API tools faq
paste
Advertisement
Guest User

ComboFix

a guest
Oct 8th, 2016
440
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.37 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 16-09-28.01 - Barra 2016-10-06 0:34.3.8 - x64 MINIMAL
  2. Microsoft Windows 7 Entreprise 6.1.7601.1.1252.1.1033.18.8190.6966 [GMT -4:00]
  3. Lancé depuis: i:\images\Images\images Ó ranger\ComboFix.exe
  4. AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
  5. SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
  6. SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. * Un nouveau point de restauration a été créé
  8. .
  9. .
  10. (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
  11. .
  12. .
  13. .
  14. ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  15. .
  16. .
  17. -------\Service_PCSUService
  18. .
  19. .
  20. ((((((((((((((((((((((((((((( Fichiers créés du 2016-09-06 au 2016-10-06 ))))))))))))))))))))))))))))))))))))
  21. .
  22. .
  23. 2016-10-06 04:39 . 2016-10-06 04:39 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1332EB7-F293-4952-BDA7-4960A0A48F39}\offreg.860.dll
  24. 2016-10-06 04:38 . 2016-10-06 04:38 -------- d-----w- c:\users\Usager\AppData\Local\temp
  25. 2016-10-06 04:38 . 2016-10-06 04:38 -------- d-----w- c:\users\Public\AppData\Local\temp
  26. 2016-10-06 04:38 . 2016-10-06 04:38 -------- d-----w- c:\users\Nugus\AppData\Local\temp
  27. 2016-10-06 04:38 . 2016-10-06 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
  28. 2016-10-06 03:46 . 2016-10-06 03:46 -------- d-----w- c:\program files (x86)\TableTextService
  29. 2016-10-06 03:45 . 2016-10-06 03:45 -------- d-----w- c:\program files (x86)\1E00E080-1475725522-BC00-6DA9-90E6BAEEC4FF
  30. 2016-10-06 03:43 . 2016-10-06 03:47 -------- d-----w- c:\users\Barra\AppData\Local\GeoLocator
  31. 2016-10-04 23:37 . 2016-10-04 23:37 -------- d-----w- c:\program files (x86)\Common Files\Java
  32. 2016-10-04 22:35 . 2016-10-04 22:35 -------- d-----w- c:\program files (x86)\Common Files\Skype
  33. 2016-10-04 22:30 . 2016-10-04 22:32 -------- d-----w- C:\AdwCleaner
  34. 2016-10-04 21:11 . 2016-10-06 04:31 139704 ----a-w- c:\windows\system32\drivers\efavdrv.sys
  35. 2016-10-04 19:32 . 2016-10-04 19:32 -------- d-----w- c:\windows\system32\ripb
  36. 2016-10-04 19:15 . 2016-10-04 19:33 -------- d-----w- c:\users\Barra\AppData\Roaming\Hemkajdoa
  37. 2016-10-04 19:10 . 2016-10-04 19:10 478392 ----a-w- c:\windows\system32\drivers\5A0F2AE0.sys
  38. 2016-10-04 19:10 . 2016-10-04 19:29 -------- d-----w- C:\KVRT_Data
  39. 2016-10-04 18:42 . 2016-10-06 03:43 -------- d-----w- c:\users\Barra\ReportSender
  40. 2016-10-04 14:20 . 2016-09-15 01:18 12030488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1332EB7-F293-4952-BDA7-4960A0A48F39}\mpengine.dll
  41. 2016-10-04 14:20 . 2016-05-11 17:01 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D28A010-9378-4CF1-88BA-4285AC72583C}\gapaengine.dll
  42. 2016-10-03 14:20 . 2016-09-15 01:18 12030488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
  43. 2016-09-27 16:05 . 2016-09-27 16:05 -------- d-----w- c:\users\Barra\AppData\Local\SmartGuard
  44. 2016-09-09 04:26 . 2016-09-09 04:26 -------- d-----w- c:\users\Barra\AppData\Local\{415C729F-7314-46CA-AB34-C6188AFAFA86}
  45. 2016-09-09 04:26 . 2016-09-09 04:26 -------- d-----w- c:\users\Barra\AppData\Local\{E2CDB563-0785-4A7A-89DA-3BED4B6A4183}
  46. 2016-09-09 04:22 . 2016-09-09 04:22 -------- d-----w- C:\UDK
  47. 2016-09-08 23:00 . 2016-09-08 23:00 -------- d-----w- c:\program files (x86)\AGEIA Technologies
  48. 2016-09-08 23:00 . 2016-09-08 23:00 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
  49. 2016-09-08 22:59 . 2016-09-08 22:59 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
  50. 2016-09-08 22:58 . 2016-09-08 22:58 -------- d-----w- c:\program files (x86)\NCWest
  51. .
  52. .
  53. .
  54. (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
  55. .
  56. 2016-10-04 23:36 . 2015-05-19 04:30 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
  57. 2016-10-04 20:08 . 2014-06-20 21:05 357888 ----a-w- c:\windows\system32\dnsapi.dll
  58. 2016-09-14 03:56 . 2015-04-28 12:36 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  59. 2016-09-14 03:56 . 2015-04-28 12:36 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  60. 2016-07-27 19:25 . 2010-05-12 01:59 504488 ------w- c:\windows\system32\MpSigStub.exe
  61. .
  62. .
  63. ------- Sigcheck -------
  64. Note: Unsigned files aren't necessarily malware.
  65. .
  66. [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
  67. [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
  68. [-] 2015-08-01 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
  69. .
  70. [-] 2015-08-01 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
  71. [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
  72. [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
  73. .
  74. ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
  75. .
  76. .
  77. *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
  78. REGEDIT4
  79. .
  80. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
  81. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  82. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  83. 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
  84. .
  85. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
  86. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  87. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  88. 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
  89. .
  90. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
  91. @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
  92. [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
  93. 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
  94. .
  95. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
  96. @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
  97. [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
  98. 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
  99. .
  100. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
  101. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  102. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  103. 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
  104. .
  105. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
  106. @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
  107. [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
  108. 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
  109. .
  110. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
  111. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  112. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  113. 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
  114. .
  115. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
  116. @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
  117. [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
  118. 2016-09-30 17:42 223552 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll
  119. .
  120. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  121. "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-23 8204056]
  122. "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2016-09-12 29635712]
  123. "Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2016-08-03 3582240]
  124. "WeatherEye"="c:\users\Barra\AppData\Local\MétéoMédia\WeatherEye.exe" [2012-08-30 310920]
  125. .
  126. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  127. "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
  128. "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
  129. "StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-07-16 767176]
  130. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
  131. .
  132. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  133. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  134. "ConsentPromptBehaviorUser"= 3 (0x3)
  135. "EnableUIADesktopToggle"= 0 (0x0)
  136. "PromptOnSecureDesktop"= 0 (0x0)
  137. .
  138. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
  139. "LoadAppInit_DLLs"=1 (0x1)
  140. .
  141. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  142. BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
  143. .
  144. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\5A0F2AE0.sys]
  145. @="Driver"
  146. .
  147. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
  148. @="Service"
  149. .
  150. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
  151. R2 kss;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe -r [x]
  152. R2 msdotnetserv_v2050737;Microsoft .Net Framework v2.0.507237 ALP (X86);c:\program files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe;c:\program files (x86)\Microsoft.NET\v2.0.507237\msnetcore.exe [x]
  153. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
  154. R3 CORSGMS;Corsair M90 Gaming Mouse;c:\windows\system32\drivers\CORSGMS.sys;c:\windows\SYSNATIVE\drivers\CORSGMS.sys [x]
  155. R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]
  156. R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
  157. R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
  158. R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
  159. R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
  160. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
  161. R3 rzjstk;Razer Virtual Joystick Driver;c:\windows\system32\DRIVERS\rzjstk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjstk.sys [x]
  162. R3 rzkeypadendpt;Razer Keypad Endpoint;c:\windows\system32\DRIVERS\rzkeypadendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzkeypadendpt.sys [x]
  163. R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
  164. R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
  165. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
  166. R3 tsusbhub;tsusbhub;tsusbhub [x]
  167. S0 5A0F2AE0;5A0F2AE0;c:\windows\system32\drivers\5A0F2AE0.sys;c:\windows\SYSNATIVE\drivers\5A0F2AE0.sys [x]
  168. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
  169. S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
  170. S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe;c:\program files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [x]
  171. S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
  172. S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
  173. S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
  174. S3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
  175. S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
  176. S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
  177. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
  178. .
  179. .
  180. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  181. 2016-10-03 19:39 1266792 ----a-w- c:\program files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe
  182. .
  183. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
  184. 2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
  185. .
  186. Contenu du dossier 'Tâches planifiées'
  187. .
  188. 2016-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
  189. - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-28 03:56]
  190. .
  191. 2016-10-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1113095909-1052334430-274988008-1005Core.job
  192. - c:\users\Barra\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-01-02 21:22]
  193. .
  194. 2016-10-06 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1113095909-1052334430-274988008-1005UA.job
  195. - c:\users\Barra\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-01-02 21:22]
  196. .
  197. 2016-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  198. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-29 05:10]
  199. .
  200. 2016-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  201. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-01-29 05:10]
  202. .
  203. .
  204. --------- X64 Entries -----------
  205. .
  206. .
  207. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
  208. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  209. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  210. 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
  211. .
  212. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
  213. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  214. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  215. 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
  216. .
  217. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
  218. @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
  219. [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
  220. 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
  221. .
  222. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
  223. @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
  224. [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
  225. 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
  226. .
  227. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
  228. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  229. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  230. 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
  231. .
  232. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
  233. @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
  234. [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
  235. 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
  236. .
  237. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
  238. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  239. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  240. 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
  241. .
  242. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
  243. @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
  244. [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
  245. 2016-09-30 17:42 270144 ----a-w- c:\users\Barra\AppData\Roaming\Dropbox\bin\DropboxExt64.65536.dll
  246. .
  247. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  248. "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
  249. .
  250. ------- Examen supplémentaire -------
  251. .
  252. uLocal Page = c:\windows\system32\blank.htm
  253. uStart Page = hxxp://google.ca/
  254. mLocal Page = c:\windows\SysWOW64\blank.htm
  255. IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
  256. TCP: DhcpNameServer = 192.168.2.1
  257. TCP: Interfaces\{E36FC8D0-6663-4F87-8F33-DF4ED836A048}: DhcpNameServer = 192.168.0.1
  258. FF - ProfilePath - c:\users\Barra\AppData\Roaming\Mozilla\Firefox\Profiles\leam6ive.default-1380827612042\
  259. FF - prefs.js: network.proxy.type - 0
  260. .
  261. .
  262. ------- Associations de fichier -------
  263. .
  264. .scr=SageThumbsImage.scr
  265. .
  266. - - - - ORPHELINS SUPPRIMES - - - -
  267. .
  268. Wow6432Node-HKCU-Run-KSS - c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
  269. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk - c:\program files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe -hide
  270. AddRemove-InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5} - c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\setup.exe
  271. .
  272. .
  273. .
  274. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
  275. "ImagePath"="c:\windows\system32\GameMon.des -service"
  276. .
  277. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vycoweni]
  278. "ImagePath"="c:\program files (x86)\1E00E080-1475725522-BC00-6DA9-90E6BAEEC4FF\knsf22A.tmpfs"
  279. .
  280. --------------------- CLES DE REGISTRE BLOQUEES ---------------------
  281. .
  282. [HKEY_USERS\S-1-5-21-1113095909-1052334430-274988008-1005\Software\Tencent\°e)YXI*I*]
  283. "InstallPath"="i:\\chinois\\chinois"
  284. "setup"="i:\\chinois\\chinois\\tcls\\client.exe"
  285. .
  286. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Tencent\°e)YXI*I*]
  287. "InstallPath"="i:\\chinois\\chinois"
  288. "setup"="i:\\chinois\\chinois\\tcls\\client.exe"
  289. "install"="i:\\chinois\\chinois\\tcls\\client.exe"
  290. .
  291. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  292. @Denied: (Full) (Everyone)
  293. .
  294. ------------------------ Autres processus actifs ------------------------
  295. .
  296. c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  297. c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
  298. c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
  299. c:\users\Barra\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe
  300. .
  301. **************************************************************************
  302. .
  303. Heure de fin: 2016-10-06 00:43:19 - La machine a redémarré
  304. ComboFix-quarantined-files.txt 2016-10-06 04:43
  305. .
  306. Avant-CF: 22 013 796 352 bytes free
  307. Après-CF: 23 646 879 744 octets libres
  308. .
  309. - - End Of File - - 7D490EB1C23A59AACBF55118272DD390
  310. 5C616939100B85E558DA92B899A0FC36
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!