Format du document : text/plain
Prévisualisation
ComboFix 15-07-10.01 - Win7 07/10/2015 19:51:31.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1256.20.1033.18.2012.988 [GMT 3:00]
Running from: c:\users\Win7\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Win7\AppData\Local\assembly\tmp
c:\users\Win7\ZHPDiag3.exe
.
c:\windows\System32\colorcpl.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2015-06-10 to 2015-07-10 )))))))))))))))))))))))))))))))
.
.
2015-07-09 08:22 . 2015-07-09 08:22 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-09 08:22 . 2015-07-09 16:47 -------- d-----w- c:\programdata\RogueKiller
2015-07-06 02:15 . 2015-07-06 02:15 -------- d-----w- C:\RegBackup
2015-07-06 01:40 . 2015-07-06 01:50 -------- d-----w- c:\program files\ZHPFix
2015-07-04 12:45 . 2015-07-04 12:45 -------- d-----w- C:\found.002
2015-06-30 15:39 . 2015-06-30 15:42 -------- d-----w- c:\users\Win7\AppData\Local\LINE
2015-06-30 15:39 . 2015-06-30 15:39 -------- d-----w- c:\program files\LINE
2015-06-30 15:38 . 2015-07-01 08:45 -------- d-----w- c:\users\Win7\AppData\Roaming\imo.im
2015-06-18 09:38 . 2011-11-05 10:19 107776 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2015-06-18 09:38 . 2011-11-05 10:19 107776 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2015-06-18 09:38 . 2011-11-05 10:19 107776 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2015-06-18 09:38 . 2011-07-12 07:44 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2015-06-18 09:38 . 2015-06-20 13:17 -------- d-----w- c:\program files\Etisalat USB modem
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-09 01:30 . 2013-12-09 16:29 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-09 01:30 . 2013-12-09 16:29 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-07 13:39 . 2014-04-05 14:02 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-21 16:30 . 2014-02-08 11:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2015-06-18 05:41 . 2014-04-05 14:01 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 05:41 . 2014-04-05 14:01 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 05:41 . 2014-04-05 14:01 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 12:47 . 2014-01-20 00:15 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2015-04-20 12:48 . 2015-04-20 12:53 3898960 ----a-w- c:\program files\IDMan.bak
2015-04-18 01:06 . 2015-04-20 12:53 122432 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-02-04 10:05 . 2015-04-20 12:53 16920 ----a-w- c:\program files\MediumILStart.exe
2013-10-08 11:37 . 2015-04-20 12:53 397336 ----a-w- c:\program files\idmindex.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-11-27 10:10 239272 ----a-w- c:\users\Win7\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-11-27 10:10 239272 ----a-w- c:\users\Win7\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-11-27 10:10 239272 ----a-w- c:\users\Win7\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-03-13 5529880]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-02 3898960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2013-06-20 687336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-11-10 138784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-11-10 172064]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-11-10 173600]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2013-09-19 606024]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
"UIExec"="c:\program files\Etisalat USB modem\UIExec.exe" [2011-04-02 139088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PrivateTunnel.lnk - c:\program files\OpenVPN Technologies\PrivateTunnel\PrivateTunnel.exe [2014-10-2 310680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HomeGuard AMC]
@="Service"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 HomeGuard AMC;HomeGuard AMC;c:\program files\HomeGuard\vglset.exe [2014-08-23 861696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-06-03 327296]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2013-03-07 14920]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2015-03-30 19984]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2013-03-07 9160]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-07-12 9216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-07-07 98520]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 SAllBDA;TeVii DVB-S/S2 Receiver;c:\windows\system32\Drivers\TeViiS2.sys [2013-10-28 166480]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-01-30 51824]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2014-08-13 51784]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2014-08-13 41544]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-01-30 193464]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-01-30 135808]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-01-30 37928]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2014-08-13 15944]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2014-08-13 186952]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2014-12-29 23840]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2013-09-19 63816]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2013-09-19 384840]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-01-28 1349576]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-04-18 122432]
S2 ptservice;Private Tunnel Core Service;c:\program files\OpenVPN Technologies\PrivateTunnel\ptservice.exe [2014-10-02 17816]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Etisalat USB modem\AssistantServices.exe [2011-08-25 269648]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2014-11-10 27768]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 27760]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2014-11-10 109256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 ptun0901;TAP Adapter V9 for Private Tunnel;c:\windows\system32\DRIVERS\ptun0901.sys [2014-08-08 23552]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2014-11-10 564912]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-08 00:55 991048 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-09 01:31]
.
2015-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-02 13:01]
.
2015-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d093cb697691ec.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-02 13:01]
.
2015-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-02 13:01]
.
2015-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d093cb6a3a59fa.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-02 13:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = https://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Bar = https://www.google.com/
mSearchMigratedDefaultURL = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uCustomizeSearch = https://www.google.com/
IE: &ÊÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1163517497-134154996-3967426762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* 3*g*p*\OpenWithList]
@Class="Shell"
"a"="mpc-hc.exe"
"MRUList"="ba"
"b"="PotPlayerMini.exe"
.
[HKEY_USERS\S-1-5-21-1163517497-134154996-3967426762-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* 3*g*p*\UserChoice]
@Denied: (2) (S-1-5-21-1163517497-134154996-3967426762-1000)
"Progid"="PotPlayerMini.3GP"
.
[HKEY_USERS\S-1-5-21-1163517497-134154996-3967426762-1000_Classes\CLSID\{62702a16-4c82-4097-b561-047dc9fe61c9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002b
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-1163517497-134154996-3967426762-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):7b,63,8b,35,68,ab,f6,39,df,2f,20,ab,80,a0,da,5b,9f,f1,e1,e9,b9,
5e,cf,c2,06,c5,27,53,16,e1,97,0a,3b,26,63,b1,2f,c8,ad,86,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-10 19:58:53
ComboFix-quarantined-files.txt 2015-07-10 16:58
.
Pre-Run: 44,408,442,880 bytes free
Post-Run: 44,324,036,608 bytes free
.
- - End Of File - - B89E41DD6A46EC041C15F426F5278DF5
A36C5E4F47E84449FF07ED3517B43A31