cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-10-28.01 - benyou 02/11/2015 18:11:51.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.2010.784 [GMT 2:00]
Lancé depuis: c:\users\benyou\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 8.0 *Enabled/Outdated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Outdated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
* Un antivirus résident est actif
.
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-10-02 au 2015-11-02 ))))))))))))))))))))))))))))))))))))
.
.
2015-11-02 16:19 . 2015-11-02 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-02 16:13 . 2015-11-02 16:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FE44892-A1D6-48D7-A91A-9A5A935E4AC7}\offreg.4376.dll
2015-11-02 16:04 . 2015-11-02 16:04 -------- d-----w- C:\Rem-VBSqt
2015-11-02 15:17 . 2015-11-02 15:17 -------- d-----w- c:\users\benyou\AppData\Local\GWX
2015-11-02 13:05 . 2015-11-02 13:05 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FE44892-A1D6-48D7-A91A-9A5A935E4AC7}\offreg.5516.dll
2015-11-02 11:50 . 2015-11-02 11:50 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FE44892-A1D6-48D7-A91A-9A5A935E4AC7}\offreg.4344.dll
2015-11-01 17:03 . 2015-11-01 17:03 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FE44892-A1D6-48D7-A91A-9A5A935E4AC7}\offreg.860.dll
2015-11-01 07:47 . 2015-11-01 07:47 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FE44892-A1D6-48D7-A91A-9A5A935E4AC7}\offreg.2572.dll
2015-10-31 10:23 . 2015-10-31 10:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FE44892-A1D6-48D7-A91A-9A5A935E4AC7}\offreg.1096.dll
2015-10-29 11:25 . 2015-10-29 11:25 -------- d-----w- c:\programdata\Klick
2015-10-29 11:15 . 2015-10-29 11:15 -------- d-----w- c:\users\benyou\AppData\Local\Klick
2015-10-29 11:15 . 2015-10-29 11:15 -------- d-----w- c:\programdata\Caphyon
2015-10-29 11:14 . 2015-10-29 11:14 -------- d-----w- c:\program files\Klick
2015-10-29 09:17 . 2015-10-29 09:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FE44892-A1D6-48D7-A91A-9A5A935E4AC7}\offreg.4004.dll
2015-10-29 09:16 . 2015-10-13 09:30 8985080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FE44892-A1D6-48D7-A91A-9A5A935E4AC7}\mpengine.dll
2015-10-29 08:59 . 2015-10-29 11:15 -------- d-----w- c:\users\benyou\AppData\Roaming\Klick
2015-10-29 06:46 . 2015-10-29 12:17 -------- d-----w- c:\program files\Firefox Developer Edition
2015-10-22 21:07 . 2015-09-29 03:05 3990976 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-10-22 21:06 . 2015-09-01 17:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-22 21:05 . 2015-10-01 17:50 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-22 21:05 . 2015-10-01 17:50 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-10-22 21:05 . 2015-10-01 17:50 28160 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-22 21:05 . 2015-10-01 17:50 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-22 21:05 . 2015-10-01 17:50 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-22 21:05 . 2015-10-01 16:53 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-10-11 17:08 . 2015-10-11 17:10 -------- d-----w- c:\users\benyou\AppData\Roaming\SamLogic
2015-10-11 17:06 . 2014-05-28 09:02 81960 ----a-w- c:\windows\system32\XAPI2000X.dll
2015-10-11 17:06 . 2014-05-28 09:16 478248 ----a-w- c:\windows\system32\sltwit.dll
2015-10-11 17:06 . 2014-05-28 09:16 1718824 ----a-w- c:\windows\system32\SLTwitCtrl.ocx
2015-10-11 17:06 . 2012-02-13 08:01 886776 ----a-w- c:\windows\system32\Codejock.SyntaxEdit.v15.2.1.0213.ocx
2015-10-11 17:06 . 2012-02-13 08:01 579576 ----a-w- c:\windows\system32\Codejock.SkinFramework.v15.2.1.0213.ocx
2015-10-11 17:06 . 2012-02-13 08:01 1144824 ----a-w- c:\windows\system32\Codejock.PropertyGrid.v15.2.1.0213.ocx
2015-10-11 17:06 . 2012-02-13 08:01 1939448 ----a-w- c:\windows\system32\Codejock.Controls.Unicode.v15.2.1.0213.ocx
2015-10-11 17:06 . 2012-02-13 08:01 2742264 ----a-w- c:\windows\system32\Codejock.CommandBars.v15.2.1.0213.ocx
2015-10-11 17:06 . 2005-12-06 04:06 366776 ----a-w- c:\windows\system32\Codejock.PropertyGrid.v9.81.ocx
2015-10-11 17:06 . 2011-09-08 10:07 1255416 ----a-w- c:\windows\system32\Codejock.ChartPro.v15.1.3.0908.ocx
2015-10-11 17:06 . 2015-10-11 17:06 -------- d-----w- c:\program files\SamLogic
2015-10-11 17:05 . 1997-09-13 17:00 37136 ----a-w- c:\windows\VIREG32.EXE
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-31 21:19 . 2015-07-31 14:25 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-10-31 21:19 . 2015-07-31 14:24 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-10-31 21:19 . 2015-07-31 14:24 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-10-29 06:10 . 2015-08-11 07:58 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-10-29 06:09 . 2015-08-11 07:58 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-10-26 10:29 . 2015-08-11 07:58 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-09-02 02:48 . 2015-09-09 11:13 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48 . 2015-09-09 11:13 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48 . 2015-09-09 11:13 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48 . 2015-09-09 11:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:36 . 2015-09-09 11:13 2384896 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:33 . 2015-09-09 11:13 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-08-05 17:41 . 2015-09-09 11:13 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:40 . 2015-09-09 11:13 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 11:13 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40 . 2015-09-09 11:13 19968 ----a-w- c:\windows\system32\jnwmon.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2015-08-13 20:29 1065776 ----a-w- c:\program files\Workspace\offsyncext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2015-08-13 20:29 1065776 ----a-w- c:\program files\Workspace\offsyncext.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ultracopier"="c:\program files\Supercopier\supercopier.exe" [2014-02-19 178688]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-01-20 5496600]
"Steam"="c:\program files\Steam\steam.exe" [2015-10-31 3011152]
"Viber"="c:\users\benyou\AppData\Local\Viber\Viber.exe" [2015-07-15 72389840]
"Starfield Updater"="c:\users\benyou\AppData\Local\Workspace\WorkspaceUpdate.exe" [2015-08-13 35008]
"wben"="c:\users\benyou\AppData\Local\Workspace\wben.exe" [2014-10-20 1078896]
"Workspace Status"="c:\users\benyou\AppData\Local\Workspace\workspacestatus.exe" [2015-08-13 694760]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-08-28 3907152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-07-08 5089480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"MagicPlusHelper"="c:\program files\MagicPlus\MagicPlus_helper.exe" [2014-07-09 2499240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-07-31 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R3 StockExpUpdater;Mise à jours Stock Express;c:\program files\Klick\Stock Express\StockExpUpdater.exe [2015-08-15 465304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 60552]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-07-14 202704]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-07-14 144536]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 46656]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-07-08 1353720]
S2 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2014-10-20 697472]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-06-12 123968]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2015-07-07 785904]
S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-22 22:36 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-07-29 10:39]
.
2015-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-07-29 10:39]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\benyou\AppData\Roaming\Mozilla\Firefox\Profiles\bc5fmxgd.dev-edition-default\
FF - prefs.js: network.proxy.ssl - 213.57.90.253
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
------- Associations de fichier -------
.
.scr=AutoCADScriptFile
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-4192654946-1580728893-2436322071-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):56,bd,03,e2,84,ea,f7,d0,d1,ca,78,5a,df,8c,39,0d,f6,dc,fe,b2,cb,
65,c7,59,64,1b,b8,30,56,ff,ea,c2,0a,8e,12,e6,ef,fe,e3,19,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-4192654946-1580728893-2436322071-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):76,ea,ed,55,95,62,61,36,81,4d,f8,b7,8a,28,66,94,89,84,62,ad,92,
19,b6,82,b6,49,66,51,9e,4e,3f,05,3b,57,66,48,b0,2d,a2,77,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-11-02 18:20:32
ComboFix-quarantined-files.txt 2015-11-02 16:20
.
Avant-CF: 43 093 544 960 octets libres
Après-CF: 43 641 475 072 octets libres
.
- - End Of File - - 09872FAB3ED413D549DF67B9444E964C
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité