cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-10-21.01 - poste19 21/10/2015 21:08:18.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.213.1033.18.1975.861 [GMT 1:00]
Running from: c:\users\poste19\Desktop\ComboFix.exe
AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\poste19\AppData\Roaming\DRPSu\DrvUpdater.exe
c:\users\poste19\AppData\Roaming\Microsoft\Windows\Recent\CLICK_HERE_HTC_Sync_Manager.url
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFPANSI
.
.
((((((((((((((((((((((((( Files Created from 2015-09-21 to 2015-10-21 )))))))))))))))))))))))))))))))
.
.
2015-10-21 20:14 . 2015-10-21 20:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-10-21 20:14 . 2015-10-21 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-21 17:27 . 2015-10-21 20:03 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-21 17:27 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-21 17:27 . 2015-10-21 17:27 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-10-21 17:27 . 2015-10-21 17:27 -------- d-----w- c:\programdata\Malwarebytes
2015-10-21 17:27 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-21 17:27 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-21 16:55 . 2015-10-13 09:30 8985080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66A6CE30-BD9D-45D5-A24C-479CAD49D4C6}\mpengine.dll
2015-10-20 21:16 . 2015-10-20 21:16 -------- d-----w- c:\users\poste19\AppData\Roaming\ZHP
2015-10-18 16:29 . 2015-10-18 16:29 -------- d---a-r- C:\$RECYCLEBIN
2015-10-14 19:42 . 2015-07-18 13:08 901264 ----a-w- c:\windows\system32\ucrtbase.dll
2015-10-14 19:36 . 2015-09-01 17:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-03 17:17 . 2015-10-18 16:28 -------- d-----w- C:\$Windows.~BT
2015-10-02 15:40 . 2015-10-02 15:40 17314496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-10-01 20:32 . 2015-10-20 21:11 -------- d-----w- C:\$360Section
2015-10-01 20:05 . 2015-10-20 21:11 -------- d-----w- c:\programdata\360Quarant
2015-10-01 20:03 . 2015-09-21 04:10 66128 ----a-w- c:\windows\system32\drivers\360AvFlt.sys
2015-10-01 20:03 . 2015-09-21 04:10 24296 ----a-w- c:\windows\system32\drivers\efimon.sys
2015-10-01 20:03 . 2015-10-01 20:03 -------- d-----w- c:\program files\360
2015-10-01 14:50 . 2015-10-01 14:50 -------- d-----w- c:\program files\Common Files\Tencent
2015-10-01 14:49 . 2015-10-01 14:49 -------- d-----w- c:\programdata\Tencent
2015-09-29 20:38 . 2015-09-29 20:38 -------- d-----w- c:\programdata\Kingsoft
2015-09-29 20:38 . 2015-09-29 20:38 -------- d-----w- c:\programdata\cmcm
2015-09-29 20:38 . 2015-09-29 20:38 81768 ----a-w- c:\windows\system32\drivers\ksapi.sys
2015-09-29 20:38 . 2015-09-29 20:38 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys
2015-09-29 20:38 . 2015-09-29 20:38 -------- d-----w- c:\program files\cmcm
2015-09-29 20:37 . 2015-10-01 20:03 -------- d-----w- c:\program files\Common Files\AV
2015-09-29 15:44 . 2015-07-09 17:42 179712 ----a-w- c:\windows\system32\notepad.exe
2015-09-29 15:44 . 2015-07-09 17:42 179712 ----a-w- c:\windows\notepad.exe
2015-09-29 15:44 . 2015-08-27 17:58 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-09-29 15:44 . 2015-08-27 17:58 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-09-29 15:44 . 2015-08-27 17:51 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-09-29 15:44 . 2015-08-27 17:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-09-29 15:44 . 2015-08-05 17:41 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-09-29 15:44 . 2015-07-15 17:59 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-09-29 15:44 . 2015-07-15 17:55 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-09-29 15:44 . 2015-07-15 17:54 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-09-29 15:42 . 2015-09-02 01:36 2384896 ----a-w- c:\windows\system32\win32k.sys
2015-09-29 15:42 . 2015-09-02 01:33 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-09-29 15:42 . 2015-09-02 02:48 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-29 15:42 . 2015-09-02 02:48 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-29 15:42 . 2015-09-02 02:48 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-29 15:42 . 2015-09-02 02:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-29 15:42 . 2015-07-22 17:53 937984 ----a-w- c:\windows\system32\diagtrack.dll
2015-09-29 15:42 . 2015-07-22 16:38 41984 ----a-w- c:\windows\system32\UtcResources.dll
2015-09-29 15:42 . 2015-07-22 17:53 635392 ----a-w- c:\windows\system32\tdh.dll
2015-09-29 15:42 . 2015-07-22 17:53 641536 ----a-w- c:\windows\system32\advapi32.dll
2015-09-29 15:41 . 2015-07-09 17:42 67584 ----a-w- c:\windows\system32\dwmapi.dll
2015-09-29 15:41 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\system32\dwmcore.dll
2015-09-28 21:18 . 2015-07-30 17:57 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-09-28 21:18 . 2015-07-30 17:57 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-09-28 21:18 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-09-28 21:15 . 2015-07-30 13:13 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-28 21:06 . 2015-06-25 09:48 105408 ----a-w- c:\windows\system32\consent.exe
