cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-11-15.01 - KrapulJack 2015-11-16 17:54:23.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.8191.6779 [GMT -5:00]
Lancé depuis: c:\users\KrapulJack\Desktop\Jonathan.exe
Commutateurs utilisés :: c:\users\KrapulJack\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KrapulJack\AppData\Local\AdbeRdr1012_en_US.exe
c:\users\KrapulJack\AppData\Local\jwmwvqkn
c:\users\KrapulJack\AppData\Local\jwmwvqkn\rdejgqte.exe
c:\users\KrapulJack\AppData\Local\liiuoqwf.log
c:\users\KrapulJack\AppData\Local\mqnawred.log
.
Une copie infectée de c:\windows\System32\winver.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-10-16 au 2015-11-16 ))))))))))))))))))))))))))))))))))))
.
.
2015-11-16 23:00 . 2015-11-16 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-16 22:53 . 2015-11-16 22:51 365568 --s---w- c:\users\KrapulJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rdejgqte.exe
2015-11-15 17:47 . 2015-11-16 22:48 -------- d-----w- C:\UsbFix
2015-11-15 13:45 . 2015-11-16 23:12 365568 ---ha-w- c:\windows\SysWow64\YJ7PqjP
2015-11-15 13:39 . 2015-11-16 22:43 365568 ---ha-w- c:\windows\SysWow64\EiJb623
2015-11-15 13:39 . 2015-11-15 13:40 -------- d-----w- C:\Jonathan
2015-11-15 13:28 . 2015-11-16 22:43 365568 ---ha-w- c:\windows\SysWow64\Gi0iHlUu
2015-11-14 20:03 . 2015-11-16 22:52 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-14 20:02 . 2015-11-16 22:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-11-14 20:02 . 2015-11-14 20:02 -------- d-----w- c:\programdata\Malwarebytes
2015-11-14 20:02 . 2015-10-05 14:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-11-14 20:02 . 2015-10-05 14:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-11-14 20:02 . 2015-10-05 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-11-14 19:56 . 2015-11-14 22:33 -------- d-----w- C:\FRST
2015-11-14 13:58 . 2015-11-14 13:59 -------- d-----w- C:\AdwCleaner
2015-11-14 11:41 . 2015-11-14 14:16 -------- d-----w- c:\users\KrapulJack\AppData\Roaming\ZHP
2015-11-12 23:38 . 2015-11-12 23:38 -------- d-----w- C:\searchplugins
2015-11-12 23:38 . 2015-11-12 23:38 -------- d-----w- c:\users\KrapulJack\AppData\Local\Lavasoft
2015-11-12 23:37 . 2015-11-12 23:50 -------- d-----w- c:\users\KrapulJack\AppData\Roaming\Lavasoft
2015-11-12 23:37 . 2015-11-12 23:37 425744 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-11-12 23:37 . 2015-11-12 23:37 345360 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2015-11-12 23:37 . 2015-11-12 23:37 -------- d-----w- c:\program files (x86)\Lavasoft
2015-11-12 23:37 . 2015-11-12 23:37 -------- d-----w- c:\program files\Lavasoft
2015-11-12 23:36 . 2015-11-12 23:36 -------- d-----w- c:\program files\Common Files\Lavasoft
2015-11-12 23:35 . 2015-11-12 23:37 -------- d-----w- c:\programdata\Lavasoft
2015-10-31 06:17 . 2015-10-31 06:17 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12595CE2-1F2F-40F4-8FB8-8DD7F3457ED3}\offreg.2860.dll
2015-10-29 09:14 . 2015-10-29 09:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12595CE2-1F2F-40F4-8FB8-8DD7F3457ED3}\offreg.4880.dll
2015-10-29 09:13 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12595CE2-1F2F-40F4-8FB8-8DD7F3457ED3}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-06 23:27 . 2014-01-17 00:58 226168 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-10-27 22:17 . 2012-06-25 12:24 226168 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-10-15 03:51 . 2012-06-24 15:10 143481208 ----a-w- c:\windows\system32\MRT.exe
2015-10-01 18:06 . 2015-10-13 22:26 692672 ----a-w- c:\windows\system32\winload.efi
2015-10-01 18:04 . 2015-10-13 22:26 616360 ----a-w- c:\windows\system32\winresume.efi
2015-10-01 18:00 . 2015-10-13 22:26 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-10-01 18:00 . 2015-10-13 22:26 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-10-01 18:00 . 2015-10-13 22:26 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-10-01 18:00 . 2015-10-13 22:26 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-10-01 18:00 . 2015-10-13 22:26 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-10-01 17:50 . 2015-10-13 22:26 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-10-01 17:00 . 2015-10-13 22:26 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-09-29 03:16 . 2015-10-13 22:26 5569472 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-09-29 03:13 . 2015-10-13 22:26 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-09-29 03:11 . 2015-10-13 22:26 243712 ----a-w- c:\windows\system32\wow64.dll
2015-09-29 03:11 . 2015-10-13 22:26 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-09-29 03:11 . 2015-10-13 22:26 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-09-29 03:11 . 2015-10-13 22:26 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-09-29 03:11 . 2015-10-13 22:26 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-09-29 03:11 . 2015-10-13 22:26 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-09-29 03:11 . 2015-10-13 22:26 503808 ----a-w- c:\windows\system32\srcore.dll
2015-09-29 03:11 . 2015-10-13 22:26 50176 ----a-w- c:\windows\system32\srclient.dll
2015-09-29 03:10 . 2015-10-13 22:26 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-09-29 03:10 . 2015-10-13 22:26 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-09-29 03:10 . 2015-10-13 22:26 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-09-29 03:10 . 2015-10-13 22:26 729088 ----a-w- c:\windows\system32\kerberos.dll
2015-09-29 03:10 . 2015-10-13 22:26 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-09-29 03:10 . 2015-10-13 22:26 1164800 ----a-w- c:\windows\system32\kernel32.dll
2015-09-29 03:10 . 2015-10-13 22:26 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-09-29 03:10 . 2015-10-13 22:26 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-09-29 03:10 . 2015-10-13 22:26 22016 ----a-w- c:\windows\system32\credssp.dll
2015-09-29 03:10 . 2015-10-13 22:26 112640 ----a-w- c:\windows\system32\smss.exe
2015-09-29 03:10 . 2015-10-13 22:26 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-09-29 03:09 . 2015-10-13 22:26 338432 ----a-w- c:\windows\system32\conhost.exe
2015-09-29 03:09 . 2015-10-13 22:26 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-09-29 03:05 . 2015-10-13 22:26 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-09-29 03:05 . 2015-10-13 22:26 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-09-29 03:05 . 2015-10-13 22:26 3990976 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-09-29 03:05 . 2015-10-13 22:26 3936192 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-09-29 03:02 . 2015-10-13 22:26 1311768 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-09-29 03:01 . 2015-10-13 22:26 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-09-29 03:01 . 2015-10-13 22:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-29 03:01 . 2015-10-13 22:26 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-09-29 02:59 . 2015-10-13 22:26 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-09-29 02:59 . 2015-10-13 22:26 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-09-29 02:59 . 2015-10-13 22:26 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-09-29 02:59 . 2015-10-13 22:26 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-09-29 02:59 . 2015-10-13 22:26 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-09-29 02:59 . 2015-10-13 22:26 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-09-29 02:58 . 2015-10-13 22:26 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
2015-09-29 02:58 . 2015-10-13 22:26 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-09-29 02:58 . 2015-10-13 22:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-09-29 02:58 . 2015-10-13 22:26 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-09-29 02:58 . 2015-10-13 22:26 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-09-29 02:57 . 2015-10-13 22:26 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-09-29 02:57 . 2015-10-13 22:26 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-09-29 02:57 . 2015-10-13 22:26 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-09-29 02:53 . 2015-10-13 22:26 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-09-29 02:53 . 2015-10-13 22:26 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-09-29 02:49 . 2015-10-13 22:26 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-09-29 02:49 . 2015-10-13 22:26 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-09-29 02:49 . 2015-10-13 22:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[-] 2002-01-02 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 830464 ----a-w- c:\users\KrapulJack\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 830464 ----a-w- c:\users\KrapulJack\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 830464 ----a-w- c:\users\KrapulJack\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2015-09-23 457088]
"uTorrent"="c:\users\KrapulJack\AppData\Roaming\uTorrent\uTorrent.exe" [2015-10-11 1822048]
"Web Companion"="c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" [2015-11-12 1409296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-02-12 127792]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
.
c:\users\KrapulJack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
rdejgqte.exe [2015-11-16 365568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
UltraMon.lnk - c:\windows\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico /auto [2012-9-20 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\users\KrapulJack\AppData\Local\jwmwvqkn\rdejgqte.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [x]
S2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [x]
S2 SearchProtectionService;IE Search Set;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
S3 ALSysIO;ALSysIO;c:\users\KRAPUL~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\KRAPUL~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Saffire;Saffire;c:\windows\system32\Drivers\Saffire.sys;c:\windows\SYSNATIVE\Drivers\Saffire.sys [x]
S3 SaffireAudio;Saffire Audio;c:\windows\system32\drivers\SaffireAudio.sys;c:\windows\SYSNATIVE\drivers\SaffireAudio.sys [x]
S3 SaffireMidi;Saffire MIDI;c:\windows\system32\drivers\SaffireMidi.sys;c:\windows\SYSNATIVE\drivers\SaffireMidi.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-10 23:55 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contenu du dossier 'Tâches planifiées'
.
2015-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 23:44]
.
2015-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 23:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\KrapulJack\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\KrapulJack\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\KrapulJack\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 548864]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe" [2015-08-27 9558752]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.ca/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-RdeJgqte - c:\users\KrapulJack\AppData\Local\jwmwvqkn\rdejgqte.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@DACL=(02 0000)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
c:\users\KrapulJack\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
c:\users\KrapulJack\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
c:\program files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
.
**************************************************************************
.
Heure de fin: 2015-11-16 18:14:41 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-11-16 23:14
ComboFix2.txt 2015-11-15 17:45
ComboFix3.txt 2015-11-15 13:47
.
Avant-CF: 28 526 895 104 bytes free
Après-CF: 28 233 482 240 bytes free
.
- - End Of File - - 0AECC6D756315C3DD400BFB4934422AD
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité