cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-07-10.01 - user 07/11/2015 2:33.1.8 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1256.962.1033.18.3006.2279 [GMT 3:00]
Running from: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\ZHPDiag3.exe
C:\w7lxe-v10.exe
c:\w7lxe-v10.exe\w7lxe-v10.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-06-10 to 2015-07-10 )))))))))))))))))))))))))))))))
.
.
2015-07-10 23:40 . 2015-07-10 23:40 -------- d-----w- c:\users\user\AppData\Local\temp
2015-07-10 23:40 . 2015-07-10 23:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-10 22:24 . 2015-07-10 22:24 52440 ----a-w- c:\windows\system32\drivers\efhh.sys
2015-07-10 21:56 . 2015-07-10 22:03 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-10 21:56 . 2015-06-18 05:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-10 21:56 . 2015-06-18 05:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-10 21:56 . 2015-06-18 05:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-10 21:56 . 2015-07-10 21:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-07-10 21:56 . 2015-07-10 21:56 -------- d-----w- c:\programdata\Malwarebytes
2015-07-10 13:06 . 2015-07-10 13:12 -------- d-----w- C:\AdwCleaner
2015-07-10 12:11 . 2015-07-10 22:56 -------- d-----w- c:\users\user\AppData\Roaming\ZHP
2015-07-04 21:31 . 2015-07-10 11:37 -------- d-----w- c:\users\user\AppData\Local\Dropbox
2015-07-04 21:31 . 2015-07-04 21:31 -------- d-----w- c:\programdata\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-05 01:48 . 2015-04-30 07:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5CA69848-D3D3-4C24-A005-B51AC741B847}\offreg.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2014-03-08 274608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-03-09 350072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2014-09-15 748256]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2015-06-18 54072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2012-03-12 232288]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-07-10 98520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-09-15 208896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-02-05 47416]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2013-04-10 5120]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-10 10:52 991048 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-08 16:02]
.
2015-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-08 16:02]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\gnlcg3ic.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-photoFXlab - c:\program files\Topaz Labs\Applications\32Bit\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-11 02:41:32
ComboFix-quarantined-files.txt 2015-07-10 23:41
.
Pre-Run: 124,433,666,048 bytes free
Post-Run: 126,108,745,728 bytes free
.
- - End Of File - - 8AE8A6A777357A84B33CA7061E987B20
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité