cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-07-20.01 - 18:50:44.1.2 - x86
Microsoft Windows 7 Edition Intégrale 6.1.7600.0.1256.213.1036.18.2047.1494 [GMT :00]
Running from: c:\users\anouar\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\13343287577712355016
c:\programdata\13343287577712355016\1547aa30421efb5b8e33cd803716403c.ini
c:\programdata\13343287577712355016\2ec393ae2aeeca6f8e33cd803716403c.ini
c:\programdata\13343287577712355016\4088b11db2586d028e33cd803716403c.ini
c:\programdata\13343287577712355016\66f1d828dc8a9d598e33cd803716403c.ini
c:\programdata\13343287577712355016\7a48b837071c224e8e33cd803716403c.ini
c:\programdata\13343287577712355016\8eb0729fbf1cb0528e33cd803716403c.ini
c:\programdata\13343287577712355016\b1b04b8135a80c978e33cd803716403c.ini
c:\programdata\13343287577712355016\e1a11ca282117dcd8e33cd803716403c.ini
c:\users\anouar\Downloads\Compressed\C.C.A HooK Exceed final\C.C.A HooK Exceed final\Ping\_desktop.ini
c:\windows\system32\1.exe
c:\windows\system32\SET84A8.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-06-22 to 2015-07-22 )))))))))))))))))))))))))))))))
.
.
2015-07-22 17:59 . 2015-07-22 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-19 15:34 . 2015-07-19 15:35 -------- d-----w- c:\program files\TeamViewer
2015-07-17 19:34 . 2015-07-17 19:34 -------- d-----w- c:\program files\Common Files\Tencent
2015-07-17 19:34 . 2015-07-17 19:34 -------- d-----w- c:\program files\Tencent
2015-07-17 19:34 . 2015-07-17 19:34 -------- d-----w- c:\programdata\Tencent
2015-07-17 19:34 . 2015-07-17 19:34 -------- d-----w- c:\users\anouar\AppData\Roaming\Tencent
2015-07-17 17:31 . 2015-07-17 17:32 -------- d-----w- C:\AdwCleaner
2015-07-17 17:18 . 2015-07-14 10:44 26176 ---ha-w- c:\windows\system32\hamachi.sys
2015-07-17 17:18 . 2015-07-17 17:18 -------- d-----w- c:\program files\LogMeIn Hamachi
2015-07-17 16:55 . 2015-07-22 13:54 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-17 16:55 . 2015-07-17 16:55 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-07-17 16:55 . 2015-07-17 16:55 -------- d-----w- c:\programdata\Malwarebytes
2015-07-17 16:55 . 2014-10-01 10:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-17 16:55 . 2014-10-01 10:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-17 16:55 . 2014-10-01 10:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-16 16:16 . 2015-07-21 21:49 24 ----a-w- c:\users\anouar\AppData\Roaming\appdataFr25.bin
2015-07-14 20:53 . 2015-07-17 15:01 -------- d-----w- c:\users\anouar\AppData\Roaming\Apple Computer
2015-07-14 20:53 . 2015-07-14 20:53 -------- d-----w- c:\users\anouar\AppData\Local\Apple Computer
2015-07-14 20:52 . 2015-07-14 20:52 -------- d-----w- c:\program files\iPod
2015-07-14 20:52 . 2015-07-14 20:53 -------- d-----w- c:\program files\iTunes
2015-07-14 20:52 . 2015-07-14 20:52 -------- d-----w- c:\programdata\Apple Computer
2015-07-14 20:50 . 2015-07-14 20:50 -------- d-----w- c:\users\anouar\AppData\Local\Apple
2015-07-14 20:50 . 2015-07-14 20:50 -------- d-----w- c:\program files\Apple Software Update
2015-07-14 20:49 . 2015-07-14 20:49 -------- d-----w- c:\program files\Bonjour
2015-07-14 20:49 . 2015-07-14 20:52 -------- d-----w- c:\program files\Common Files\Apple
2015-07-14 20:49 . 2015-07-14 20:50 -------- d-----w- c:\programdata\Apple
2015-07-14 01:13 . 2015-07-15 22:13 -------- d-----w- c:\program files\Counter-Strike 1.6
2015-07-13 18:27 . 2015-07-13 18:27 -------- d-----w- c:\program files\Custom-Strike
2015-07-13 18:27 . 1998-06-17 23:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2015-07-12 22:17 . 2015-07-12 22:17 -------- d-----w- c:\program files\Talk and Comment for
2015-07-11 23:17 . 2015-07-11 23:17 -------- d-----w- c:\program files\Common Files\Adobe
2015-07-11 22:10 . 2015-07-11 23:20 -------- d-----w- c:\users\anouar\AppData\Local\Adobe
2015-07-11 19:55 . 2015-07-11 19:55 -------- d-----w- c:\program files\Zippy Clothes
2015-07-08 20:35 . 2015-07-13 18:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2015-07-06 17:00 . 2015-07-06 17:00 -------- d-----w- c:\users\anouar\AppData\Local\Steam
2015-07-06 14:58 . 2015-07-06 17:03 -------- d-----w- c:\program files\Common Files\Steam
2015-07-06 14:58 . 2015-07-21 17:51 -------- d-----w- c:\program files\Steam
2015-07-06 14:33 . 2015-07-06 14:33 -------- d-----w- c:\windows\system32\Macromed
2015-07-06 14:27 . 2015-07-13 18:27 -------- d-----w- c:\program files\Common Files\InstallShield
2015-07-05 15:00 . 2015-07-05 15:00 -------- d-----w- c:\users\anouar\Nouveau dossier (2)
2015-07-05 14:59 . 2015-07-05 14:59 -------- d-----w- c:\users\anouar\Nouveau dossier
2015-07-05 14:57 . 2015-07-05 14:57 138056 ----a-w- c:\users\anouar\AppData\Roaming\PnkBstrK.sys
2015-07-05 14:56 . 2015-07-05 14:56 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2015-07-05 14:56 . 2015-07-05 14:56 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2015-07-05 03:40 . 2015-07-05 03:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C5A3A8-8EA8-4A50-A1D0-1EEC983D6ED3}\offreg.2644.dll
2015-07-04 17:57 . 2015-07-04 18:05 -------- d-----w- c:\users\anouar\AppData\Local\Microsoft Games
2015-07-04 02:00 . 2015-07-04 02:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C5A3A8-8EA8-4A50-A1D0-1EEC983D6ED3}\offreg.2264.dll
2015-07-03 01:39 . 2015-07-03 01:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C5A3A8-8EA8-4A50-A1D0-1EEC983D6ED3}\offreg.2988.dll
2015-07-02 16:00 . 2015-07-02 16:00 -------- d-----w- c:\program files\Junkies Client
2015-07-02 14:03 . 2015-07-02 23:36 -------- d-----w- c:\program files\Xmarks Bookmark Sync
2015-07-02 02:50 . 2015-07-02 02:50 -------- d-----w- c:\program files\Common Files\Thraex Software
2015-07-01 03:45 . 2015-07-01 03:45 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C5A3A8-8EA8-4A50-A1D0-1EEC983D6ED3}\offreg.3144.dll
2015-06-30 15:55 . 2010-11-11 11:46 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2015-06-30 14:50 . 2015-07-06 17:03 -------- d-----w- C:\Nouveau dossier (2)
2015-06-30 13:20 . 2015-06-30 14:45 -------- d-----w- C:\Nouveau dossier
2015-06-27 12:40 . 2015-07-21 17:50 -------- d-----w- c:\users\anouar\AppData\Local\LogMeIn Hamachi
2015-06-27 12:40 . 2015-06-27 12:40 -------- d-----w- c:\users\anouar\AppData\Local\LogMeIn
2015-06-27 12:40 . 2015-06-27 12:40 -------- d-----w- c:\programdata\LogMeIn
2015-06-27 03:41 . 2015-06-27 03:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C5A3A8-8EA8-4A50-A1D0-1EEC983D6ED3}\offreg.960.dll
2015-06-24 03:57 . 2015-06-24 03:57 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C5A3A8-8EA8-4A50-A1D0-1EEC983D6ED3}\offreg.352.dll
2015-06-23 03:51 . 2015-06-23 03:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C5A3A8-8EA8-4A50-A1D0-1EEC983D6ED3}\offreg.316.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-21 01:11 . 2015-06-21 01:11 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C5A3A8-8EA8-4A50-A1D0-1EEC983D6ED3}\offreg.684.dll
2015-06-10 22:08 . 2015-06-10 22:08 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2015-06-10 22:08 . 2015-06-10 22:08 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2015-05-18 03:57 . 2015-06-12 21:54 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45C5A3A8-8EA8-4A50-A1D0-1EEC983D6ED3}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-01-20 5496600]
"BitTorrent"="c:\users\anouar\AppData\Roaming\BitTorrent\BitTorrent.exe" [2015-06-18 1999976]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-09-12 3878480]
"Steam"="c:\program files\Steam\steam.exe" [2015-06-04 2892992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-06-29 157992]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-07-14 5579624]
.
c:\users\anouar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe nas [2015-6-12 8343008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504]
R2 Zippy Clothes;Zippy Clothes;c:\program files\Zippy Clothes\Zippy Clothes.exe [2015-07-11 8016148]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2015-07-14 1878888]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-06-09 113680]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-07-14 411920]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-10-01 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-10-01 51928]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-22 15:37 990024 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Fraps - c:\fraps\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-391607920-666144056-2155648770-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):71,e8,45,ea,31,41,a6,eb,d4,d3,d4,63,a2,93,8d,c5,07,0b,04,cf,68,
07,4e,99,31,f3,eb,93,fa,7a,03,f2,d5,86,e8,7b,13,47,b5,07,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-391607920-666144056-2155648770-1000_Classes\CLSID\{612596fc-d458-4d57-92dd-a68b1c9f517e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b9
"Therad"=dword:00000018
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\O(uQ*Q*q_ó—­d>e\command]
@="\"c:\\Program Files\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(uQ*Q*q_ó—­d>e\command]
@="\"c:\\Program Files\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-22 19:01:26
ComboFix-quarantined-files.txt 2015-07-22 18:01
.
Pre-Run: 11,101,233,152 octets libres
Post-Run: 11,084,640,256 octets libres
.
- - End Of File - - 6201AF64F60587E768F964769C5D21CE
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité