cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-08-03.01 - user 04/08/2015 15:04:23.2.4 - x86
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.1911.380 [GMT 1:00]
Lancé depuis: c:\users\user\Desktop\important softwares\ComboFix.exe
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\ZHPDiag3.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-07-04 au 2015-08-04 ))))))))))))))))))))))))))))))))))))
.
.
2015-08-04 14:22 . 2015-08-04 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-03 23:05 . 2015-08-03 23:05 -------- d-----w- c:\users\user\AppData\Roaming\Media Player Classic
2015-08-03 20:18 . 2015-08-04 00:09 -------- d-----w- C:\Pre_Scan
2015-08-02 23:27 . 2015-08-02 23:27 -------- d-----w- c:\program files\Panda Security
2015-08-02 20:37 . 2015-08-03 20:15 -------- d-----w- c:\users\user\AppData\Roaming\Tencent
2015-08-02 17:31 . 2015-08-02 17:31 -------- d-----w- c:\program files\ZHPFix
2015-08-02 04:05 . 2015-08-04 04:24 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89F17DE9-A782-42FE-8EB9-DD10F3B97735}\offreg.dll
2015-07-31 11:48 . 2015-07-31 11:48 -------- d-----w- c:\programdata\IDM
2015-07-30 23:09 . 2015-07-30 23:09 -------- d-----w- C:\zoek
2015-07-29 22:37 . 2015-07-29 22:37 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2015-07-28 21:55 . 2015-07-29 21:45 -------- d-----w- C:\AdsFix
2015-07-26 20:31 . 2015-07-26 20:31 -------- d-----w- c:\programdata\Agnitum
2015-07-26 14:32 . 2015-08-04 10:42 -------- d-----w- c:\users\user\AppData\Roaming\ZHP
2015-07-11 02:33 . 2015-07-11 02:33 4587520 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-27 16:56 . 2014-09-28 14:02 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-17 11:16 . 2012-10-04 18:24 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-17 11:16 . 2012-01-26 19:37 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-18 07:41 . 2014-09-28 14:01 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41 . 2014-09-28 14:01 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41 . 2013-04-05 11:17 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-21 18:49 . 2012-11-30 16:11 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-05-21 18:49 . 2012-11-30 16:10 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-05-21 18:49 . 2012-11-30 16:10 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-05-20 17:59 . 2012-12-08 16:40 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-05-20 17:59 . 2012-12-08 16:39 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-05-19 16:32 . 2012-12-09 16:59 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-26 39408]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\wcmmon.exe" [2011-07-17 1038848]
"ultracopier"="c:\program files\Supercopier\supercopier.exe" [2013-05-23 174080]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-08-28 3878480]
"uTorrent"="c:\users\user\AppData\Roaming\uTorrent\uTorrent.exe" [2015-08-01 1693024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-06-29 53288576]
"Google Photos Backup"="c:\users\user\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2015-07-10 3791176]
"GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\program files\Google\Chrome\Application\chrome.exe" [2015-07-25 813896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-02 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-02 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-02 172568]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"EaseUS EPM tray"="c:\program files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe" [2013-03-29 2081792]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-03-09 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MultiSkypeLauncher.lnk - c:\program files\MultiSkypeLauncher\MultiSkypeLauncher.exe /autologin [2011-6-13 114176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0PCloudBroom.exe \systemroot\system32\BroomData.bit\0PCloudBroom.exe \systemroot\system32\BroomData.bit
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2014-08-20 242256]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2013-03-07 14920]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2013-03-07 9160]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [2012-01-11 32000]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-02-22 22400]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-03-10 51824]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-03-10 193464]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-03-10 135808]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-03-10 37928]
S2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-02-16 43112]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-05-18 2370448]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-06-09 113680]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-03-22 69232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - PSKMAD
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-28 23:14 995144 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.125\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-08-02 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-17 11:16]
.
2015-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-02 11:16]
.
2015-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 07:11]
.
2015-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf8ca9bffe3e8d.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 07:11]
.
2015-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d04197b3ba44d9.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-27 07:11]
.
2015-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383958008-1500198413-680138916-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03 16:46]
.
2015-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383958008-1500198413-680138916-1000UA1cf8f36c0342da4.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03 16:46]
.
2015-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3383958008-1500198413-680138916-1000UA1d090cc2f8fe9e5.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-03 16:46]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.dz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\program files\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Upload to Facebook
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0y7coxvs.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
AddRemove-Wondershare Video Editor_is1 - c:\program files\Wondershare\Video Editor\unins000.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3383958008-1500198413-680138916-1000_Classes\CLSID\{62ef2caf-3ee5-4a2e-832c-87e605c31fc6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000060
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3383958008-1500198413-680138916-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a4,ae,b6,ae,47,5f,d4,c8,f1,ce,e8,d1,1a,bf,73,11,a2,7b,5f,de,9d,
4c,ba,b5,51,88,fa,d2,0d,7a,97,b4,62,ea,0f,cd,a1,50,80,9c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-08-04 15:25:57
ComboFix-quarantined-files.txt 2015-08-04 14:25
.
Avant-CF: 15 101 407 232 octets libres
Après-CF: 15 102 849 024 octets libres
.
- - End Of File - - A2A71A42D7E9FD2011CCD15076AA24D2
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité