cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-09-07.01 - hp 09/09/2015 18:13:50.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1256.212.1036.18.2038.784 [GMT 0:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Rising Antivirus *Enabled/Updated* {DBC966C2-BD90-87CD-5A01-4DFB1D2EC867}
FW: Pare-feu personnel d'ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Rising Antivirus *Enabled/Updated* {60A88726-9BAA-8843-60B1-768966A982DA}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\ma-config.inf
c:\program files\ma-config.com\Drivers\ma-config_amd64.cat
c:\program files\ma-config.com\Drivers\ma-config_amd64.sys
c:\program files\ma-config.com\Drivers\ma-config_x86.cat
c:\program files\ma-config.com\Drivers\ma-config_x86.sys
c:\program files\ma-config.com\Langues\LangueMC.ar.resx
c:\program files\ma-config.com\Langues\LangueMC.de.resx
c:\program files\ma-config.com\Langues\LangueMC.en.resx
c:\program files\ma-config.com\Langues\LangueMC.es.resx
c:\program files\ma-config.com\Langues\LangueMC.fr.resx
c:\program files\ma-config.com\Langues\LangueMC.pt.resx
c:\program files\ma-config.com\Langues\LangueMC.ru.resx
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\MaConfigAgent.exe
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\MCDetection.exe
c:\program files\ma-config.com\MCNoyau.dll
c:\program files\ma-config.com\MCrypt.dll
c:\program files\ma-config.com\MCSettings.exe
c:\program files\ma-config.com\MCStubUser.exe
c:\program files\ma-config.com\sqlite3.dll
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\Logs\websocketpp.log
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\server.pem
c:\users\hp\AppData\Roaming\DRPSu
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ma-config_x86
-------\Legacy_ma-config_x86
-------\Service_ma-config_x86
-------\Service_MaConfigAgent
-------\Service_ma-config_x86
-------\Service_MaConfigAgent
.
.
((((((((((((((((((((((((( Files Created from 2015-08-09 to 2015-09-09 )))))))))))))))))))))))))))))))
.
.
2015-09-09 18:38 . 2015-09-09 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-09 18:02 . 2015-09-09 18:02 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9A85145-3658-4910-9540-172EF75FA972}\offreg.4552.dll
2015-09-09 16:34 . 2015-08-01 00:59 32568 ------w- c:\windows\system32\drivers\hvm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-09 18:59 . 2015-06-22 23:34 30392 ----a-w- c:\windows\system32\drivers\TS888.sys
2015-09-09 18:24 . 2015-06-22 19:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-09 16:58 . 2013-12-10 13:22 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-09 16:58 . 2013-12-10 13:22 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-09 16:26 . 2015-06-21 15:56 157808 ------w- c:\windows\system32\drivers\sysmon.sys
2015-08-01 00:56 . 2015-08-01 00:56 6420480 ----a-w- c:\program files\GUT1BF9.tmp
2015-06-24 01:23 . 2015-06-27 14:04 9252600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9A85145-3658-4910-9540-172EF75FA972}\mpengine.dll
2015-06-23 21:06 . 2015-06-22 19:06 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-21 23:31 . 2015-06-21 15:56 83384 ------w- c:\windows\system32\drivers\rsutils.sys
2015-06-21 23:31 . 2015-06-21 15:56 77080 ------w- c:\windows\system32\drivers\kguard.sys
2015-06-21 15:53 . 2015-06-22 23:33 77016 ----a-w- c:\windows\system32\drivers\TAOAccelerator.sys
2015-06-21 15:53 . 2015-06-22 23:33 138552 ----a-w- c:\windows\system32\drivers\TAOKernel.sys
2015-06-21 15:53 . 2015-06-21 15:54 14008 ------w- c:\windows\system32\drivers\TSDefenseBt.sys
2015-06-21 15:53 . 2015-06-21 15:54 67896 ------w- c:\windows\system32\TSSK.sys
2015-06-21 15:53 . 2015-06-21 15:54 150072 ------w- c:\windows\system32\drivers\TFsFlt.sys
2015-06-21 15:53 . 2015-06-21 15:53 124792 ------w- c:\windows\system32\drivers\TsFltMgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{14A5E567-034B-471A-89D8-598A6A93B24B}]
2012-11-13 01:26 228696 ------w- c:\program files\Rising\RAV\rsscrbho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\hp\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-10-10 3812944]
"Dropbox Update"="c:\users\hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-20 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
"QQPCTray"="c:\program files\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe" [2015-06-21 355296]
"RavTRAY"="c:\program files\Rising\RAV\RSTRAY.EXE" [2014-05-15 111000]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 894344]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\hp\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-18 39175960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2014-3-25 15661872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain
.
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files\Ralink\Common\RaMediaServer.exe [2012-07-06 1863680]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-06-23 92888]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-09-09 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-03-07 15576]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-03-07 10200]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-12-04 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys [2015-09-09 157808]
S0 TsFltMgr;tencent TsFltMgr;c:\windows\system32\drivers\TsFltMgr.sys [2015-06-21 124792]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]
S1 HyperVM;HyperVM;c:\windows\system32\drivers\hvm.sys [2015-08-01 32568]
S1 kguard;kguard;c:\windows\system32\DRIVERS\kguard.sys [2015-06-21 77080]
S1 oxmf;OXPCI Bus enumerator;c:\windows\system32\DRIVERS\oxmf.sys [2013-12-03 16512]
S1 oxpar;OX16PCI95x Parallel port driver;c:\windows\system32\DRIVERS\oxpar.sys [2013-12-03 76416]
S1 oxser;OX16C95x Serial port driver;c:\windows\system32\DRIVERS\oxser.sys [2013-12-03 53376]
S1 QMIEProtect;QMIEProtect;c:\program files\Tencent\QQPCMgr\10.9.16349.225\QMIEProtect.sys [2015-08-18 49976]
S1 QMUdisk;QMUdisk;c:\program files\Tencent\QQPCMgr\10.9.16349.225\QMUdisk.sys [2015-06-21 59872]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys [2015-06-21 83384]
S1 TAOKernelDriver;Tencent TAO kernel driver.;c:\windows\system32\Drivers\TAOKernel.sys [2015-06-21 138552]
S1 TFsFlt;TFsFlt;c:\windows\system32\Drivers\TFsFlt.sys [2015-06-21 150072]
S1 TSCPM;TSCPM;c:\program files\Tencent\QQPCMgr\10.9.16349.225\tscpm.sys [2015-06-21 43448]
S1 TSDefenseBt;TSDefenseBt;c:\windows\system32\DRIVERS\TSDefenseBt.sys [2015-06-21 14008]
S1 TSKSP;TSKSP;c:\program files\Tencent\QQPCMgr\10.9.16349.225\TSKsp.sys [2015-06-21 204920]
S1 TSSysKit;TSSysKit;c:\program files\Tencent\QQPCMgr\10.9.16349.225\TSSysKit.sys [2015-06-21 101560]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-10-02 107488]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160]
S2 QQPCRTP;QQPCMgr RTP Service;c:\program files\Tencent\QQPCMgr\10.9.16349.225\QQPCRTP.exe [2015-09-09 297608]
S2 QQSysMon;QQSysMon;c:\program files\Tencent\QQPCMgr\10.9.16349.225\QQSysMon.sys [2015-06-21 108472]
S2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2014-05-28 24120]
S2 RsMgrSvc;Rsd Service;c:\program files\Rising\RSD\RsMgrSvc.exe [2015-09-09 196288]
S2 RsRavMon;Rav Service;c:\program files\Rising\RAV\ravmond.exe [2014-05-15 277552]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-07-11 328992]
S2 TAOAccelerator;Tencent TAOAccelerator driver.;c:\windows\system32\Drivers\TAOAccelerator.sys [2015-06-21 77016]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2013-09-06 1635632]
S3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\DRIVERS\oxmfuf.sys [2013-12-03 5376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2014-01-03 214232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-12-18 683736]
S3 TS888;TS888;c:\program files\Tencent\QQPCMgr\10.9.16349.225\TS888.sys [2015-09-09 30392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-09 16:47 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10 16:58]
.
2015-09-09 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2387584831-3554265815-3465077255-1000Core.job
- c:\users\hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 11:21]
.
2015-09-09 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2387584831-3554265815-3465077255-1000UA.job
- c:\users\hp\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20 11:21]
.
2015-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2387584831-3554265815-3465077255-1000Core.job
- c:\users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-25 23:10]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-10 16:26]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d042399be22e57.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-10 16:26]
.
2015-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-10 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hao123.com/?tn=95776034_hao_pg
mStart Page = hxxp://www.hao123.com/?tn=95776034_hao_pg
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CF007ABC-6B69-4FEA-8B80-D3623B595634}: NameServer = 208.67.222.222,156.154.71.25
TCP: Interfaces\{CF007ABC-6B69-4FEA-8B80-D3623B595634}\4505D2C494E4B4F505F434B45445F533032303F5331354138313: NameServer = 208.67.222.222,156.154.71.25
TCP: Interfaces\{CF007ABC-6B69-4FEA-8B80-D3623B595634}\4556E64616: NameServer = 208.67.222.222,156.154.71.25
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{50F4150A-48B2-417A-BE4C-C83F580FB904} - c:\program files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll
Toolbar-10 - (no file)
HKCU-Run-Adobe Flash Player - c:\users\hp\AppData\Roaming\plugin-container.exe
AddRemove-PPStream - c:\iqiyi video\LStyle\QyUninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files\\Tencent\\QQPCMgr\\10.9.16349.225\\QQPCTray.exe\" /regrun"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2387584831-3554265815-3465077255-1000_Classes\CLSID\{088c9b96-1474-4e86-aac0-a1da3e80e8a8}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000003f
"Therad"=dword:00000015
"SpecVersion"=dword:00000041
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2387584831-3554265815-3465077255-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):89,17,a8,8a,9c,da,19,e6,0d,cf,fc,fc,3b,0c,6c,88,a2,96,7a,8d,86,
37,7e,91,7e,04,f2,f1,1c,b1,7f,ec,09,1b,24,57,e1,7a,b0,43,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2387584831-3554265815-3465077255-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b9,df,f6,0d,5c,f2,20,b3,1c,f3,31,36,d6,c7,62,25,74,4d,cd,89,97,
52,41,3d,17,f1,00,d6,b9,d9,3a,e5,e9,28,ae,e9,e0,34,15,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2387584831-3554265815-3465077255-1000_Classes\CLSID\{a5628394-8456-409c-8af9-d53a04c35b31}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000000
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\Tencent\QQPCMgr\10.9.16349.225\plugins\QMNetMon\QQPCNetFlow.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\program files\Tencent\QQPCMgr\10.9.16349.225\QQPCRealTimeSpeedup.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Rising\RSD\popwndexe.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Ralink\Common\RaUI.exe
c:\users\hp\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Tencent\QQPCMgr\10.9.16349.225\QMSignScan.exe
.
**************************************************************************
.
Completion time: 2015-09-09 19:14:23 - machine was rebooted
ComboFix-quarantined-files.txt 2015-09-09 19:14
.
Pre-Run: 7 821 742 080 octets libres
Post-Run: 11 411 349 504 octets libres
.
- - End Of File - - 2BCA8BAC083B122917033E9683700B41
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité