cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-10-26.01 - zabi 10/27/2015 18:53:20.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.966.1025.18.2046.1250 [GMT 1:00]
Running from: c:\users\zabi\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
[i] ADS - Windows: deleted 192 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\zabi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{243A65C1-4535-4ADA-B8DD-C36B2E1BDA25}.xps
c:\users\zabi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{84549E28-136B-4A0E-9B59-B9FB57E84938}.xps
c:\users\zabi\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AB218CC6-EC3B-4535-B063-CA424D174B18}.xps
c:\users\zabi\AppData\Local\Microsoft\Windows\Temporary Internet Files\BatBrowse_iels
c:\users\zabi\Documents\~WRL2011.tmp
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2015-09-27 to 2015-10-27 )))))))))))))))))))))))))))))))
.
.
2015-10-27 18:02 . 2015-10-27 18:31 -------- d-----w- c:\users\zabi\AppData\Local\temp
2015-10-27 18:02 . 2015-10-27 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-27 18:00 . 2015-10-27 18:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE51735F-F255-4E29-A69F-135F29F30912}\offreg.2004.dll
2015-10-25 14:33 . 2015-10-25 14:33 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE51735F-F255-4E29-A69F-135F29F30912}\offreg.5140.dll
2015-10-24 01:48 . 2015-10-24 01:48 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE51735F-F255-4E29-A69F-135F29F30912}\offreg.3828.dll
2015-10-24 01:47 . 2015-10-20 02:34 8985080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FE51735F-F255-4E29-A69F-135F29F30912}\mpengine.dll
2015-10-23 22:45 . 2015-10-23 22:45 -------- d-----w- c:\programdata\Malwarebytes
2015-10-23 16:40 . 2015-10-23 18:14 -------- d-----w- C:\AdwCleaner
2015-10-22 12:54 . 2012-11-09 22:00 450560 ----a-w- c:\windows\system32\CNABFEMK.DLL
2015-10-22 12:54 . 2012-09-02 22:00 327680 ----a-w- c:\windows\system32\CNAP2LMK.DLL
2015-10-22 12:54 . 2015-10-22 12:54 -------- d-----w- c:\program files\Canon
2015-10-21 09:41 . 2015-10-23 15:12 -------- d-----w- c:\users\zabi\AppData\Roaming\ZHP
2015-10-16 12:29 . 2015-06-12 02:00 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-10-02 10:15 . 2015-10-02 10:15 -------- d-----w- c:\programdata\Steam
2015-10-02 10:06 . 2015-10-02 10:24 -------- d-----w- c:\program files\Pro Evolution Soccer 2016
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-17 14:00 . 2013-10-05 15:40 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-17 14:00 . 2013-10-05 15:40 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-07 19:19 . 2014-11-28 08:20 55912 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-10-07 19:19 . 2014-11-28 08:20 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-08-26 12:45 . 2014-11-28 08:20 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-09-05 3417496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-10-07 782520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2010-10-14 226784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2015-9-26 1654784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2015-10-07 932912]
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2015-10-14 1147720]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2006-10-25 31128]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-12-14 375808]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;ÎÏãÉ Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-03-25 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 240608]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-05-19 37896]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-04-18 208896]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2015-10-07 461672]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-10-07 55912]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-06-12 123968]
S2 mi2c;mi2c;c:\windows\system32\drivers\mi2c.sys [2014-08-09 18224]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-05-16 69640]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-04 5316448]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-03-22 69232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-23 10:25 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-05 14:00]
.
2015-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-01 22:12]
.
2015-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-01 22:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gamehitzone.com/?utm_source=AutocrossTruckRacing&utm_medium=start
mStart Page = hxxp://www.google.com
IE: &ÊÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ÅÑ&ÓÇá Åáì OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ê&ÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 162.243.121.155 8.8.8.8
FF - ProfilePath - c:\users\zabi\AppData\Roaming\Mozilla\Firefox\Profiles\rcqxiwxo.default\
FF - ExtSQL: !HIDDEN! 2014-04-25 15:56; quick_start@gmail.com; c:\users\zabi\AppData\Roaming\Mozilla\Firefox\Profiles\rcqxiwxo.default\extensions\quick_start@gmail.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-OfficeSyncProcess - c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
HKLM-Run-Chedot - c:\users\zabi\AppData\Local\Chedot\Application\chedot.exe
AddRemove-{0DF70CB6-553A-4C57-8E6D-87635EECFB78} - c:\program files\\InstallShield Installation Information\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}\Install.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3159634006-3066515055-1003203021-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ed,15,d7,67,39,00,65,0d,90,cc,a5,8b,0d,5c,c3,17,3f,81,93,f4,a3,
87,71,1b,0b,62,63,79,73,f6,67,76,78,41,92,51,b3,07,19,ed,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3159634006-3066515055-1003203021-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2d,93,1d,31,58,6a,cc,fc,f9,c4,04,9e,bf,7e,e0,ae,d6,0b,e5,ca,eb,
cf,12,6b,42,15,b1,40,f9,4d,ab,75,8d,40,e4,47,20,ff,90,a8,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3159634006-3066515055-1003203021-1000_Classes\CLSID\{c0c130e1-838a-4221-bd56-930efdef786c}]
@Denied: (Full) (Everyone)
"Model"=dword:000000dc
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3159634006-3066515055-1003203021-1000_Classes\CLSID\{e3b7c68b-29b8-4829-8f23-ce81c412f3d2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000111
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(192)
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxrARA.lrc
c:\windows\System32\NLSLexicons0001.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
c:\windows\system32\spool\DRIVERS\W32X86\3\CNABFSWK.EXE
c:\program files\windows defender\MpCmdRun.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2015-10-27 19:37:16 - machine was rebooted
ComboFix-quarantined-files.txt 2015-10-27 18:37
.
Pre-Run: 44,550,037,504 bytes free
Post-Run: 44,525,133,824 bytes free
.
- - End Of File - - 654F48DE6832D797BC58F7B5DD19803A
445CEDAF18B640B607C7D11B34E8EC15

Publicité


Signaler le contenu de ce document

Publicité