cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-07-20.01 - islam 22/07/2015 14:34:07.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3070.1753 [GMT 1:00]
Lancé depuis: c:\users\islam\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-06-22 au 2015-07-22 ))))))))))))))))))))))))))))))))))))
.
.
2015-07-22 13:38 . 2015-07-22 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-22 13:23 . 2015-07-22 13:23 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-07-22 13:23 . 2015-07-22 13:24 -------- d-----w- c:\program files\Microsoft.NET
2015-07-22 13:23 . 2015-07-22 13:24 -------- d-----w- c:\program files\Microsoft SQL Server
2015-07-22 13:23 . 2015-07-22 13:23 -------- d-----w- c:\windows\PCHEALTH
2015-07-22 13:21 . 2015-07-22 13:21 -------- d-----w- c:\program files\Microsoft Analysis Services
2015-07-22 13:21 . 2015-07-22 13:27 -------- d-----w- c:\programdata\Microsoft Help
2015-07-22 11:53 . 2015-07-21 06:25 9252608 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6E9C1C7-4499-4AEB-AC34-C793DC6E29E5}\mpengine.dll
2015-07-22 11:53 . 2015-06-23 12:27 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-22 11:34 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2015-07-22 11:34 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2015-07-22 11:34 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2015-07-22 11:19 . 2014-05-07 16:42 144664 ----a-w- c:\windows\system32\secman.dll
2015-07-22 11:19 . 2015-07-22 12:18 -------- d-----w- c:\program files\InstallShield Installation Information
2015-07-22 11:18 . 2015-07-22 13:27 -------- d-sh--w- c:\windows\Installer
2015-07-22 11:01 . 2015-05-21 06:02 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2015-07-22 11:01 . 2015-05-21 06:02 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2015-07-22 11:01 . 2015-05-21 06:02 89984 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2015-07-22 11:01 . 2015-05-21 06:02 184192 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2015-07-22 11:00 . 2015-07-22 12:18 -------- d-----w- c:\program files\Samsung
2015-07-22 10:59 . 2015-07-22 12:02 -------- d-----w- c:\programdata\Samsung
2015-07-22 10:58 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2015-07-22 10:58 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2015-07-22 10:58 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2015-07-22 10:58 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2015-07-22 10:58 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2015-07-22 10:58 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2015-07-22 10:58 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-07-22 10:58 . 2014-05-14 08:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-22 10:58 . 2014-05-14 08:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-07-22 10:57 . 2011-04-19 19:06 1570304 ----a-w- c:\windows\system32\drivers\athur.sys
2015-07-22 10:13 . 2015-07-22 10:13 -------- d-----w- C:\Windows.old
2015-07-22 04:45 . 2015-07-22 05:15 -------- d-----w- C:\[Smad-Cage]
2015-07-19 20:33 . 2015-07-19 20:43 -------- d-----w- C:\Games
2015-07-18 21:13 . 2015-07-18 21:13 -------- d-----w- C:\found.002
2015-07-16 15:16 . 2015-07-16 15:16 -------- d-----w- C:\found.001
2015-07-14 02:16 . 2015-07-14 02:16 -------- d-----w- C:\found.000
2015-07-12 00:30 . 2015-07-12 00:30 -------- d-----r- C:\MSOCache
2015-07-11 20:53 . 2015-07-11 20:53 -------- d-----w- C:\NVIDIA
2015-07-10 14:11 . 2015-07-21 07:57 -------- d-----w- C:\hp
2015-07-10 13:19 . 2015-07-10 13:19 -------- d-----w- C:\Intel
2015-07-10 11:37 . 2015-07-22 10:24 -------- d-----w- C:\Boot
2015-07-10 10:54 . 2015-07-22 10:45 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:33 1720976 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:33 1720976 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:33 1720976 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2015-05-21 89984]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2015-05-21 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2015-05-21 743688]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2011-04-19 1570304]
S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - FASTFAT
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-07-22 14:40:41
ComboFix-quarantined-files.txt 2015-07-22 13:40
.
Avant-CF: 183 922 479 104 octets libres
Après-CF: 183 861 522 432 octets libres
.
- - End Of File - - D37FBF1C205F5E9BCC4CC35922FD6E6A
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité