Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 16-09-28.01 - Barra 2016-10-06 0:34.3.8 - x64 MINIMAL
- Microsoft Windows 7 Entreprise 6.1.7601.1.1252.1.1033.18.8190.6966 [GMT -4:00]
- Lancé depuis: i:\images\Images\images Ó ranger\ComboFix.exe
- AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
- SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
- SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- * Un nouveau point de restauration a été créé
- .
- .
- (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- .
- ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- -------\Service_PCSUService
- .
- .
- ((((((((((((((((((((((((((((( Fichiers créés du 2016-09-06 au 2016-10-06 ))))))))))))))))))))))))))))))))))))
- .
- .
- 2016-10-06 04:39 . 2016-10-06 04:39 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1332EB7-F293-4952-BDA7-4960A0A48F39}\offreg.860.dll
- 2016-10-06 04:38 . 2016-10-06 04:38 -------- d-----w- c:\users\Usager\AppData\Local\temp
- 2016-10-06 04:38 . 2016-10-06 04:38 -------- d-----w- c:\users\Public\AppData\Local\temp
- 2016-10-06 04:38 . 2016-10-06 04:38 -------- d-----w- c:\users\Nugus\AppData\Local\temp
- 2016-10-06 04:38 . 2016-10-06 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
- 2016-10-06 03:46 . 2016-10-06 03:46 -------- d-----w- c:\program files (x86)\TableTextService
- 2016-10-06 03:45 . 2016-10-06 03:45 -------- d-----w- c:\program files (x86)\1E00E080-1475725522-BC00-6DA9-90E6BAEEC4FF
- 2016-10-06 03:43 . 2016-10-06 03:47 -------- d-----w- c:\users\Barra\AppData\Local\GeoLocator
- 2016-10-04 23:37 . 2016-10-04 23:37 -------- d-----w- c:\program files (x86)\Common Files\Java
- 2016-10-04 22:35 . 2016-10-04 22:35 -------- d-----w- c:\program files (x86)\Common Files\Skype
- 2016-10-04 22:30 . 2016-10-04 22:32 -------- d-----w- C:\AdwCleaner
- 2016-10-04 21:11 . 2016-10-06 04:31 139704 ----a-w- c:\windows\system32\drivers\efavdrv.sys
- 2016-10-04 19:32 . 2016-10-04 19:32 -------- d-----w- c:\windows\system32\ripb
- 2016-10-04 19:15 . 2016-10-04 19:33 -------- d-----w- c:\users\Barra\AppData\Roaming\Hemkajdoa
- 2016-10-04 19:10 . 2016-10-04 19:10 478392 ----a-w- c:\windows\system32\drivers\5A0F2AE0.sys
- 2016-10-04 19:10 . 2016-10-04 19:29 -------- d-----w- C:\KVRT_Data
- 2016-10-04 18:42 . 2016-10-06 03:43 -------- d-----w- c:\users\Barra\ReportSender
- 2016-10-04 14:20 . 2016-09-15 01:18 12030488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1332EB7-F293-4952-BDA7-4960A0A48F39}\mpengine.dll
- 2016-10-04 14:20 . 2016-05-11 17:01 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D28A010-9378-4CF1-88BA-4285AC72583C}\gapaengine.dll
- 2016-10-03 14:20 . 2016-09-15 01:18 12030488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
- 2016-09-27 16:05 . 2016-09-27 16:05 -------- d-----w- c:\users\Barra\AppData\Local\SmartGuard
- 2016-09-09 04:26 . 2016-09-09 04:26 -------- d-----w- c:\users\Barra\AppData\Local\{415C729F-7314-46CA-AB34-C6188AFAFA86}
- 2016-09-09 04:26 . 2016-09-09 04:26 -------- d-----w- c:\users\Barra\AppData\Local\{E2CDB563-0785-4A7A-89DA-3BED4B6A4183}
- 2016-09-09 04:22 . 2016-09-09 04:22 -------- d-----w- C:\UDK
- 2016-09-08 23:00 . 2016-09-08 23:00 -------- d-----w- c:\program files (x86)\AGEIA Technologies
- 2016-09-08 23:00 . 2016-09-08 23:00 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
- 2016-09-08 22:59 . 2016-09-08 22:59 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
- 2016-09-08 22:58 . 2016-09-08 22:58 -------- d-----w- c:\program files (x86)\NCWest
- .
- .
- .
- (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2016-10-04 23:36 . 2015-05-19 04:30 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
- 2016-10-04 20:08 . 2014-06-20 21:05 357888 ----a-w- c:\windows\system32\dnsapi.dll
- 2016-09-14 03:56 . 2015-04-28 12:36 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
- 2016-09-14 03:56 . 2015-04-28 12:36 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
- 2016-07-27 19:25 . 2010-05-12 01:59 504488 ------w- c:\windows\system32\MpSigStub.exe
- .
- .
- ------- Sigcheck -------
- Note: Unsigned files aren't necessarily malware.
- .
- [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
- [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
- [-] 2015-08-01 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
- .
- [-] 2015-08-01 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
- [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
- [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
- .
- ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
- REGEDIT4
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
- @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
- @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
- @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
- @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
- @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
- @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
- @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
- @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
- .
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056]
- "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-09-12 29635712]
- "Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2016-08-03 3582240]
- "WeatherEye"="c:\users\Barra\AppData\Local\MétéoMédia\WeatherEye.exe" [2012-08-30 310920]
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
- "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
- "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
- "StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-07-16 767176]
- "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
- "ConsentPromptBehaviorAdmin"= 5 (0x5)
- "ConsentPromptBehaviorUser"= 3 (0x3)
- "EnableUIADesktopToggle"= 0 (0x0)
- "PromptOnSecureDesktop"= 0 (0x0)
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
- "LoadAppInit_DLLs"=1 (0x1)
- .
- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
- BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5A0F2AE0.sys]
- @="Driver"
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
- @="Service"
- .
- R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
- R2 kss;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r [x]
- R2 msdotnetserv_v2050737;Microsoft .Net Framework v2.0.507237 ALP (X86);c:\program files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe;c:\program files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe [x]
- R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
- R3 CORSGMS;Corsair M90 Gaming Mouse;c:\windows\system32\drivers\CORSGMS.sys;c:\windows\SYSNATIVE\drivers\CORSGMS.sys [x]
- R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]
- R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
- R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
- R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
- R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
- R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
- R3 rzjstk;Razer Virtual Joystick Driver;c:\windows\system32\DRIVERS\rzjstk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjstk.sys [x]
- R3 rzkeypadendpt;Razer Keypad Endpoint;c:\windows\system32\DRIVERS\rzkeypadendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzkeypadendpt.sys [x]
- R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
- R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
- R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
- R3 tsusbhub;tsusbhub;tsusbhub [x]
- S0 5A0F2AE0;5A0F2AE0;c:\windows\system32\drivers\5A0F2AE0.sys;c:\windows\SYSNATIVE\drivers\5A0F2AE0.sys [x]
- S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
- S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
- S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [x]
- S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
- S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
- S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
- S3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
- S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
- S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
- S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
- .
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
- 2016-10-03 19:39 1266792 ----a-w- c:\program files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
- 2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
- .
- Contenu du dossier 'Tâches planifiées'
- .
- 2016-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-28 03:56]
- .
- 2016-10-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1113095909-1052334430-274988008-1005Core.job
- - c:\users\Barra\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-01-02 21:22]
- .
- 2016-10-06 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1113095909-1052334430-274988008-1005UA.job
- - c:\users\Barra\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-01-02 21:22]
- .
- 2016-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-29 05:10]
- .
- 2016-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-29 05:10]
- .
- .
- --------- X64 Entries -----------
- .
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
- @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
- @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
- @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
- @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
- @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
- @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
- @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
- @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
- [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
- 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
- .
- ------- Examen supplémentaire -------
- .
- uLocal Page = c:\windows\system32\blank.htm
- uStart Page = hxxp://google.ca/
- mLocal Page = c:\windows\SysWOW64\blank.htm
- IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
- TCP: DhcpNameServer = 192.168.2.1
- TCP: Interfaces\{E36FC8D0-6663-4F87-8F33-DF4ED836A048}: DhcpNameServer = 192.168.0.1
- FF - ProfilePath - c:\users\Barra\AppData\Roaming\Mozilla\Firefox\Profiles\leam6ive.default-1380827612042\
- FF - prefs.js: network.proxy.type - 0
- .
- .
- ------- Associations de fichier -------
- .
- .scr=SageThumbsImage.scr
- .
- - - - - ORPHELINS SUPPRIMES - - - -
- .
- Wow6432Node-HKCU-Run-KSS - c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk - c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe -hide
- AddRemove-InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5} - c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\setup.exe
- .
- .
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
- "ImagePath"="c:\windows\system32\GameMon.des -service"
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vycoweni]
- "ImagePath"="c:\program files (x86)\1E00E080-1475725522-BC00-6DA9-90E6BAEEC4FF\knsf22A.tmpfs"
- .
- --------------------- CLES DE REGISTRE BLOQUEES ---------------------
- .
- [HKEY_USERS\S-1-5-21-1113095909-1052334430-274988008-1005\Software\Tencent\°e)YXI*I*]
- "InstallPath"="i:\\chinois\\chinois"
- "setup"="i:\\chinois\\chinois\\tcls\\client.exe"
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Tencent\°e)YXI*I*]
- "InstallPath"="i:\\chinois\\chinois"
- "setup"="i:\\chinois\\chinois\\tcls\\client.exe"
- "install"="i:\\chinois\\chinois\\tcls\\client.exe"
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
- @Denied: (Full) (Everyone)
- .
- ------------------------ Autres processus actifs ------------------------
- .
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
- c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
- c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
- c:\users\Barra\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe
- .
- **************************************************************************
- .
- Heure de fin: 2016-10-06 00:43:19 - La machine a redémarré
- ComboFix-quarantined-files.txt 2016-10-06 04:43
- .
- Avant-CF: 22 013 796 352 bytes free
- Après-CF: 23 646 879 744 octets libres
- .
- - - End Of File - - 7D490EB1C23A59AACBF55118272DD390
- 5C616939100B85E558DA92B899A0FC36
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement