windows\SYSNATIVE\DRIVERS\pwftap.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R4 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
R4 glarab_http_proxy;GLArab.com HTTP Proxy;c:\program files (x86)\GLArab.com\Proxy\http_proxy.exe;c:\program files (x86)\GLArab.com\Proxy\http_proxy.exe [x]
R4 gupdate1d07c27b3c11b6;Google Update Service (gupdate1d07c27b3c11b6);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem1d07c27bae3622;Google Update Service (gupdatem1d07c27bae3622);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NovaPdfServer;novaPDF Server;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe;c:\program files\Softland\novaPDF 8\Server\novapdfs.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-10 16:17 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-02 22:58]
.
2015-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21 11:33]
.
2015-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d07c27c4aed9e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21 11:33]
.
2015-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-21 11:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KeyCryptSDK\KeyCrypt64(1).dll
.
------- Supplementary Scan -------
.
ustart page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
IE: {{5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\rleqoewb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=en-gb|http://www.google.com
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file)
AddRemove-25bcbf9b-b470-4118-971a-8647c8b2917d - c:\progra~3\INSTAL~1\{72DF8~1\Setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3023224 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3035490 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3037581 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.51209\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1870027983-4264097883-3264919129-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6D985EE8-D9A6-CB7F-1C2E-989A34D0789B}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
.
**************************************************************************
.
Completion time: 2015-07-01 19:59:46 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-01 17:59
.
Pre-Run: 242,692,050,944 bytes free
Post-Run: 242,294,304,768 bytes free
.
- - End Of File - - 76020820764C8A3E778E7956DDDA2D3A
5B5E648D12FCADC244C1EC30318E1EB9

Publicité


Signaler le contenu de ce document

Publicité