cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 16-03-19.01 - Admin 22/03/2016 1:08.1.2 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3003.1466 [GMT 1:00]
Lancé depuis: c:\users\Admin\Downloads\Programs\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: Kaspersky Internet Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Internet Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\mcbase.db
c:\users\Admin\AppData\Roaming\oboLfCjGNU.exe
c:\windows\security\logs\scecomp.log
c:\windows\SysWow64\SET2976.tmp
c:\windows\SysWow64\SET2EC7.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-02-22 au 2016-03-22 ))))))))))))))))))))))))))))))))))))
.
.
2016-03-22 00:26 . 2016-03-22 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-21 20:31 . 2013-05-06 07:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2016-03-21 20:31 . 2016-03-21 20:31 -------- d-----w- c:\windows\ELAMBKUP
2016-03-21 20:30 . 2016-03-21 21:33 -------- d-----w- c:\programdata\Kaspersky Lab
2016-03-21 20:30 . 2016-03-21 20:30 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-03-21 20:29 . 2015-12-06 00:12 940928 ----a-w- c:\windows\system32\drivers\klif.sys
2016-03-21 20:29 . 2015-12-06 00:12 181640 ----a-w- c:\windows\system32\drivers\klflt.sys
2016-03-21 20:29 . 2015-12-06 00:12 227000 ----a-w- c:\windows\system32\drivers\klhk.sys
2016-03-21 19:42 . 2016-03-21 19:46 -------- d-----w- C:\TDSSKiller_Quarantine
2016-03-19 20:12 . 2016-03-19 20:12 -------- d-----w- c:\users\Admin\AppData\Roaming\Goodgame Empire
2016-03-16 23:03 . 2016-03-16 23:03 -------- d-----w- c:\programdata\BDLogging
2016-03-13 14:20 . 2016-03-13 14:20 -------- d-----w- c:\users\Admin\.oracle_jre_usage
2016-03-12 20:34 . 2016-03-21 23:00 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2016-03-12 14:58 . 2016-03-12 14:58 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-03-12 14:41 . 2016-03-12 20:11 -------- d-----w- c:\programdata\AVAST Software
2016-03-06 15:25 . 2016-03-21 22:44 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-02-23 22:30 . 2016-02-23 22:30 -------- d-----w- c:\users\Admin\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-17 19:19 . 2015-09-01 17:10 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-17 19:19 . 2015-09-01 17:10 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-02 22:56 . 2016-02-02 22:56 6871040 ----a-w- c:\program files (x86)\GUT4C23.tmp
2016-01-15 20:53 . 2016-02-10 19:53 172032 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startupx\system.pif
2016-01-15 20:53 . 2016-02-10 19:53 172032 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Startupx\system.pif
2015-12-30 19:08 . 2016-01-12 19:45 5572544 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-30 19:08 . 2016-01-12 19:45 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-12-30 19:08 . 2016-01-12 19:45 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-12-30 19:05 . 2016-01-12 19:45 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-12-30 19:02 . 2016-01-12 19:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-12-30 19:02 . 2016-01-12 19:45 243712 ----a-w- c:\windows\system32\wow64.dll
2015-12-30 19:02 . 2016-01-12 19:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-12-30 19:02 . 2016-01-12 19:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-12-30 19:02 . 2016-01-12 19:45 210432 ----a-w- c:\windows\system32\wdigest.dll
2015-12-30 19:02 . 2016-01-12 19:45 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-12-30 19:01 . 2016-01-12 19:45 135680 ----a-w- c:\windows\system32\sspicli.dll
2015-12-30 19:01 . 2016-01-12 19:45 28672 ----a-w- c:\windows\system32\sspisrv.dll
2015-12-30 19:01 . 2016-01-12 19:45 503808 ----a-w- c:\windows\system32\srcore.dll
2015-12-30 19:01 . 2016-01-12 19:45 50176 ----a-w- c:\windows\system32\srclient.dll
2015-12-30 19:01 . 2016-01-12 19:45 28160 ----a-w- c:\windows\system32\secur32.dll
2015-12-30 19:01 . 2016-01-12 19:45 344064 ----a-w- c:\windows\system32\schannel.dll
2015-12-30 19:01 . 2016-01-12 19:45 1214464 ----a-w- c:\windows\system32\rpcrt4.dll
2015-12-30 19:00 . 2016-01-12 19:45 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-12-30 18:59 . 2016-01-12 19:45 312320 ----a-w- c:\windows\system32\ncrypt.dll
2015-12-30 18:59 . 2016-01-12 19:45 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-12-30 18:59 . 2016-01-12 19:45 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-12-30 18:58 . 2016-01-12 19:45 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-12-30 18:58 . 2016-01-12 19:45 1461248 ----a-w- c:\windows\system32\lsasrv.dll
2015-12-30 18:57 . 2016-01-12 19:45 729600 ----a-w- c:\windows\system32\kerberos.dll
2015-12-30 18:57 . 2016-01-12 19:45 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-12-30 18:57 . 2016-01-12 19:45 424448 ----a-w- c:\windows\system32\KernelBase.dll
2015-12-30 18:55 . 2016-01-12 19:45 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-12-30 18:55 . 2016-01-12 19:45 43520 ----a-w- c:\windows\system32\cryptbase.dll
2015-12-30 18:55 . 2016-01-12 19:45 22016 ----a-w- c:\windows\system32\credssp.dll
2015-12-30 18:54 . 2016-01-12 19:45 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-12-30 18:54 . 2016-01-12 19:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-12-30 18:54 . 2016-01-12 19:45 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-12-30 18:47 . 2016-01-12 19:45 3993536 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-12-30 18:47 . 2016-01-12 19:45 3938240 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-12-30 18:44 . 2016-01-12 19:45 1311768 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-12-30 18:41 . 2016-01-12 19:45 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-12-30 18:41 . 2016-01-12 19:45 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-12-30 18:41 . 2016-01-12 19:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-12-30 18:41 . 2016-01-12 19:45 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-12-30 18:41 . 2016-01-12 19:45 171520 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-12-30 18:41 . 2016-01-12 19:45 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-12-30 18:41 . 2016-01-12 19:45 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-12-30 18:40 . 2016-01-12 19:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-12-30 18:40 . 2016-01-12 19:45 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-12-30 18:39 . 2016-01-12 19:45 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-12-30 18:39 . 2016-01-12 19:45 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-12-30 18:39 . 2016-01-12 19:45 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-12-30 18:39 . 2016-01-12 19:45 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-12-30 18:38 . 2016-01-12 19:45 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-12-30 18:38 . 2016-01-12 19:45 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-12-30 18:37 . 2016-01-12 19:45 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-12-30 18:37 . 2016-01-12 19:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-30 18:37 . 2016-01-12 19:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files (x86)\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-10-21 3911248]
"{F4A12C7B-70CB-4C71-B757-135ECAEB0E6F}"="c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe" [2009-07-14 452608]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"BingSvc"="c:\users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-11-11 144008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files (x86)\OLITEC\ACU.exe" [2005-11-25 307200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
R2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vssbrigde64;vssbrigde64;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R4 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PrivoxyService;Privoxy (PrivoxyService);c:\program files (x86)\Techsmart Computer\privoxy.exe;c:\program files (x86)\Techsmart Computer\privoxy.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys;c:\windows\SYSNATIVE\Drivers\RtsUer.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S4 klkbdflt2;Kaspersky Lab KlKbdFlt2;c:\windows\system32\DRIVERS\klkbdflt2.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt2.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - 72052131
*NewlyCreated* - KLIM6
*NewlyCreated* - KLWTP
*Deregistered* - 72052131
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-10 20:17 1090376 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-01 19:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-14 163360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-14 387616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-14 418336]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1443292215&z=1e35e8695333f9b94bdcc14gbzdz8cbobtao1o2gfw&from=amt&uid=st9250311cs_s2x4fvfzxxxxs2x4fvfz&q={searchTerms}
mDefault_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1443292215&z=1e35e8695333f9b94bdcc14gbzdz8cbobtao1o2gfw&from=amt&uid=st9250311cs_s2x4fvfzxxxxs2x4fvfz
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1443292215&z=1e35e8695333f9b94bdcc14gbzdz8cbobtao1o2gfw&from=amt&uid=st9250311cs_s2x4fvfzxxxxs2x4fvfz&q={searchTerms}
uInternet Settings,ProxyServer = 127.0.0.1:8118
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 10.22.7.11 8.8.8.8
TCP: Interfaces\{C3675B71-BD33-40C7-9945-C5EDE272ECCD}: DhcpNameServer = 10.22.7.11 8.8.8.8
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0u9501x1.default-1445021384584\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-31397944.sys
SafeBoot-62141802.sys
SafeBoot-72052131.sys
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-842603151-3634318483-2918557354-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):01,e6,ec,28,ea,34,c8,79,f6,80,7e,e0,72,5e,a2,43,93,f9,0a,f8,d9,
5e,98,ae,f5,95,c0,e9,ef,4f,71,18,3f,22,40,66,2c,c9,d2,ba,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-842603151-3634318483-2918557354-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):44,cc,13,98,09,13,60,61,2f,bc,9d,9a,a9,ce,17,96,d6,bb,ad,10,7e,
a7,3c,be,55,09,10,b0,c1,d9,69,bd,56,9e,e6,ea,e5,ae,59,a2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-842603151-3634318483-2918557354-1000_Classes\Wow6432Node\CLSID\{c789f27a-0dae-4ab3-a657-9997b0015df0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000010f
"Therad"=dword:0000001d
.
[HKEY_USERS\S-1-5-21-842603151-3634318483-2918557354-1000_Classes\Wow6432Node\CLSID\{ef284293-1934-4dd3-a463-91b4440497b4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000138
"Therad"=dword:0000000f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2016-03-22 01:32:58
ComboFix-quarantined-files.txt 2016-03-22 00:32
.
Avant-CF: 61 376 573 440 octets libres
Après-CF: 60 982 120 448 octets libres
.
- - End Of File - - 1ADFF482EE1A63AD9A024F84E4703952
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité