cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-07-10.01 - home 10/07/2015 17:59:29.1.4 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2036.1117 [GMT 1:00]
Lancé depuis: c:\users\home\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-06-10 au 2015-07-10 ))))))))))))))))))))))))))))))))))))
.
.
2015-07-10 17:17 . 2015-07-10 17:21 -------- d-----w- c:\users\home\AppData\Local\temp
2015-07-10 17:17 . 2015-07-10 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-10 15:44 . 2015-07-10 16:02 -------- d-----w- C:\AdwCleaner
2015-07-10 14:38 . 2015-07-10 14:39 -------- d-----w- c:\program files\ZHPFix
2015-06-15 18:03 . 2015-07-09 22:40 -------- d-----w- c:\users\home\AppData\Roaming\vlc
2015-06-15 18:00 . 2015-06-15 18:00 -------- d-----w- c:\program files\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-10 17:19 . 2015-01-27 16:34 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-10 12:59 . 2015-05-11 23:00 3711896 ----a-w- c:\windows\system32\%InstallDir%speclean.exe
2015-05-30 20:09 . 2015-01-29 18:02 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-20 12:55 . 2015-05-20 13:57 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-05-08 21:50 . 2015-03-26 12:57 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-05-08 21:49 . 2015-03-26 12:57 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-05-08 21:49 . 2015-03-31 22:28 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-05-01 11:32 . 2015-03-31 22:28 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-05-01 11:32 . 2015-03-31 22:28 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-05-01 11:32 . 2015-03-26 12:57 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-04-14 08:37 . 2015-01-27 16:34 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 08:37 . 2015-01-27 16:34 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 08:37 . 2015-01-27 16:34 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-02-19 5503768]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-12-10 143344]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-12-10 177136]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5088456]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-12-10 169456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2014-12-03 18:06 40336 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-02-19 16:40 5503768 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GfxServiceInstall]
2013-11-04 11:48 131 ----a-w- c:\windows\System32\GfxCUIServiceInstall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2015-05-20 22:23 3903056 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 NETwNs32;___ Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETwsn00.sys [2013-05-29 10375680]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2014-09-22 51288]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2014-09-22 191928]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2014-09-22 135296]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2014-09-22 37928]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-01-29 23840]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2014-10-01 1349576]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-04-14 92888]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2013-11-04 1349632]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2013-11-04 435200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-07-10 119512]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2014-01-07 270552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-06-18 669912]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2015-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-29 17:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.43.1
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\aluhiq1j.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-Google Update - c:\users\home\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2015-07-10 18:26:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-07-10 17:26
.
Avant-CF: 105 469 648 896 octets libres
Après-CF: 105 388 523 520 octets libres
.
- - End Of File - - 0C55E8AAE64C75319612EDFDFC7ED443
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité