cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-10-01.01 - HP 03/10/2015 10:23:10.1.4 - x64
Microsoft Windows 7 Professionnel 6.1.7600.0.1256.212.1036.18.3954.2274 [GMT 1:00]
Running from: c:\users\HP\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP\AppData\Roaming\ZHP
c:\users\HP\AppData\Roaming\ZHP\HOSTS.txt
c:\users\HP\AppData\Roaming\ZHP\Licence.txt
c:\users\HP\AppData\Roaming\ZHP\Tempo.txt
c:\users\HP\AppData\Roaming\ZHP\Trace.txt
c:\users\HP\AppData\Roaming\ZHP\ZHPDiag.txt
c:\users\HP\AppData\Roaming\ZHP\ZHPDiag3.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-09-03 to 2015-10-03 )))))))))))))))))))))))))))))))
.
.
2015-10-03 09:35 . 2015-10-03 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-03 09:27 . 2015-10-03 09:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6967877-F072-414A-9B4F-48EEF8A583B0}\offreg.4560.dll
2015-10-02 22:06 . 2015-10-02 22:06 -------- d-----w- c:\programdata\boost_interprocess
2015-10-02 22:05 . 2015-10-02 22:06 -------- d-----w- c:\programdata\Package Cache
2015-10-02 21:49 . 2015-10-02 21:49 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-10-02 21:47 . 2015-10-02 22:38 -------- d-----w- c:\program files\Common Files\Adobe
2015-10-02 21:39 . 2015-10-02 21:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6967877-F072-414A-9B4F-48EEF8A583B0}\offreg.2808.dll
2015-10-02 15:30 . 2015-10-02 15:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6967877-F072-414A-9B4F-48EEF8A583B0}\offreg.3984.dll
2015-10-02 14:31 . 2015-10-02 14:33 -------- d-----w- C:\AdwCleaner
2015-10-02 10:41 . 2015-10-02 10:41 -------- d-----w- c:\program files\ESET
2015-10-02 09:55 . 2015-10-03 09:16 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-02 09:55 . 2015-10-02 09:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-02 09:55 . 2015-10-02 09:55 -------- d-----w- c:\programdata\Malwarebytes
2015-10-02 09:55 . 2015-06-18 07:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-02 09:55 . 2015-06-18 07:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-02 09:55 . 2015-06-18 07:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-30 13:44 . 2015-09-30 13:44 -------- d-----w- c:\program files (x86)\Belarc
2015-09-30 09:34 . 2015-10-02 22:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-09-30 08:30 . 2015-10-03 09:15 -------- d-----w- c:\programdata\HPQLOG
2015-09-29 21:48 . 2015-09-29 21:48 -------- d-----w- c:\programdata\IDM
2015-09-29 21:48 . 2015-09-29 21:48 -------- d-----w- c:\program files (x86)\Internet Download Manager
2015-09-29 21:34 . 2015-09-29 21:34 -------- d-----w- c:\program files (x86)\USB Disk Security
2015-09-29 19:21 . 2015-09-29 19:21 -------- d-----w- c:\program files\Validity Sensors
2015-09-29 16:23 . 2015-09-29 16:23 -------- d-----w- c:\program files (x86)\VideoLAN
2015-09-29 15:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2015-09-29 15:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2015-09-29 15:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2015-09-29 15:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2015-09-29 15:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2015-09-29 15:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2015-09-29 15:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2015-09-29 15:58 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2015-09-29 15:58 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-09-29 15:48 . 2010-04-09 11:06 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys
2015-09-29 15:48 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2015-09-29 15:42 . 2015-09-29 15:42 -------- d-----w- c:\windows\Migration
2015-09-29 15:42 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2015-09-29 15:42 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2015-09-29 15:42 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2015-09-29 15:42 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2015-09-29 15:42 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2015-09-29 15:42 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-09-29 15:42 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2015-09-29 15:42 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2015-09-29 15:42 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2015-09-29 15:42 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2015-09-29 15:37 . 2015-09-29 15:37 -------- d-----w- c:\program files (x86)\Opera
2015-09-29 15:36 . 2015-09-29 15:36 -------- d-----w- c:\program files (x86)\NeoSmart Technologies
2015-09-29 15:35 . 2015-09-29 15:35 -------- d-----w- c:\program files (x86)\FreeTime
2015-09-29 15:34 . 2006-03-17 14:49 368640 ----a-w- c:\windows\SysWow64\TwnLib4.dll
2015-09-29 15:34 . 2006-03-17 11:45 802816 ----a-w- c:\windows\SysWow64\imagXRA7.dll
2015-09-29 15:34 . 2006-03-17 11:45 497296 ----a-w- c:\windows\SysWow64\imagXpr7.dll
2015-09-29 15:34 . 2006-03-17 11:45 258048 ----a-w- c:\windows\SysWow64\imagXR7.dll
2015-09-29 15:34 . 2006-03-17 11:45 1757184 ----a-w- c:\windows\SysWow64\imagX7.dll
2015-09-29 15:34 . 2015-09-29 15:34 -------- d-----w- c:\program files (x86)\Nero
2015-09-29 15:34 . 2015-09-29 15:34 -------- d-----w- c:\program files (x86)\Common Files\Nero
2015-09-29 15:34 . 2015-09-29 15:34 -------- d-----w- c:\programdata\Nero
2015-09-29 15:30 . 2015-09-29 16:44 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-29 15:30 . 2015-09-29 16:44 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-29 15:30 . 2015-09-29 15:30 -------- d-----w- c:\windows\SysWow64\Macromed
2015-09-29 15:30 . 2015-09-29 15:30 -------- d-----w- c:\windows\system32\Macromed
2015-09-29 15:30 . 2015-09-29 15:30 -------- d-----w- c:\program files (x86)\CCleaner
2015-09-29 15:29 . 2015-09-16 05:43 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6967877-F072-414A-9B4F-48EEF8A583B0}\mpengine.dll
2015-09-29 15:29 . 2015-07-05 10:08 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-09-29 15:24 . 2015-09-29 21:50 -------- d-----w- c:\program files (x86)\Common Files\EagleGet
2015-09-29 15:24 . 2015-09-29 15:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-09-29 15:20 . 2015-09-29 15:20 -------- d-----w- c:\program files (x86)\Google
2015-09-29 15:19 . 2014-06-14 14:03 260696 ----a-w- c:\windows\system32\unrar64.dll
2015-09-29 15:19 . 2014-06-14 14:03 218200 ----a-w- c:\windows\SysWow64\unrar.dll
2015-09-29 15:19 . 2015-09-29 15:19 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2015-09-29 15:18 . 2015-09-29 15:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-09-29 15:18 . 2015-09-29 15:18 -------- d-----r- c:\program files (x86)\Skype
2015-09-29 15:18 . 2015-09-29 15:18 -------- d-----w- c:\programdata\Skype
2015-09-29 13:39 . 2015-09-29 13:39 -------- d-----w- c:\program files (x86)\Microsoft Works
2015-09-29 13:39 . 2015-09-29 15:42 -------- d-----w- c:\program files (x86)\Microsoft.NET
2015-09-29 13:39 . 2015-09-29 13:39 -------- d-----w- c:\windows\PCHEALTH
2015-09-29 13:37 . 2015-09-29 13:37 -------- d-----w- c:\program files\Microsoft Office
2015-09-29 13:37 . 2015-09-29 13:37 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2015-09-29 13:37 . 2015-09-29 13:40 -------- d-----w- c:\programdata\Microsoft Help
2015-09-29 13:37 . 2009-06-09 13:28 64000 ------w- c:\windows\SysWow64\agrsmdel.exe
2015-09-29 13:37 . 2009-03-27 18:12 13824 ------w- c:\windows\SysWow64\agrscoin.dll
2015-09-29 13:37 . 2009-03-27 18:12 14848 ------w- c:\windows\SysWow64\agrsco64.dll
2015-09-29 13:37 . 2015-09-29 13:37 -------- d-----w- c:\program files\LSI SoftModem
2015-09-29 13:36 . 2015-09-29 13:36 -------- d-----w- c:\windows\Options
2015-09-29 13:36 . 2015-09-29 13:36 -------- d-----r- C:\MSOCache
2015-09-29 13:34 . 2015-09-29 13:34 -------- d-----w- c:\program files\Synaptics
2015-09-29 13:33 . 2009-12-14 13:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2015-09-29 13:32 . 2010-02-25 15:18 1919968 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2015-09-29 13:32 . 2010-02-25 15:18 18432 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2015-09-29 13:32 . 2015-09-30 08:29 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2015-09-29 13:32 . 2010-02-25 17:51 1863680 ----a-w- c:\windows\SysWow64\BttnCmn.dll
2015-09-29 13:32 . 2010-02-25 15:20 1885488 ----a-w- c:\windows\SysWow64\BttnCmns.dll
2015-09-29 13:30 . 2011-04-29 09:59 320200 ----a-w- c:\windows\system32\PROUnstl.exe
2015-09-29 13:29 . 2011-05-04 17:20 340656 ----a-w- c:\windows\system32\drivers\e1k62x64.sys
2015-09-29 13:29 . 2011-04-08 01:27 94912 ----a-w- c:\windows\system32\NicInstK.dll
2015-09-29 13:29 . 2011-04-08 01:14 68264 ----a-w- c:\windows\system32\e1kmsg.dll
2015-09-29 13:29 . 2009-05-26 10:05 36472 ----a-w- c:\windows\system32\NicCo36.dll
2015-09-29 13:29 . 2015-09-29 13:29 -------- d-----w- c:\program files\Intel
2015-09-29 13:27 . 2015-09-29 13:27 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2015-09-29 13:26 . 2015-09-29 13:26 -------- d-----w- c:\program files (x86)\Common Files\SNP2UVC
2015-09-29 13:26 . 2010-06-03 16:56 398720 ----a-w- c:\windows\system32\vsnp2uvc.dll
2015-09-29 13:26 . 2010-06-03 16:56 40064 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2015-09-29 13:26 . 2010-06-03 16:56 1803904 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2015-09-29 13:26 . 2010-06-03 16:56 249728 ----a-w- c:\windows\system32\rsnp2uvc.dll
2015-09-29 13:26 . 2010-06-03 16:55 312704 ----a-w- c:\windows\SysWow64\vsnp2uvc.dll
2015-09-29 13:26 . 2010-06-03 16:55 25984 ----a-w- c:\windows\snuvcdsm.exe
2015-09-29 13:26 . 2010-06-03 16:55 255360 ----a-w- c:\windows\SysWow64\rsnp2uvc.dll
2015-09-29 13:26 . 2015-09-29 13:35 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2015-09-29 13:24 . 2015-09-29 13:24 -------- d-----w- c:\programdata\NVIDIA
2015-09-29 13:20 . 2015-09-29 13:20 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2015-09-29 13:20 . 2015-09-29 13:20 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2015-09-29 13:16 . 2015-09-29 13:33 -------- d-----w- c:\program files (x86)\Intel
2015-09-29 13:16 . 2015-09-29 13:16 -------- d-----w- C:\Intel
2015-09-29 13:16 . 2015-09-30 08:28 -------- d-----w- C:\SwSetup
2015-09-29 13:12 . 2015-10-03 09:16 -------- d-----w- c:\users\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-14 14:29 . 2015-07-14 14:29 72400 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2015-07-14 14:29 . 2015-07-14 14:29 53360 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2015-07-14 14:29 . 2015-07-14 14:29 255240 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-07-14 14:29 . 2015-07-14 14:29 251632 ----a-w- c:\windows\system32\drivers\edevmon.sys
2015-07-14 14:29 . 2015-07-14 14:29 231520 ----a-w- c:\windows\system32\drivers\epfw.sys
2015-07-14 14:29 . 2015-07-14 14:29 178520 ----a-w- c:\windows\system32\drivers\ehdrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-02-05 3825232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-10-25 111488]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"USB Security"="c:\program files (x86)\USB Disk Security\USBGuard.exe" [2015-01-31 695528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
R3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys;c:\windows\SYSNATIVE\DRIVERS\rismcx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-29 15:33 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29 15:26]
.
2015-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-29 15:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 2041192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-07-08 5595848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\lkwua1bi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - c:\users\HP\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - c:\users\HP\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - c:\users\HP\AppData\Local\MEGAsync\ShellExtX32.dll
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - c:\users\HP\AppData\Local\MEGAsync\ShellExtX64.dll
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - c:\users\HP\AppData\Local\MEGAsync\ShellExtX64.dll
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - c:\users\HP\AppData\Local\MEGAsync\ShellExtX64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-03 10:54:57
ComboFix-quarantined-files.txt 2015-10-03 09:54
.
Pre-Run: 88 774 856 704 octets libres
Post-Run: 88 467 066 880 octets libres
.
- - End Of File - - 50C0316B44407189D2F2C3DAED36A0D4

Publicité


Signaler le contenu de ce document

Publicité