cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-09-07.01 - CA 10/09/2015 17:43:33.1.2 - x64
Microsoft Windows 7 Professionnel 6.1.7600.0.1256.213.1036.18.3071.1898 [GMT 1:00]
Running from: c:\users\CA\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2015-08-10 to 2015-09-10 )))))))))))))))))))))))))))))))
.
.
2015-09-09 15:21 . 2015-09-09 16:21 -------- d-----w- c:\program files (x86)\TeamViewer
2015-09-09 14:09 . 2015-09-09 14:09 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-09-06 08:44 . 2015-09-06 08:44 -------- d-----w- c:\windows\SysWow64\drivers\hosts-Pes6Stars
2015-09-05 16:09 . 2015-09-05 16:11 -------- d-----w- c:\programdata\F-Secure
2015-09-05 15:35 . 2015-09-09 20:23 -------- d-----w- c:\program files (x86)\UCBrowser
2015-09-05 08:19 . 2015-09-05 08:21 -------- d-----w- c:\windows\system32\MRT
2015-09-05 08:18 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-09-05 08:18 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-09-05 08:18 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-09-05 08:00 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-09-05 08:00 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-09-05 07:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2015-09-05 07:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2015-09-05 07:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2015-09-05 07:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2015-09-05 07:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2015-09-05 07:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2015-09-05 07:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2015-09-05 07:50 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-05 07:50 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-09-04 21:55 . 2015-09-04 21:55 -------- d-----w- c:\program files\CCleaner
2015-09-04 21:20 . 2015-08-20 03:18 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A739987F-D3A9-49B5-9589-476785545D65}\mpengine.dll
2015-09-04 21:20 . 2015-06-23 12:30 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-09-04 21:02 . 2015-09-04 21:10 -------- d-----w- c:\program files (x86)\Google
2015-09-04 20:39 . 2015-09-04 20:39 -------- d-----w- c:\program files\Microsoft Games
2015-09-04 20:30 . 2013-11-15 11:48 -------- d-----w- c:\program files (x86)\FreeTime
2015-09-04 20:30 . 2015-06-01 08:19 -------- d---a-w- c:\program files (x86)\MPC-HC.1.7.9.x64
2015-09-04 20:30 . 2015-09-04 20:30 -------- d-----w- c:\windows\SysWow64\Macromed
2015-09-04 20:28 . 2015-09-04 20:28 -------- d-----w- c:\program files (x86)\Microsoft.NET
2015-09-04 20:26 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2015-09-04 20:22 . 2015-09-04 20:22 -------- d-----w- c:\program files\ESET
2015-09-04 20:20 . 2015-09-04 20:20 -------- d-----w- c:\programdata\IDM
2015-09-04 20:20 . 2015-09-04 21:18 -------- d-----w- c:\program files (x86)\Internet Download Manager
2015-09-04 20:20 . 2015-09-04 20:20 -------- d-----w- c:\program files (x86)\Prolific
2015-09-04 20:19 . 2007-02-12 16:56 89600 ----a-w- c:\windows\system32\drivers\ser2pl64.sys
2015-09-04 20:18 . 2015-09-04 20:18 -------- d-----w- c:\programdata\ATI
2015-09-04 20:18 . 2015-09-04 20:18 0 ----a-w- c:\windows\ativpsrm.bin
2015-09-04 20:17 . 2015-09-04 20:17 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2015-09-04 20:17 . 2015-09-04 20:17 -------- d-----w- c:\program files\Common Files\ATI Technologies
2015-09-04 20:17 . 2015-09-04 20:17 -------- d-----w- c:\program files (x86)\ATI Technologies
2015-09-04 20:16 . 2015-09-04 20:17 -------- d-----w- c:\program files\ATI Technologies
2015-09-04 20:16 . 2015-09-04 20:16 -------- d-----w- c:\program files\ATI
2015-09-04 20:15 . 2015-09-09 14:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-09-04 20:15 . 2015-09-10 16:39 -------- d-sh--w- c:\windows\Installer
2015-09-04 20:15 . 2015-09-04 20:15 -------- d-----w- c:\windows\SysWow64\RTCOM
2015-09-04 20:15 . 2015-09-04 20:15 -------- d-----w- c:\program files\Realtek
2015-09-04 20:13 . 2015-09-04 20:13 -------- d-----w- c:\program files (x86)\Intel
2015-09-04 20:13 . 2009-06-16 04:05 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2015-09-04 20:13 . 2015-09-04 20:13 -------- d-----w- C:\Intel
2015-09-04 20:01 . 2015-09-04 21:57 -------- d-----w- c:\windows\Panther
2015-09-04 20:01 . 2015-09-04 20:01 -------- d-----w- C:\Boot
2015-08-28 12:36 . 2015-06-12 02:00 197616 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-14 14:29 . 2015-07-14 14:29 72400 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2015-07-14 14:29 . 2015-07-14 14:29 53360 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2015-07-14 14:29 . 2015-07-14 14:29 255240 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-07-14 14:29 . 2015-07-14 14:29 251632 ----a-w- c:\windows\system32\drivers\edevmon.sys
2015-07-14 14:29 . 2015-07-14 14:29 231520 ----a-w- c:\windows\system32\drivers\epfw.sys
2015-07-14 14:29 . 2015-07-14 14:29 178520 ----a-w- c:\windows\system32\drivers\ehdrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-08-28 3907152]
"IDM trial reset"="e:\logicial\IDM Life\IDMan Trial Reset by Chamsoo.exe" [2015-08-29 1178624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 UCBrowserSvc;UC Browser Service;c:\program files (x86)\UCBrowser\Application\UCService.exe;c:\program files (x86)\UCBrowser\Application\UCService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04 21:02]
.
2015-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-04 21:02]
.
2015-09-10 c:\windows\Tasks\UCBrowserUpdater{e23df38b34103b001ee4a910a2610d11}.job
- c:\program files (x86)\UCBrowser\Application\update_task.exe [2015-09-05 11:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-07-08 5595848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{B597ED5C-FDB2-4E27-9A95-5C9A43A44669}: NameServer = 199.85.126.20,199.85.127.20
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{65122CB0-EA0F-47DF-A953-017170ED12F9} - c:\program files (x86)\UCBrowser\Application\5.2.2787.1029\Installer\chrmstp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
.
**************************************************************************
.
Completion time: 2015-09-10 18:21:52 - machine was rebooted
ComboFix-quarantined-files.txt 2015-09-10 17:21
.
Pre-Run: 88 038 621 184 octets libres
Post-Run: 87 704 268 800 octets libres
.
- - End Of File - - 27F41F03144AC9C238CD2669A08CC2D3
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité