cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-09-25.01 - tech 29/09/2015 21:43:50.2.2 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1256.966.1036.18.4060.2669 [GMT 1:00]
Running from: c:\users\tech\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
[i] ADS - Windows: deleted 0 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\tech\AppData\Local\assembly\tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2015-08-28 to 2015-09-29 )))))))))))))))))))))))))))))))
.
.
2015-09-29 20:53 . 2015-09-29 20:53 -------- d-----w- c:\users\tech\AppData\Local\temp
2015-09-29 20:53 . 2015-09-29 20:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-09-29 20:53 . 2015-09-29 20:53 -------- d-----w- c:\users\Invité\AppData\Local\temp
2015-09-29 20:53 . 2015-09-29 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-29 20:53 . 2015-09-29 20:53 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2015-09-29 20:51 . 2015-09-29 20:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9F86165-36B8-4FE7-8BFA-D6C74E122BD1}\offreg.2304.dll
2015-09-29 20:42 . 2015-09-29 20:54 -------- d-----w- \ComboFix \ComboFix
2015-09-29 18:58 . 2015-09-29 18:58 -------- d-----w- c:\program files (x86)\ApeeeGoSoft
2015-09-29 18:45 . 2015-09-29 18:46 -------- d-----w- c:\program files (x86)\LAV Filters
2015-09-28 22:54 . 2015-09-28 22:54 -------- d-----w- c:\users\tech\AppData\Local\Moonchild Productions
2015-09-28 22:10 . 2015-09-28 22:10 -------- d-----w- C:\Quarantine
2015-09-28 22:10 . 2015-09-28 22:10 -------- d-----w- \Quarantine \QUARAN~1
2015-09-28 22:07 . 2015-09-28 22:07 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9F86165-36B8-4FE7-8BFA-D6C74E122BD1}\offreg.2396.dll
2015-09-28 20:55 . 2015-09-28 20:55 -------- d-----w- c:\users\tech\AppData\Roaming\SUPERAntiSpyware.com
2015-09-28 20:55 . 2015-09-28 20:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-09-28 20:55 . 2015-09-28 20:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-09-28 17:05 . 2015-09-28 17:05 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9F86165-36B8-4FE7-8BFA-D6C74E122BD1}\offreg.2052.dll
2015-09-28 13:44 . 2015-09-28 13:44 43112 ----a-w- c:\windows\avastSS.scr
2015-09-28 12:56 . 2015-09-28 12:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9F86165-36B8-4FE7-8BFA-D6C74E122BD1}\offreg.2976.dll
2015-09-28 12:56 . 2015-09-28 12:56 -------- d-----w- c:\users\tech\AppData\Roaming\ZHP
2015-09-28 11:28 . 2015-09-28 11:28 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-09-28 11:28 . 2015-09-28 11:28 -------- d-----w- c:\programdata\Malwarebytes
2015-09-28 10:37 . 2015-09-28 10:37 -------- d-----w- c:\users\tech\User_Disabled
2015-09-28 10:37 . 2015-09-28 10:37 -------- d-----w- c:\programdata\All_Disabled
2015-09-28 10:37 . 2015-09-28 10:37 -------- d---a-r- \Autorun.inf \Autorun.inf
2015-09-28 10:36 . 2004-03-08 23:00 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
2015-09-28 10:36 . 2000-02-07 10:06 106496 ----a-w- c:\windows\SysWow64\MBTray.ocx
2015-09-27 23:30 . 2015-09-27 23:30 -------- d-----w- c:\program files (x86)\Virus Effect Remover
2015-09-27 23:22 . 2015-09-29 19:42 -------- d-----w- c:\programdata\EdocSave
2015-09-26 01:21 . 2015-09-26 01:21 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9F86165-36B8-4FE7-8BFA-D6C74E122BD1}\offreg.1668.dll
2015-09-26 01:16 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9F86165-36B8-4FE7-8BFA-D6C74E122BD1}\mpengine.dll
2015-09-24 22:31 . 2015-09-24 22:31 -------- d-----w- c:\users\tech\AppData\Local\Babylon
2015-09-24 22:31 . 2015-09-27 22:21 -------- d-----w- c:\program files\Unlocker
2015-09-24 22:31 . 2015-09-24 22:31 -------- d-----w- c:\users\tech\AppData\Roaming\Babylon
2015-09-24 22:31 . 2015-09-24 22:31 -------- d-----w- c:\programdata\Babylon
2015-09-24 21:30 . 2015-09-28 21:44 -------- d-----w- \Config.Msi \Config.Msi
2015-09-18 14:20 . 2015-09-18 14:20 -------- d-----w- c:\users\tech\AppData\Local\Chromium
2015-09-17 22:31 . 2015-09-17 22:31 -------- d-----w- c:\program files\Microsoft Silverlight
2015-09-17 22:31 . 2015-09-17 22:31 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-09-17 22:31 . 2015-09-17 22:31 -------- d-----w- C:\extensions
2015-09-17 22:31 . 2015-09-17 22:31 -------- d-----w- \extensions \extensions
2015-09-15 15:17 . 2015-09-15 15:17 -------- d-sh--w- c:\programdata\System Restore
2015-09-15 14:58 . 2015-09-15 14:58 -------- d-----w- c:\users\tech\AppData\Roaming\lifebrowser.life-host.info-17
2015-09-15 14:58 . 2015-09-15 14:58 -------- d-----w- c:\users\tech\AppData\Local\lifebrowser.life-host.info-17
2015-09-15 14:56 . 2015-09-15 14:56 -------- d-----w- C:\Downloads
2015-09-15 14:56 . 2015-09-15 14:56 -------- d-----w- \Downloads \Downloads
2015-09-13 22:25 . 2015-09-13 22:25 -------- d-----w- c:\users\tech\AppData\Local\CurrentCode
2015-09-11 17:31 . 2015-09-29 18:07 -------- d-----w- c:\program files (x86)\Maxthon
2015-09-11 17:30 . 2015-09-13 10:49 -------- d-----w- c:\users\tech\AppData\Roaming\Maxthon3
2015-09-11 16:59 . 2015-09-11 16:59 -------- d-----w- c:\users\tech\AppData\Local\UCBrowser
2015-09-11 16:58 . 2015-09-11 17:12 -------- d-----w- c:\program files (x86)\UCBrowser
2015-09-09 16:28 . 2015-09-09 16:28 -------- d-----w- c:\program files\VideoLAN
2015-09-09 15:51 . 2015-09-09 15:53 -------- d-----w- c:\windows\rescache
2015-09-09 10:40 . 2015-08-05 17:56 1737216 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-09-09 10:37 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-09-09 10:37 . 2015-07-09 17:42 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
2015-09-09 10:37 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
2015-09-09 10:32 . 2015-07-22 17:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-09-04 21:32 . 2015-09-04 21:32 -------- d-----w- c:\program files (x86)\FreeTime
2015-09-04 14:41 . 2015-09-09 16:53 -------- d-----w- c:\users\tech\AppData\Roaming\Octoshape
2015-09-04 09:57 . 2015-09-04 09:58 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2015-09-02 11:23 . 2015-09-02 11:23 -------- d-----w- c:\users\tech\AppData\Roaming\Klixion
2015-09-02 11:22 . 2015-09-02 13:56 -------- d-----w- c:\users\tech\AppData\Roaming\10KHits
2015-09-01 17:53 . 2015-09-02 00:08 -------- d-----w- c:\users\tech\AppData\Local\WiFi Guard
2015-08-31 21:36 . 2015-08-31 21:36 -------- d-----w- c:\users\tech\AppData\Roaming\DM_Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-22 09:21 . 2014-05-20 15:12 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 09:21 . 2014-05-20 15:12 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-30 17:57 . 2015-08-12 18:37 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-12 18:37 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 23:52 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-22 17:53 . 2015-09-09 10:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-13 19:55 . 2015-07-13 19:55 73984 ----a-w- c:\windows\SysWow64\sslsp105.dll
2015-07-10 17:34 . 2015-08-12 18:43 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-07-10 17:34 . 2015-08-12 18:43 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-07-10 17:33 . 2015-08-12 18:43 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-07-09 17:57 . 2015-08-12 18:37 193536 ----a-w- c:\windows\notepad.exe
2015-07-09 17:42 . 2015-08-12 18:37 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-07-04 17:48 . 2015-07-31 10:37 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-08-17 37152]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
"BingSvc"="c:\users\tech\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-04-07 144008]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-09-23 7935768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-28 6134544]
.
c:\users\tech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\programdata\EdocSave\Y-light.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-22 21:29 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-20 09:21]
.
2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19 21:20]
.
2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19 21:20]
.
2015-09-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 128eb968-a133-46d8-a6c1-91feeb5ffdee.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-09-29 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 25d06e3d-003e-474f-ad4b-55fd2cce05ab.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-09-29 c:\windows\Tasks\update-S-1-5-21-978478050-2410835614-1606204549-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2014-08-16 17:44]
.
2015-09-29 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2014-08-16 17:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
(valeur non définie) [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-28 13:44 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 25112 ------w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\programdata\EdocSave\ZerStatsoft.dll
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\system32\blank.htm
mSearch Page = www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
mSearchAssistant = www.google.com
mCustomizeSearch = www.google.com
IE: ?&???? ??? Microsoft Excel
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: com\*.Wondershare
Trusted Zone: hola.org
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F4C6A7F1-AED4-4348-9EF2-4C8708962948}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-978478050-2410835614-1606204549-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):20,83,e4,46,8b,32,89,16,ee,f0,82,21,3d,a6,76,ac,05,a5,d2,77,da,
f4,6e,e2,5b,a8,66,5e,62,aa,3a,6b,64,7e,cc,88,a5,29,53,23,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-978478050-2410835614-1606204549-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):75,dc,c1,19,91,55,7c,79,fd,92,7b,ce,af,12,75,fd,40,b3,38,22,dc,
52,48,fa,06,89,ce,df,5d,f2,28,c8,4a,14,03,8f,73,f2,83,03,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-978478050-2410835614-1606204549-1000_Classes\Wow6432Node\CLSID\{ae7fd23d-e0a0-49dc-afc1-941babf63dc9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009e
"Therad"=dword:0000000d
.
[HKEY_USERS\S-1-5-21-978478050-2410835614-1606204549-1000_Classes\Wow6432Node\CLSID\{b6533c40-de04-42f8-9e47-4b26ea3faab3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ea
"Therad"=dword:00000015
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-09-29 22:00:39
ComboFix-quarantined-files.txt 2015-09-29 21:00
ComboFix2.txt 2015-09-23 23:17
.
Pre-Run: 52 402 327 552 octets libres
Post-Run: 52 322 217 984 octets libres
.
- - End Of File - - A4DC3BCF75494EB150F7AD829656E47E
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité