cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-07-20.01 - andrwed 23/07/2015 3:52.2.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1527.843 [GMT 0:00]
Lancé depuis: c:\users\andrwed\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MiuiTab\SuPTab.dll
c:\programdata\ntuser.pol
c:\users\andrwed\AppData\Local\Temp\DCD0\temp\DoWNload.exe
c:\windows\shost.bin
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-06-23 au 2015-07-23 ))))))))))))))))))))))))))))))))))))
.
.
2015-07-23 04:34 . 2015-07-23 04:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-22 22:53 . 2015-07-22 22:53 -------- d-----w- c:\users\andrwed\AppData\Roaming\VSRevoGroup
2015-07-16 17:38 . 2015-07-16 17:38 -------- d-----w- c:\users\andrwed\AppData\Roaming\Smadav
2015-07-16 17:38 . 2015-07-16 17:38 -------- d-----w- C:\[Smad-Cage]
2015-07-16 17:38 . 2015-07-22 23:02 -------- d-----w- c:\program files\SMADAV
2015-07-15 00:01 . 2015-07-15 00:01 -------- d-----w- c:\programdata\IHProtectUpDate
2015-07-15 00:01 . 2015-07-23 04:32 -------- d-----w- c:\program files\MiuiTab
2015-07-15 00:00 . 2015-07-22 23:02 -------- d-----w- c:\programdata\WindowsMangerProtect
2015-07-15 00:00 . 2015-07-15 00:00 0 ----a-w- c:\windows\prleth.sys
2015-07-15 00:00 . 2015-07-15 00:00 0 ----a-w- c:\windows\hgfs.sys
2015-07-14 23:59 . 2015-07-15 00:08 -------- d-----w- c:\users\andrwed\AppData\Roaming\istartsurf
2015-07-14 23:57 . 2015-07-15 00:06 -------- d-----w- c:\users\andrwed\AppData\Local\Crossbrowse
2015-07-14 23:57 . 2015-07-14 23:57 42208 ----a-w- c:\windows\system32\drivers\Hopduub120.sys
2015-07-14 23:57 . 2015-07-14 12:07 286720 ----a-w- c:\windows\system32\Robesaimpi.dll
2015-07-14 23:54 . 2015-07-14 12:15 43152 ----a-w- c:\windows\system32\drivers\{699bd245-8d10-4e76-8ffa-df6cfdf0e2bc}Gw.sys
2015-07-14 23:51 . 2015-07-15 21:17 -------- d-----w- c:\program files\SavePass 1.1
2015-07-14 23:36 . 2015-07-14 23:36 -------- d-----w- c:\program files\globalUpdate
2015-07-14 23:36 . 2015-07-14 23:36 -------- d-----w- c:\users\andrwed\AppData\Local\globalUpdate
2015-07-14 23:35 . 2015-07-14 23:35 -------- d-----w- c:\programdata\Systweak
2015-07-14 23:35 . 2015-06-29 18:24 18216 ----a-w- c:\windows\system32\sasnative32.exe
2015-07-14 23:34 . 2015-07-14 23:44 -------- d-----w- c:\users\andrwed\AppData\Roaming\systweak
2015-07-14 23:33 . 2015-07-22 23:02 -------- d-----w- c:\users\andrwed\AppData\Local\SterJo Wireless Passwords
2015-07-14 23:33 . 2005-04-15 20:58 1351392 ----a-w- c:\windows\system32\comctl32.ocx
2015-07-08 23:50 . 2010-01-07 03:20 375808 ----a-w- c:\windows\system32\drivers\rtl8187.sys
2015-07-08 23:50 . 2015-07-08 23:50 -------- d-----w- c:\program files\REALTEK
2015-07-08 23:50 . 2009-04-02 10:27 188416 ----a-w- c:\windows\system32\RTLExtUI.dll
2015-07-08 23:50 . 2009-03-31 14:31 380928 ----a-w- c:\windows\RtlUI2.exe
2015-07-08 23:50 . 2008-07-01 12:31 614400 ----a-w- c:\windows\system32\Rtlihvs.dll
2015-07-08 20:32 . 2015-07-22 23:13 -------- d-----w- c:\programdata\ToolsUpdatePlatform
2015-07-08 20:32 . 2015-07-08 20:32 -------- d-----w- c:\program files\ToolsUpdatePlatform
2015-07-04 01:03 . 2015-07-04 01:03 -------- d-----w- c:\program files\Microsoft.NET
2015-07-04 01:03 . 2015-07-04 01:03 -------- d-----w- c:\windows\Migration
2015-07-04 00:43 . 2015-07-04 00:43 -------- d-----w- c:\program files\Common Files\Java
2015-07-04 00:43 . 2015-07-04 00:42 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-07-04 00:41 . 2015-07-04 00:41 -------- d-----w- c:\programdata\Oracle
2015-07-04 00:41 . 2015-07-04 00:41 -------- d-----w- c:\program files\Java
2015-07-04 00:22 . 2008-05-15 03:28 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2015-07-04 00:22 . 2015-07-04 00:22 -------- d-----w- c:\program files\Jumpstart
2015-07-04 00:22 . 2006-05-16 11:54 57344 ------w- c:\windows\system32\Mfc42loc.dll
2015-07-04 00:21 . 2015-07-04 00:22 -------- d-----w- c:\programdata\Atheros
2015-07-04 00:21 . 2015-07-04 00:21 -------- d-----w- c:\users\andrwed\AppData\Roaming\InstallShield
2015-07-04 00:21 . 2015-07-04 00:21 -------- d-----w- c:\program files\WinPcap
2015-07-03 23:13 . 2015-07-09 22:44 -------- d-----w- c:\users\andrwed\AppData\Local\Diagnostics
2015-07-02 23:54 . 2015-07-02 23:55 -------- d-----w- c:\users\andrwed\AppData\Roaming\Notepad++
2015-07-02 23:54 . 2015-07-02 23:54 -------- d-----w- c:\program files\Notepad++
2015-07-02 22:49 . 2015-07-02 22:49 -------- d-----w- c:\programdata\Logs
2015-06-26 20:56 . 2015-06-26 20:58 -------- d-----w- c:\users\andrwed\AppData\Roaming\TSearch
2015-06-26 18:38 . 2015-07-03 20:58 -------- d-----w- C:\FFOutput
2015-06-26 18:37 . 2015-06-26 18:37 -------- d-----w- c:\users\andrwed\AppData\Local\Opera Software
2015-06-26 18:36 . 2015-06-26 18:36 -------- d-----w- c:\users\andrwed\AppData\Roaming\Opera Software
2015-06-26 18:35 . 2015-06-26 20:56 -------- d-----w- c:\program files\Opera
2015-06-26 18:25 . 2015-06-26 18:25 -------- d-----w- c:\program files\FreeTime
2015-06-26 18:10 . 2015-06-26 18:10 -------- d-----w- c:\users\andrwed\AppData\Local\Programs
2015-06-25 20:47 . 2015-06-25 20:47 -------- d-----w- c:\users\andrwed\.android
2015-06-24 19:32 . 2015-06-24 21:14 -------- d-----w- c:\program files\baidu
2015-06-24 19:27 . 2015-06-24 19:27 -------- d-----w- c:\users\andrwed\AppData\Local\MiniService
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-16 16:59 . 2015-06-11 21:14 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-16 16:59 . 2015-06-11 21:14 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-22 23:41 . 2015-06-22 23:41 14501 ----a-w- c:\programdata\Duplicaterecord.js
2015-05-18 04:57 . 2015-06-11 21:14 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6711BF8-EE5F-4780-B0FC-9BDCC577FA2C}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6C0411EB-7D71-42C8-9BAD-BC20C3A8C5FE}]
2015-06-12 21:16 822784 ----a-w- c:\program files\StrEaamX\J770bTAjCxE3HL.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{74E5F9E7-4076-4C5E-B7CA-2EEF3D5A466F}]
2015-06-12 21:17 822784 ----a-w- c:\program files\bestadblocker\fgWJZ6SO2w1wnt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ------w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-20 3898960]
"f.lux"="c:\users\andrwed\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Baidu PC Faster 4.0.0.0"="c:\program files\PC Faster\5.1.0.0\PCFTray.exe" [2015-05-07 2333152]
"jswtrayutil"="c:\program files\Jumpstart\jswtrayutil.exe" [2008-09-26 528384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
"Baidu PC Faster 5.1.0.0"="c:\program files\PC Faster\5.1.0.0\PCFTray.exe" [2015-05-07 2333152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 Baidu PC Faster FileShredder;Baidu PC Faster FileShredder;c:\program files\PC Faster\5.1.0.0\FileKill_x86.sys [2015-06-22 18880]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2015-03-31 46440]
S0 bulcuwwioo;bulcuwwioo; [x]
S1 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [2015-03-31 113992]
S2 BASSVC;Baidu MoboMarket Service;c:\program files\Baidu Security\MoboMarket\1.2.8.4379\bassvc.exe [2014-12-17 208928]
.
.
Contenu du dossier 'Tâches planifiées'
.
2015-07-14 c:\windows\Tasks\Bidaily Synchronize Task[973b].job
- c:\programdata\{337fe193-989d-8a36-337f-fe193989864e}\download.exe [2014-06-12 21:14]
.
2015-07-23 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files\globalUpdate\Update\globalupdate.exe [2015-07-14 23:51]
.
2015-07-22 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files\globalUpdate\Update\globalupdate.exe [2015-07-14 23:51]
.
2015-07-23 c:\windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job
- c:\program files\ToolsUpdatePlatform\UpdatePlatform.exe [2015-06-04 08:52]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.istartsurf.com/?type=hppp&ts=1436918419&z=340df1929420c92d2868410g2z2cdqct2g5b1z2e4e&from=obw&uid=ST96812AS_5PJ3LVKTXXXX5PJ3LVKT
uDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1436918419&z=340df1929420c92d2868410g2z2cdqct2g5b1z2e4e&from=obw&uid=ST96812AS_5PJ3LVKTXXXX5PJ3LVKT&q={searchTerms}
mStart Page = hxxp://www.globasearch.com/?serie=211&b=3&installkey=NyqXZSxFSF33farlbSNT
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
LSP: c:\windows\system32\Robesaimpi.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\andrwed\AppData\Roaming\Mozilla\Firefox\Profiles\yg2u91pf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.istartsurf.com/?type=hppp&ts=1436918419&z=340df1929420c92d2868410g2z2cdqct2g5b1z2e4e&from=obw&uid=ST96812AS_5PJ3LVKTXXXX5PJ3LVKT
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
FF - user.js: browser.startup.homepage - hxxp://www.istartsurf.com/?type=hppp&ts=1436918419&z=340df1929420c92d2868410g2z2cdqct2g5b1z2e4e&from=obw&uid=ST96812AS_5PJ3LVKTXXXX5PJ3LVKT
FF - user.js: browser.startup.page - 1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM_ActiveSetup-installed components - c:\program files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Installer\chrmstp.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bulcuwwioo]
"ImagePath"="\"c:\programdata\OpiVikr\vuscwfud.exe\" -cms"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\colpijov]
"ImagePath"="\"c:\programdata\OpiVikr\vuscafud.exe\" /ts2=1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EsungAkuld]
"ImagePath"="\"c:\programdata\OpiVikr\FymsSidoo.exe\" -cmd"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Hopduub120]
"ImagePath"="\??\c:\windows\system32\Drivers\Hopduub120.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(4824)
c:\windows\system32\Robesaimpi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\PC Faster\5.1.0.0\PCFasterSvc.exe
c:\program files\PC Faster\5.1.0.0\PCFasterSvc.exe
c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe
c:\programdata\OpiVikr\vuscwfud.exe
c:\programdata\OpiVikr\vuscafud.exe
c:\programdata\OpiVikr\FymsSidoo.exe
c:\program files\MiuiTab\ProtectService.exe
c:\program files\Jumpstart\jswpbapi.exe
c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
c:\windows\system32\taskhost.exe
c:\program files\MiuiTab\cmdshell.exe
c:\programdata\OpiVikr\Robesaimpi.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Smadav\SMc:\program files\ToolsUpdatePlatform\UpdatePlatform.exe
c:\windows\system32\conhost.exe
c:\program files\Baidu Security\MoboMarket\1.2.8.4379\bas_helper.exe
c:\programdata\OpiVikr\vuscdfud.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2015-07-23 04:40:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-07-23 04:40
.
Avant-CF: 40 213 512 192 octets libres
Après-CF: 40 082 718 720 octets libres
.
- - End Of File - - 36E6E0CC477DA84D032FCB5DEABA6A87
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité