cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-10-01.01 - Mazabrard Eric&Isa 04/10/2015 12:12:01.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3956.1998 [GMT 2:00]
Lancé depuis: c:\users\Mazabrard Eric&Isa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\ntuser.pol
c:\windows\SysWow64\tmp3BEB.tmp
c:\windows\SysWow64\tmp3DC0.tmp
c:\windows\SysWow64\tmpC16D.tmp
c:\windows\SysWow64\tmpC2B6.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-09-04 au 2015-10-04 ))))))))))))))))))))))))))))))))))))
.
.
2015-10-04 10:24 . 2015-10-04 10:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-03 17:18 . 2015-10-03 17:20 -------- d-----w- c:\program files (x86)\ZHPFix
2015-10-03 13:29 . 2015-10-03 19:40 -------- d-----w- c:\users\Mazabrard Eric&Isa\AppData\Roaming\ZHP
2015-10-03 12:44 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CECC982F-D99E-4BDA-BAFD-BC994624DBB3}\mpengine.dll
2015-10-03 12:31 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-09-29 18:40 . 2015-09-29 18:40 -------- d-----w- C:\_acestream_cache_
2015-09-29 18:39 . 2015-10-03 12:29 -------- d-----w- c:\users\Mazabrard Eric&Isa\AppData\Roaming\.ACEStream
2015-09-29 18:38 . 2015-10-03 12:29 -------- d-----w- c:\users\Mazabrard Eric&Isa\AppData\Roaming\ACEStream
2015-09-28 14:25 . 2015-10-03 07:32 -------- d-----w- C:\AdwCleaner
2015-09-28 10:08 . 2015-09-28 10:15 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-28 10:08 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-28 10:08 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-28 10:08 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-28 10:08 . 2015-09-28 10:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-09-28 09:57 . 2015-09-28 11:25 -------- d-----w- c:\program files (x86)\0a80516e-38bc-436f-b655-0e80d1a67ebe
2015-09-28 09:53 . 2015-09-28 09:54 588 ----a-w- C:\task.vbs
2015-09-28 09:52 . 2015-09-28 09:52 -------- d-----w- c:\windows\system32\new
2015-09-28 09:51 . 2015-09-28 10:11 -------- d-----w- c:\users\Mazabrard Eric&Isa\AppData\Local\Installer
2015-09-28 09:51 . 2015-09-28 09:51 -------- d-----w- c:\users\Mazabrard Eric&Isa\AppData\Local\CrashRpt
2015-09-24 08:07 . 2015-07-01 06:36 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F203B753-9C2A-434F-A390-2C5616205845}\gapaengine.dll
2015-09-17 11:21 . 2015-09-17 11:21 186880 ----a-w- c:\windows\system32\rsrcs.dll
2015-09-09 07:39 . 2015-08-05 17:56 1737216 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-09-09 07:38 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-09 07:38 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-09-09 07:33 . 2015-08-04 17:55 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-09-09 07:33 . 2015-08-04 18:03 692672 ----a-w- c:\windows\system32\winload.efi
2015-09-09 07:33 . 2015-08-04 18:00 616360 ----a-w- c:\windows\system32\winresume.efi
2015-09-09 07:33 . 2015-08-04 17:56 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-09-09 07:33 . 2015-08-04 17:56 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-09-09 07:33 . 2015-08-04 17:47 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-09-09 07:33 . 2015-08-04 17:55 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-09-09 07:33 . 2015-08-04 17:56 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-09-09 07:33 . 2015-08-04 16:58 61440 ----a-w- c:\windows\system32\drivers\appid.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-03 18:47 . 2011-04-12 19:21 357888 ----a-w- c:\windows\system32\dnsapi.dll
2015-09-21 20:05 . 2012-08-17 13:32 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-21 20:05 . 2011-08-04 06:58 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-26 16:37 . 2011-05-26 17:40 134753440 ----a-w- c:\windows\system32\MRT.exe
2015-07-30 18:06 . 2015-08-16 20:06 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-16 20:06 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-16 20:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-16 20:06 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-16 20:06 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-16 21:20 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-16 21:20 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-15 18:15 . 2015-08-16 20:09 5568960 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-15 18:15 . 2015-08-16 20:09 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 18:15 . 2015-08-16 20:09 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-07-15 18:15 . 2015-08-16 20:09 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-07-15 18:12 . 2015-08-16 20:09 1730496 ----a-w- c:\windows\system32\ntdll.dll
2015-07-15 18:11 . 2015-08-16 20:09 243712 ----a-w- c:\windows\system32\wow64.dll
2015-07-15 18:11 . 2015-08-16 20:09 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-07-15 18:11 . 2015-08-16 20:09 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-07-15 18:11 . 2015-08-16 20:09 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-07-15 18:11 . 2015-08-16 20:09 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-07-15 18:10 . 2015-08-16 20:09 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-07-15 18:10 . 2015-08-16 20:09 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 18:10 . 2015-08-16 20:09 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-07-15 18:10 . 2015-08-16 20:09 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-07-15 18:10 . 2015-08-16 20:09 503808 ----a-w- c:\windows\system32\srcore.dll
2015-07-15 18:10 . 2015-08-16 20:09 50176 ----a-w- c:\windows\system32\srclient.dll
2015-07-15 18:10 . 2015-08-16 20:09 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
2015-07-15 18:10 . 2015-08-16 20:09 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 18:10 . 2015-08-16 20:09 28160 ----a-w- c:\windows\system32\secur32.dll
2015-07-15 18:10 . 2015-08-16 20:09 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-07-15 18:10 . 2015-08-16 20:09 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-07-15 18:10 . 2015-08-16 20:09 315392 ----a-w- c:\windows\system32\msv1_0.dll
2015-07-15 18:10 . 2015-08-16 20:09 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 18:10 . 2015-08-16 20:09 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-07-15 18:10 . 2015-08-16 20:09 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-07-15 18:10 . 2015-08-16 20:09 424960 ----a-w- c:\windows\system32\KernelBase.dll
2015-07-15 18:10 . 2015-08-16 20:09 729088 ----a-w- c:\windows\system32\kerberos.dll
2015-07-15 18:10 . 2015-08-16 20:09 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-15 18:10 . 2015-08-16 20:09 44032 ----a-w- c:\windows\system32\cryptbase.dll
2015-07-15 18:10 . 2015-08-16 20:09 22016 ----a-w- c:\windows\system32\credssp.dll
2015-07-15 18:10 . 2015-08-16 20:09 112640 ----a-w- c:\windows\system32\smss.exe
2015-07-15 18:10 . 2015-08-16 20:09 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-07-15 18:10 . 2015-08-16 20:09 31232 ----a-w- c:\windows\system32\lsass.exe
2015-07-15 18:09 . 2015-08-16 20:09 338432 ----a-w- c:\windows\system32\conhost.exe
2015-07-15 18:09 . 2015-08-16 20:09 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-07-15 18:05 . 2015-08-16 20:09 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-07-15 18:05 . 2015-08-16 20:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-07-15 18:00 . 2015-08-16 20:09 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-07-15 18:00 . 2015-08-16 20:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-15 18:00 . 2015-08-16 20:09 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-07-15 17:59 . 2015-08-16 20:09 3989952 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59 . 2015-08-16 20:09 3934656 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56 . 2015-08-16 20:09 1311768 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-07-15 17:55 . 2015-08-16 20:09 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-07-15 17:55 . 2015-08-16 20:09 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-07-15 17:55 . 2015-08-16 20:09 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-07-15 17:55 . 2015-08-16 20:09 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:55 . 2015-08-16 20:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-07-15 17:54 . 2015-08-16 20:09 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-07-15 17:54 . 2015-08-16 20:09 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-07-15 17:54 . 2015-08-16 20:09 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-07-15 17:54 . 2015-08-16 20:09 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-07-15 17:54 . 2015-08-16 20:09 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
2015-07-15 17:54 . 2015-08-16 20:09 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-07-15 17:54 . 2015-08-16 20:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-15 17:54 . 2015-08-16 20:09 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-07-15 17:53 . 2015-08-16 20:09 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-07-15 17:53 . 2015-08-16 20:09 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-07-15 17:53 . 2015-08-16 20:09 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-07-15 17:53 . 2015-08-16 20:09 665088 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-07-15 17:53 . 2015-08-16 20:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-07-15 17:49 . 2015-08-16 20:09 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE" [2011-11-02 278112]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-09-04 55358992]
"Akamai NetSession Interface"="c:\users\Mazabrard Eric&Isa\AppData\Local\Akamai\netsession_win.exe" [2015-07-23 4691384]
"GoogleChromeAutoLaunch_1B8E322D052BFA370ADC9DAF71221527"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-09-24 815944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-26 1289296]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-02-12 600688]
.
c:\users\Mazabrard Eric&Isa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbvoice.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-28 10:51 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21 21:38]
.
2015-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-21 21:38]
.
2015-10-04 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-02-05 860192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
.
------- Examen supplémentaire -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_search_url = hxxp://google.com
mDefault_Search_URL = hxxp://google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://google.com
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{ACAF4C98-9488-4A8E-94BF-F813F7BF5F7E}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Mazabrard Eric&Isa\AppData\Roaming\Mozilla\Firefox\Profiles\omvotab5.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
/*FF - prefs.js: keyword.URL - hxxp://www.yougoo.fr/annuaire?search&q=*/
FF - ExtSQL: 2015-09-29 20:39; magicplayer@acestream.org; c:\users\Mazabrard Eric&Isa\AppData\Roaming\Mozilla\Firefox\Profiles\omvotab5.default\extensions\magicplayer@acestream.org
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run- - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-10-04 12:28:28
ComboFix-quarantined-files.txt 2015-10-04 10:28
.
Avant-CF: 203 921 625 088 octets libres
Après-CF: 203 361 435 648 octets libres
.
- - End Of File - - 5AE4BEAEC0BAECD4D69F63293633803E

Publicité


Signaler le contenu de ce document

Publicité