2015-09-28 21:06 . 2015-06-25 09:44 1805824 ----a-w- c:\windows\system32\authui.dll
2015-09-28 21:06 . 2015-06-25 09:44 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-09-28 21:06 . 2015-07-15 02:55 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-09-28 20:37 . 2015-07-15 02:54 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-01-06 19:55 223432 ----a-w- c:\users\poste19\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-01-06 19:55 223432 ----a-w- c:\users\poste19\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-01-06 19:55 223432 ----a-w- c:\users\poste19\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-01-22 11738184]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE" [2010-10-14 226784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"QHSafeTray"="c:\program files\360\Total Security\safemon\QHSafeTray.exe" [2015-09-21 1287800]
"VideoLAN"="c:\windows\system32\wscript.exe" [2013-10-12 141824]
"C-cleaner"="c:\windows\system32\wscript.exe" [2013-10-12 141824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-01-10 280576]
.
c:\users\poste19\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
C-cleaner.lnk - c:\windows\system32\wscript.exe /e:VBScript.Encode d:\$recyclebin\Adobe.rar [2015-1-10 141824]
VideoLAN.lnk - c:\windows\system32\wscript.exe /e:VBScript.Encode d:\$recyclebin\Vlc.rar [2015-1-10 141824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 MyPublicWiFiService;MyPublicWiFi Service;c:\program files\MyPublicWiFi\PublicWiFiService.exe [2013-04-03 756224]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 360Box;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box.sys [2015-09-21 203856]
R3 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera.sys [2015-09-21 34888]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2009-06-02 39632]
R3 cmcore;Clean Master Core Service;c:\program files\cmcm\Clean Master\cmcore.exe [2015-09-30 315208]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-12-07 23040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 ksapi;ksapi;c:\windows\system32\drivers\ksapi.sys [2015-09-29 81768]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S0 HookPort;HookPort;c:\windows\System32\Drivers\Hookport.sys [2015-09-21 65872]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-12-04 16440]
S1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker.sys [2015-09-21 121936]
S1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2015-09-21 178384]
S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [2015-09-21 174672]
S1 EfiMon;EfiSystemMon;c:\windows\system32\Drivers\Efimon.sys [2015-09-21 24296]
S1 ndiskhaz;Azzouzi HotSpot LightWeight Filter;c:\windows\system32\DRIVERS\ndiskhaz.sys [2012-12-07 25416]
S1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\DRIVERS\qutmdrv.sys [2015-09-21 292560]
S1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2015-09-21 53960]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-11-29 115752]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 QHActiveDefense;360 Total Security;c:\program files\360\Total Security\safemon\QHActiveDefense.exe [2015-09-21 859768]
S3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys [2015-09-21 66128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-12-27 614624]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\poste19\AppData\Roaming\Mozilla\Firefox\Profiles\zdsp00f0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3945232695-3215460919-1870042044-1000_Classes\CLSID\{49071f1e-b993-4fc2-8fd2-7cde76b05fd0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000041
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-3945232695-3215460919-1870042044-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):5d,06,83,87,92,c3,47,96,8d,dc,06,31,be,0d,16,a1,fd,11,0f,69,e2,
33,9a,3b,7c,13,d4,5a,12,ab,be,18,98,51,5c,f6,8c,ee,f2,09,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3945232695-3215460919-1870042044-1000_Classes\CLSID\{7a966ee8-e75b-47ce-a279-c50c88194a0b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000151
"Therad"=dword:00000009
.
[HKEY_USERS\S-1-5-21-3945232695-3215460919-1870042044-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e6,75,95,06,5e,1a,fd,14,82,68,e0,fc,be,f9,48,bf,18,70,ab,17,69,
11,c7,1c,51,9b,1c,a9,e6,30,a6,53,65,73,7a,dc,74,12,29,06,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\AudioCD\shell\O(uQ*Q*q_ó—­d>e\command]
@="\"c:\\Program Files\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\DVD\shell\O(uQ*Q*q_ó—­d>e\command]
@="\"c:\\Program Files\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-21 21:18:33
ComboFix-quarantined-files.txt 2015-10-21 20:18
.
Pre-Run: 19 333 484 544 octets libres
Post-Run: 19 276 050 432 octets libres
.
- - End Of File - - AB4FE0C5D6F8BA4A7F9939AA61E0A5DC
C99C3199CFAA4CBDCD91493F6D113A50

Publicité


Signaler le contenu de ce document

Publicité