cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-07-08.01 - walid 08/07/2015 20:17:38.1.4 - x64
Microsoft Windows 7 Edition Intégrale 6.1.7601.1.1256.213.1036.18.3914.1690 [GMT 2:00]
Running from: c:\users\walid\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Phone\Skype.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-06-08 to 2015-07-08 )))))))))))))))))))))))))))))))
.
.
2015-07-08 08:53 . 2015-07-08 08:53 -------- d-----w- c:\program files (x86)\ZHPFix
2015-07-08 07:29 . 2015-07-08 07:29 -------- d-----w- C:\UsbFix
2015-07-07 18:39 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A881F6E7-8FD7-472A-A15D-050FF18707AA}\mpengine.dll
2015-07-07 04:49 . 2015-07-07 04:49 -------- d-----w- c:\users\walid\AppData\Roaming\FileZilla Server
2015-07-07 04:48 . 2015-07-07 04:48 -------- d-----w- c:\program files (x86)\FileZilla Server
2015-07-04 18:05 . 2015-07-04 18:05 -------- d-----w- c:\program files (x86)\WinSCP
2015-06-24 16:19 . 2015-06-24 16:19 -------- d-----w- c:\users\walid\AppData\Roaming\MarketSamurai
2015-06-24 16:18 . 2015-06-24 16:18 -------- d-----w- c:\program files (x86)\Market Samurai
2015-06-22 20:49 . 2015-07-08 18:15 -------- d-----w- c:\users\walid\AppData\Roaming\uTorrent
2015-06-22 17:33 . 2015-06-22 17:33 -------- d-----w- c:\users\walid\AppData\Roaming\com.longtailpro.LongTailPro
2015-06-22 17:33 . 2015-06-22 17:33 -------- d-----w- c:\program files (x86)\LongTailPro
2015-06-22 17:22 . 2015-06-22 17:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2015-06-22 15:25 . 2015-06-22 15:25 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-06-22 15:24 . 2015-06-22 15:24 -------- d-----w- c:\program files\Adobe
2015-06-22 15:20 . 2015-06-22 15:21 -------- d-----w- c:\programdata\Package Cache
2015-06-22 15:19 . 2015-06-22 15:24 -------- d-----w- c:\program files\Common Files\Adobe
2015-06-22 15:17 . 2015-06-22 15:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-06-22 15:15 . 2015-07-08 16:32 -------- d-----w- c:\users\walid\AppData\Local\Adobe
2015-06-22 03:39 . 2015-07-06 20:38 -------- d-----w- c:\users\walid\AppData\Roaming\BSplayer PRO
2015-06-22 03:39 . 2015-07-06 20:38 -------- d-----w- c:\program files (x86)\Webteh
2015-06-21 21:01 . 2015-06-21 21:02 -------- d-----w- c:\users\walid\AppData\Roaming\dvdcss
2015-06-20 16:17 . 2015-06-22 16:01 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-06-20 16:15 . 2015-07-08 08:56 -------- d-----w- c:\users\walid\AppData\Roaming\ZHP
2015-06-20 16:15 . 2015-07-08 07:20 -------- d-----w- c:\program files (x86)\ZHPDiag
2015-06-20 16:11 . 2015-07-08 08:56 -------- d-----w- c:\windows\AutoKMS
2015-06-20 16:08 . 2015-06-20 16:08 -------- d-----w- c:\programdata\Microsoft Toolkit
2015-06-13 18:29 . 2015-06-13 18:29 -------- d-----w- c:\users\walid\AppData\Local\Foxit Reader
2015-06-10 17:43 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-10 17:42 . 2015-05-22 18:18 700416 ----a-w- c:\windows\system32\generaltel.dll
2015-06-10 17:42 . 2015-05-22 18:18 1021440 ----a-w- c:\windows\system32\appraiser.dll
2015-06-10 17:42 . 2015-05-22 18:18 757248 ----a-w- c:\windows\system32\invagent.dll
2015-06-10 17:42 . 2015-05-22 18:18 423424 ----a-w- c:\windows\system32\devinv.dll
2015-06-10 17:42 . 2015-05-22 18:18 45568 ----a-w- c:\windows\system32\acmigration.dll
2015-06-10 17:42 . 2015-05-22 18:18 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-06-10 17:42 . 2015-05-22 18:13 1119232 ----a-w- c:\windows\system32\aeinv.dll
2015-06-10 17:42 . 2015-05-21 13:19 193536 ----a-w- c:\windows\system32\aepic.dll
2015-06-10 17:33 . 2015-04-24 18:17 633856 ----a-w- c:\windows\system32\comctl32.dll
2015-06-10 17:33 . 2015-04-24 17:56 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2015-06-10 17:25 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys
2015-06-10 17:22 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-08 16:32 . 2015-04-29 15:46 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-23 11:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 06:41 . 2015-04-29 15:45 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2015-04-29 15:45 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2015-04-29 15:45 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-11 02:04 . 2015-04-30 08:27 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 17:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-20 12:55 . 2015-05-20 13:57 197616 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-05-01 13:17 . 2015-05-14 01:01 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-14 01:01 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-30 20:14 . 2015-04-30 20:14 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-04-30 20:13 . 2015-04-30 20:13 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-04-30 20:13 . 2015-04-30 20:13 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-04-30 20:13 . 2015-04-30 20:13 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-04-30 20:13 . 2015-04-30 20:13 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-04-30 20:13 . 2015-04-30 20:13 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-04-30 20:13 . 2015-04-30 20:13 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-04-30 20:13 . 2015-04-30 20:13 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-04-30 20:13 . 2015-04-30 20:13 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-04-30 20:13 . 2015-04-30 20:13 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-04-30 20:13 . 2015-04-30 20:13 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-04-30 20:13 . 2015-04-30 20:13 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-04-30 20:13 . 2015-04-30 20:13 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-04-30 20:13 . 2015-04-30 20:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-04-30 20:13 . 2015-04-30 20:13 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-04-30 20:13 . 2015-04-30 20:13 247808 ----a-w- c:\windows\system32\msls31.dll
2015-04-30 20:13 . 2015-04-30 20:13 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-04-30 20:13 . 2015-04-30 20:13 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-04-30 20:13 . 2015-04-30 20:13 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-04-30 20:13 . 2015-04-30 20:13 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-04-30 20:13 . 2015-04-30 20:13 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-04-30 20:13 . 2015-04-30 20:13 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-04-30 20:13 . 2015-04-30 20:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-04-30 20:13 . 2015-04-30 20:13 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-04-30 20:13 . 2015-04-30 20:13 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-04-30 20:13 . 2015-04-30 20:13 81408 ----a-w- c:\windows\system32\icardie.dll
2015-04-30 20:13 . 2015-04-30 20:13 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-04-30 20:13 . 2015-04-30 20:13 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-04-30 20:13 . 2015-04-30 20:13 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-04-30 20:13 . 2015-04-30 20:13 235520 ----a-w- c:\windows\system32\url.dll
2015-04-30 20:13 . 2015-04-30 20:13 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-04-30 20:13 . 2015-04-30 20:13 143872 ----a-w- c:\windows\system32\wextract.exe
2015-04-30 20:13 . 2015-04-30 20:13 101376 ----a-w- c:\windows\system32\inseng.dll
2015-04-30 20:13 . 2015-04-30 20:13 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-04-30 20:13 . 2015-04-30 20:13 147968 ----a-w- c:\windows\system32\occache.dll
2015-04-30 20:13 . 2015-04-30 20:13 13824 ----a-w- c:\windows\system32\mshta.exe
2015-04-30 20:13 . 2015-04-30 20:13 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-04-30 20:13 . 2015-04-30 20:13 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-04-30 19:52 . 2015-04-30 19:52 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-04-30 19:52 . 2015-04-30 19:52 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2015-04-30 19:52 . 2015-04-30 19:52 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2015-04-30 19:52 . 2015-04-30 19:52 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2015-04-30 19:52 . 2015-04-30 19:52 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-04-30 19:52 . 2015-04-30 19:52 363008 ----a-w- c:\windows\system32\dxgi.dll
2015-04-30 19:52 . 2015-04-30 19:52 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-04-30 19:52 . 2015-04-30 19:52 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2015-04-30 19:52 . 2015-04-30 19:52 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-04-30 19:52 . 2015-04-30 19:52 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2015-04-30 19:52 . 2015-04-30 19:52 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-04-30 19:52 . 2015-04-30 19:52 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-04-30 19:52 . 2015-04-30 19:52 296960 ----a-w- c:\windows\system32\d3d10core.dll
2015-04-30 19:52 . 2015-04-30 19:52 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-04-30 19:52 . 2015-04-30 19:52 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-04-30 19:52 . 2015-04-30 19:52 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2015-04-30 19:52 . 2015-04-30 19:52 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-04-30 19:52 . 2015-04-30 19:52 1238528 ----a-w- c:\windows\system32\d3d10.dll
2015-04-30 19:52 . 2015-04-30 19:52 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2015-04-30 19:52 . 2015-04-30 19:52 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2015-04-30 19:52 . 2015-04-30 19:52 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2015-04-20 03:17 . 2015-05-13 09:16 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-13 09:16 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-04-20 02:56 . 2015-05-13 09:16 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 09:46 460800 ----a-w- c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 09:46 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-04-13 03:28 . 2015-05-13 09:17 328704 ----a-w- c:\windows\system32\services.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 18:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 18:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 18:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29 12:44]
.
2015-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-29 12:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5595848]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\walid\AppData\Roaming\Mozilla\Firefox\Profiles\5auipg9g.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-903209215-2254376086-2688177463-1000_Classes\Wow6432Node\CLSID\{59cba0d7-1b66-4e8d-b453-afffd5f113ab}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000093
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,f4,aa,e2,4c,d3,9f,2d,89,d9,e3,4d,6f,22,15,94,04,6e,c2,9c,ae,2b,9b,\
.
[HKEY_USERS\S-1-5-21-903209215-2254376086-2688177463-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):cc,c7,99,37,2c,4f,b1,e5,8d,b4,e9,6d,c8,73,d5,c0,59,d2,8d,e2,f8,
0d,5b,d2,d7,43,dc,ac,77,7c,b1,4f,59,f5,c2,92,10,15,95,39,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-903209215-2254376086-2688177463-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e9,78,fe,0c,3d,a7,ee,88,93,10,2c,fe,55,d6,0f,8b,a2,c9,20,3b,eb,
9b,cf,8b,e8,aa,ce,03,83,03,35,c9,56,cf,55,8b,7c,19,3e,d2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-903209215-2254376086-2688177463-1000_Classes\Wow6432Node\CLSID\{ab267226-d1cd-4cef-89b7-02188d3d0cf3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bb
"Therad"=dword:0000000f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-08 20:24:27
ComboFix-quarantined-files.txt 2015-07-08 18:24
.
Pre-Run: 116 245 487 616 octets libres
Post-Run: 115 847 774 208 octets libres
.
- - End Of File - - FF3CB50AC0F16B1F35CA867D9CD48F18

Publicité


Signaler le contenu de ce document

Publicité