cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-07-16.01 - g3n-h@ckm@n 16/07/2015 9:55.2.1 - x64 MINIMAL
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1282.789 [GMT 2:00]
Lancé depuis: c:\users\g3n-h@ckm@n\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\g3n-h@ckm@n\Desktop\CFscript.Txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-06-16 au 2015-07-16 ))))))))))))))))))))))))))))))))))))
.
.
2015-07-16 07:58 . 2015-07-16 07:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-13 10:32 . 2015-07-13 10:35 -------- d-----w- C:\QuickDiag
2015-07-11 08:02 . 2015-07-11 08:02 -------- d-----w- c:\windows\SysWow64\Wat
2015-07-11 08:02 . 2015-07-11 08:02 -------- d-----w- c:\windows\system32\Wat
2015-07-11 01:10 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-11 01:10 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-11 01:08 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2015-07-11 01:08 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2015-07-11 01:08 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2015-07-11 01:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-07-11 01:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-07-11 01:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-07-11 01:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-07-11 01:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-07-11 01:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-07-11 01:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-07-11 01:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-07-10 11:41 . 2015-07-10 11:43 -------- d--h--w- c:\windows\AxInstSV
2015-07-10 09:16 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2015-07-10 09:16 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2015-07-10 09:16 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2015-07-10 09:16 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2015-07-10 09:16 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2015-07-10 09:16 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2015-07-10 09:12 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-07-10 09:11 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2015-07-10 09:10 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2015-07-10 09:08 . 2015-03-10 03:25 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-07-10 09:07 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys
2015-07-10 09:06 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2015-07-10 09:06 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-07-10 09:06 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-07-10 09:06 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2015-07-10 09:06 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2015-07-10 09:05 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-07-10 09:05 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2015-07-10 09:05 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2015-07-10 09:05 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2015-07-10 09:05 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2015-07-10 09:05 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2015-07-10 09:05 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2015-07-10 09:02 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2015-07-10 08:59 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2015-07-10 08:59 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2015-07-10 08:59 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2015-07-10 08:59 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2015-07-10 08:57 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2015-07-10 08:57 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2015-07-10 08:57 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2015-07-10 08:57 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2015-07-10 08:57 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-07-10 08:57 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-07-10 08:57 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2015-07-10 08:57 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2015-07-10 08:57 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2015-07-10 08:57 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2015-07-10 08:57 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2015-07-10 08:56 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2015-07-10 08:56 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2015-07-10 08:56 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2015-07-10 08:56 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2015-07-10 08:56 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2015-07-10 08:56 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2015-07-10 08:56 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2015-07-10 08:56 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2015-07-10 08:54 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2015-07-10 08:54 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2015-07-10 08:54 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2015-07-10 08:54 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2015-07-10 08:54 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2015-07-10 08:54 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2015-07-10 08:54 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-07-10 08:54 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-07-10 08:54 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-07-10 08:50 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2015-07-10 08:50 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2015-07-10 08:50 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2015-07-10 08:50 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2015-07-10 08:50 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2015-07-10 08:50 . 2015-02-04 03:16 392192 ----a-w- c:\windows\system32\WMPhoto.dll
2015-07-10 08:50 . 2015-02-04 02:54 318464 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-07-10 08:35 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2015-07-10 08:35 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-07-10 08:27 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2015-07-10 08:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2015-07-10 08:27 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2015-07-10 07:49 . 2015-07-10 07:55 -------- d-----w- C:\Pre_Scan
2015-06-26 11:22 . 2015-06-26 11:22 -------- d-----w- C:\_OTL
2015-06-19 16:05 . 2015-06-19 16:05 1378700 ----a-w- c:\windows\SysWow64\rstrui.exe_
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-09 03:13 . 2015-07-10 09:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 1
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 1
"DisableRegedit"= 0
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 VBoxGuest;VirtualBox Guest Driver;c:\windows\system32\DRIVERS\VBoxGuest.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxGuest.sys [x]
S1 VBoxSF;VirtualBox Shared Folders;c:\windows\system32\drivers\VBoxSF.sys;c:\windows\SYSNATIVE\drivers\VBoxSF.sys [x]
S2 VBoxService;VirtualBox Guest Additions Service;c:\windows\system32\VBoxService.exe;c:\windows\SYSNATIVE\VBoxService.exe [x]
S3 VBoxMouse;VirtualBox Guest Mouse Service;c:\windows\system32\DRIVERS\VBoxMouse.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxMouse.sys [x]
S3 VBoxVideo;VBoxVideo;c:\windows\system32\DRIVERS\VBoxVideo.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxVideo.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBoxTray"="c:\windows\system32\VBoxTray.exe" [2015-03-16 1537608]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = https://www.google.com/
mLocal Page = c:\windows\System32\blank.htm
mSearch Bar = https://www.google.com/
mSearchMigratedDefaultURL = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = https://www.google.com/
uCustomizeSearch = https://www.google.com/
mSearchAssistant = https://www.google.com/
mCustomizeSearch = https://www.google.com/
TCP: DhcpNameServer = 156.154.70.25 156.154.71.25
.
.
Heure de fin: 2015-07-16 10:02:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-07-16 08:02
ComboFix2.txt 2015-07-16 07:50
.
Avant-CF: 11 214 508 032 octets libres
Après-CF: 11 240 083 456 octets libres
.
- - End Of File - - 34E2718FE1FD3B345DFBAC745C3903B5
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité