cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 16-06-01.01 - AKH 17/06/2016 0:48.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.2909.1784 [GMT 0:00]
Lancé depuis: c:\users\AKH\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\readme.txt
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\users\AKH\AppData\Roaming\OpenCandy.dll
c:\windows\msdownld.tmp
c:\windows\system32\drivers\88f100e0e351d6fa.sys
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_88f100e0e351d6fa
-------\Service_88f100e0e351d6fa
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-05-17 au 2016-06-17 ))))))))))))))))))))))))))))))))))))
.
.
2016-06-17 00:54 . 2016-06-17 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-17 00:11 . 2016-06-17 00:11 -------- d-----w- C:\OneDriveTemp
2016-06-16 00:46 . 2016-06-16 00:46 -------- d-----w- C:\swsetup
2016-06-14 23:07 . 2016-06-14 23:07 -------- d-----w- c:\programdata\TweakBit
2016-06-14 23:07 . 2016-06-16 01:37 -------- d-----w- c:\program files\TweakBit
2016-06-14 01:49 . 2016-06-14 01:49 -------- d-----w- c:\programdata\dbg
2016-06-14 00:11 . 2016-06-16 02:20 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-14 02:03 . 2015-10-07 00:43 73252224 ----a-w- c:\programdata\msgvvojcx.exe
2016-06-14 01:58 . 2015-10-07 00:43 103681408 ----a-w- c:\programdata\mspfdzj.exe
2016-06-14 01:50 . 2016-02-16 13:16 2062848 ----a-w- c:\windows\system32\wuaueng.dll
2016-06-14 01:50 . 2015-10-06 01:35 585728 ----a-w- c:\windows\system32\qmgr.dll
2016-05-12 22:09 . 2015-10-06 23:06 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-12 22:09 . 2015-10-06 23:06 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-05-09 23:46 . 2015-10-07 00:30 106496 ----a-w- c:\windows\system32\ATL71.DLL
2016-04-21 20:30 . 2015-10-06 01:09 374944 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-04 08:47 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-05-17 23:21 1602248 ----a-w- c:\users\AKH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-05-17 23:21 1602248 ----a-w- c:\users\AKH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-05-17 23:21 1602248 ----a-w- c:\users\AKH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-05-17 23:21 1602248 ----a-w- c:\users\AKH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-05-17 23:21 1602248 ----a-w- c:\users\AKH\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="c:\users\AKH\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2016-05-17 554184]
"{BA7630D1-7D54-4943-8FB3-89CA7EBDD02D}"="c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe" [2009-07-14 452608]
"BingSvc"="c:\users\AKH\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2016-02-15 144008]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2016-01-08 588288]
"iSkysoft Helper Compact.exe"="c:\program files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe" [2014-04-04 2000896]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2016-03-03 286960]
"RealDownloader"="c:\program files\RealNetworks\RealDownloader\downloader2.exe" [2016-02-03 712432]
"syshost32"="c:\windows\Installer\{C154FD61-1375-70B4-0927-0EDCE903BF56}\syshost.exe" [2016-03-17 253952]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-10-06 280576]
.
c:\users\AKH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE /TrayOnly [2010-3-25 30969208]
OneNote 2010 - Capture d’écran et lancement.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealTimes.lnk - c:\program files\Real\RealPlayer\RPDS\Bin\rpsystray.exe [2016-3-3 7493904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
Contenu du dossier 'Tâches planifiées'
.
2016-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-06 22:09]
.
2016-06-17 c:\windows\Tasks\BYAIAMUF.job
- c:\users\AKH\AppData\Roaming\BYAIAMUF.exe [2015-10-12 21:11]
.
2016-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-06 00:36]
.
2016-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-06 00:36]
.
.
------- Examen supplémentaire -------
.
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: nikonimaging.com\eizo-svc.gb
Trusted Zone: nikonimaging.com\sdl-svc.gb
TCP: DhcpNameServer = 192.168.1.1
DPF: {529D447D-B36F-448F-A7D8-FB50EF58CA87} - hxxps://sdl-svc.gb.nikonimaging.com/BravaSDK/ActiveX/viewer/client/BravaClientXWrapper.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-RealPlayer 18.1 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
c:\program files\Real\UpdateService\RealPlayerUpdateSvc.exe
c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft Office\Office14\GROOVE.EXE
c:\program files\Microsoft Office\Office14\ONENOTEM.EXE
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
.
**************************************************************************
.
Heure de fin: 2016-06-17 01:03:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-06-17 01:03
.
Avant-CF: 98 027 012 096 octets libres
Après-CF: 100 148 826 112 octets libres
.
- - End Of File - - EA19DED0AA94C1BEA1B8FB99A6179731
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité