cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 16-01-31.01 - la ilaha ila allh 02/03/2016 20:06:19.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.213.1033.18.2040.1053 [GMT 1:00]
Running from: c:\users\la ilaha ila allh\Downloads\ComboFix.exe
AV: ESET Smart Security 9.0.349.15 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ÌÏÇÑ ÇáÍãÇíÉ ÇáÔÎÕí ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.349.15 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\system32\DEBUG.log
c:\windows\system32\ReadMe.txt
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-01-03 to 2016-02-03 )))))))))))))))))))))))))))))))
.
.
2016-02-03 19:11 . 2016-02-03 19:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-03 18:42 . 2016-02-03 18:48 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-03 18:41 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-03 18:41 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-03 18:41 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-03 18:41 . 2016-02-03 18:41 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-02-03 18:12 . 2016-02-03 18:12 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.1256.dll
2016-02-03 01:08 . 2016-02-03 01:08 -------- d-----w- c:\programdata\Malwarebytes
2016-02-03 00:35 . 2016-02-03 00:35 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.408.dll
2016-02-03 00:32 . 2016-02-03 16:53 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-03 00:32 . 2016-02-03 00:43 -------- d-----w- c:\programdata\RogueKiller
2016-02-02 23:46 . 2016-02-02 23:46 69632 ----a-w- c:\windows\system32\smss.exe
2016-02-02 23:46 . 2016-02-02 23:46 640512 ----a-w- c:\windows\system32\advapi32.dll
2016-02-02 23:46 . 2016-02-02 23:46 619520 ----a-w- c:\windows\system32\tdh.dll
2016-02-02 23:46 . 2016-02-02 23:46 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2016-02-02 23:46 . 2016-02-02 23:46 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-02-02 23:46 . 2016-02-02 23:46 38912 ----a-w- c:\windows\system32\csrsrv.dll
2016-02-02 23:46 . 2016-02-02 23:46 1289096 ----a-w- c:\windows\system32\ntdll.dll
2016-02-02 23:46 . 2016-02-02 23:46 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2016-02-02 23:46 . 2016-02-02 23:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2016-02-02 23:46 . 2016-02-02 23:46 231424 ----a-w- c:\windows\system32\mswsock.dll
2016-02-02 23:46 . 2016-02-02 23:46 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2016-02-02 23:46 . 2016-02-02 23:46 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-02-02 23:46 . 2016-02-02 23:46 49152 ----a-w- c:\windows\system32\taskhost.exe
2016-02-02 23:43 . 2016-02-02 23:43 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-02-02 23:41 . 2016-02-02 23:41 1505280 ----a-w- c:\windows\system32\d3d11.dll
2016-02-02 22:37 . 2016-02-03 17:47 -------- d-----w- c:\programdata\SecTaskMan
2016-02-02 22:37 . 2016-02-02 22:37 -------- d-----w- c:\program files\Security Task Manager
2016-02-02 22:03 . 2016-02-02 22:03 -------- d-----w- c:\program files\ESET
2016-02-02 21:02 . 2016-02-02 21:02 -------- d-----w- C:\found.000
2016-02-02 20:49 . 2016-02-02 20:52 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2016-02-02 20:34 . 2016-02-02 20:34 -------- d-----w- c:\program files\CPUID
2016-02-02 19:51 . 2016-02-02 19:51 -------- d-----w- c:\programdata\GlarySoft
2016-02-02 18:55 . 2016-02-02 18:55 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2016-02-02 18:55 . 2016-02-03 17:01 -------- d-----w- c:\program files\Glary Utilities 5
2016-02-01 19:30 . 2016-02-01 19:30 -------- d-----w- c:\program files\Microsoft.NET
2016-02-01 18:56 . 2016-02-01 18:56 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2016-02-01 18:56 . 2016-02-02 14:44 -------- d-----w- c:\program files\Common Files\Adobe
2016-02-01 18:46 . 2016-02-01 18:46 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.4264.dll
2016-01-31 20:10 . 2016-01-31 20:10 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.5168.dll
2016-01-31 19:56 . 2009-03-28 11:55 937449 ----a-w- c:\windows\system32\libeay32.dll
2016-01-31 19:56 . 2008-06-29 19:48 188760 ----a-w- c:\windows\system32\libssl32.dll
2016-01-31 19:41 . 2016-01-31 20:00 -------- d-----w- C:\dvbdream
2016-01-31 19:18 . 2016-01-31 19:18 -------- d-----w- c:\programdata\Technisat
2016-01-31 19:18 . 2016-01-31 19:18 -------- d-----w- c:\program files\DVBViewer TE2
2016-01-31 19:18 . 2016-01-31 19:18 -------- d-----w- c:\program files\MainConcept
2016-01-31 19:17 . 2016-01-31 19:19 -------- d-----w- c:\program files\TechniSat DVB
2016-01-31 19:17 . 2016-01-31 19:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2016-01-31 19:16 . 2016-01-31 19:16 -------- d-----w- c:\program files\Common Files\InstallShield
2016-01-31 19:16 . 2010-05-10 08:09 627288 ----a-w- c:\windows\system32\drivers\SkyNET.sys
2016-01-30 19:38 . 2016-01-30 19:38 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.3588.dll
2016-01-28 23:34 . 2016-01-28 23:34 -------- d-----w- c:\programdata\TechSmith
2016-01-28 23:34 . 2016-01-28 23:34 -------- d-----w- c:\program files\TechSmith
2016-01-27 22:17 . 2016-01-27 22:17 -------- d-----w- c:\program files\Mozilla Maintenance Service
2016-01-27 21:13 . 2016-01-27 21:13 85616 ----a-w- c:\windows\system32\RtNicProp32.dll
2016-01-27 21:13 . 2016-01-27 21:13 109648 ----a-w- c:\windows\system32\RTNUninst32.dll
2016-01-27 21:13 . 2016-01-27 21:13 769280 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2016-01-27 20:58 . 2016-01-27 20:58 -------- d-----w- c:\windows\system32\DAX2
2016-01-27 20:58 . 2016-01-27 20:58 -------- d-----w- c:\program files\Realtek
2016-01-27 20:58 . 2016-01-27 20:58 -------- d-----w- c:\windows\system32\RTCOM
2016-01-27 19:57 . 2016-01-27 19:57 -------- d-----w- c:\program files\VideoLAN
2016-01-27 18:42 . 2016-02-02 11:08 -------- d-----w- c:\programdata\ProductData
2016-01-27 18:41 . 2016-01-27 18:42 -------- d-----w- c:\programdata\IObit
2016-01-27 18:41 . 2016-01-27 18:41 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2016-01-26 22:06 . 2016-01-26 13:16 -------- d-----w- c:\windows\Panther
2016-01-26 22:06 . 2016-01-26 22:06 -------- d-----w- C:\Boot
2016-01-26 21:54 . 2016-02-02 11:33 409088 ----a-w- c:\windows\systemcplx86.dll
2016-01-26 19:51 . 2016-01-26 19:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.2700.dll
2016-01-26 16:26 . 2016-01-26 16:26 -------- d-----w- c:\programdata\IDM
2016-01-26 15:29 . 2016-02-02 22:04 -------- d-sh--w- c:\windows\Installer
2016-01-26 15:28 . 2016-01-26 15:28 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\offreg.548.dll
2016-01-26 15:23 . 2016-01-26 15:23 -------- d-----w- c:\program files\GUMA840.tmp
2016-01-26 15:23 . 2016-01-26 15:23 6420480 ----a-w- c:\program files\GUTA841.tmp
2016-01-26 15:09 . 2016-01-26 16:11 -------- d-----w- c:\program files\Google
2016-01-26 15:09 . 2016-01-26 15:09 -------- d-----w- c:\program files\GUM7945.tmp
2016-01-26 15:09 . 2016-01-26 15:09 50063360 ----a-w- c:\program files\GUT7946.tmp
2016-01-26 14:48 . 2016-01-26 14:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2016-01-26 14:36 . 2016-01-26 14:36 -------- d-----w- c:\program files\Common Files\AV
2016-01-26 14:35 . 2015-12-16 09:15 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5979165-6329-4A82-9123-CE226BC566E8}\mpengine.dll
2016-01-26 14:35 . 2015-12-02 12:25 247976 ------w- c:\windows\system32\MpSigStub.exe
2016-01-26 14:08 . 2016-01-26 14:08 -------- d-----w- c:\windows\system32\Macromed
2016-01-26 13:23 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2016-01-26 13:23 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2016-01-26 13:23 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2016-01-26 13:23 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2016-01-26 13:23 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2016-01-26 13:23 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2016-01-26 13:23 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2016-01-26 13:22 . 2014-05-14 08:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2016-01-26 13:22 . 2014-05-14 08:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2016-01-26 13:16 . 2016-01-30 19:40 -------- d-----w- c:\users\la ilaha ila allh
2016-01-26 13:15 . 2016-01-26 13:15 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-02 20:38 . 2010-11-20 21:29 6656 ----a-w- c:\windows\system32\lpcio.dll
2015-12-08 14:25 . 2015-12-08 14:25 205800 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-11-27 12:03 . 2015-11-27 12:03 56944 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2015-11-27 12:03 . 2015-11-27 12:03 44608 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2015-11-27 12:03 . 2015-11-27 12:03 161992 ----a-w- c:\windows\system32\drivers\epfw.sys
2015-11-27 12:03 . 2015-11-27 12:03 146024 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2015-11-27 12:03 . 2015-11-27 12:03 111040 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2016-02-01 37056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2016-01-27 150552]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2016-01-27 173592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2016-01-27 141848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]
backup=c:\windows\pss\Server4PC.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 9.lnk]
backup=c:\windows\pss\Snagit 9.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2016-01-27 20:57 14688512 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-02-02 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-11-27 56944]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-12-08 205800]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-11-27 146024]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-11-27 44608]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-02-02 17472]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-01-27 23840]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2015-11-27 111040]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-11-19 1983424]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2016-02-03 170200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2016-01-27 769280]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET.SYS [2010-05-10 627288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-28 23:41 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-01-26 15:23]
.
2016-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-01-26 15:23]
.
.
------- Supplementary Scan -------
.
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 0.0.0.0
FF - ProfilePath - c:\users\la ilaha ila allh\AppData\Roaming\Mozilla\Firefox\Profiles\jtafc60t.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3437434051-828108660-2755165165-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):62,4a,2f,4b,5c,e7,e4,35,c4,77,cb,c7,6c,a1,98,3d,f4,ba,04,5d,f2,
26,d6,bf,1d,00,ec,cc,bb,db,9d,93,a0,f1,27,68,72,72,f5,77,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3437434051-828108660-2755165165-1000_Classes\CLSID\{ee234b8e-72e4-4e2d-a195-9ebabe370c80}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000020
"Therad"=dword:00000008
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-02-03 20:15:09
ComboFix-quarantined-files.txt 2016-02-03 19:15
.
Pre-Run: 34,698,035,200 bytes free
Post-Run: 34,568,724,480 bytes free
.
- - End Of File - - 97438CE66617AAF8BA995CD5278FAC36
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité