cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-10-09.01 - lolita 14/10/2015 16:53:42.1.1 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1787.605 [GMT 2:00]
Lancé depuis: c:\users\lolita\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\lolita\AppData\Localtransition_59b614c3e60d4e6eb513f343e0a4a11b.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-09-14 au 2015-10-14 ))))))))))))))))))))))))))))))))))))
.
.
2015-10-14 15:04 . 2015-10-14 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-14 15:01 . 2015-10-14 15:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D16DEA0A-CFA4-4AFC-963A-014802096D02}\offreg.3660.dll
2015-10-14 00:52 . 2015-10-14 00:52 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D16DEA0A-CFA4-4AFC-963A-014802096D02}\offreg.1284.dll
2015-10-14 00:47 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D16DEA0A-CFA4-4AFC-963A-014802096D02}\mpengine.dll
2015-10-13 16:06 . 2015-10-14 13:13 -------- d-----w- C:\FRST
2015-10-13 14:44 . 2015-10-13 15:08 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-13 14:43 . 2015-10-05 07:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-13 14:43 . 2015-10-05 07:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-13 14:43 . 2015-10-05 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-13 14:43 . 2015-10-13 14:43 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-13 14:43 . 2015-10-13 14:43 -------- d-----w- c:\programdata\Malwarebytes
2015-10-13 14:36 . 2015-10-13 14:38 -------- d-----w- C:\AdwCleaner
2015-10-13 13:10 . 2015-10-13 15:13 -------- d-----w- c:\users\lolita\AppData\Roaming\ZHP
2015-10-07 19:59 . 2008-03-05 14:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2015-10-07 19:42 . 2015-10-07 22:05 -------- d-----w- c:\users\lolita\AppData\Roaming\Curse Client
2015-10-07 19:41 . 2015-10-07 19:41 -------- d-----w- c:\users\lolita\AppData\Roaming\Curse
2015-10-01 23:09 . 2015-10-01 23:09 -------- d-----w- c:\programdata\Blizzard Entertainment
2015-09-20 21:46 . 2015-09-20 21:49 -------- d-----w- c:\program files (x86)\VALOR
2015-09-18 00:58 . 2015-09-18 22:00 -------- d-----w- c:\program files (x86)\Arkanic
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys;c:\windows\SYSNATIVE\DRIVERS\dmvsc.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-25 13:51 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11 22:35]
.
2015-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11 22:35]
.
.
--------- X64 Entries -----------
.
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://google.com
mDefault_Page_URL = hxxp://google.com
mStart Page = hxxp://google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://google.com
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\lolita\AppData\Roaming\Mozilla\Firefox\Profiles\yhac1y8t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - ExtSQL: !HIDDEN! 2014-08-19 22:54; faststartff@gmail.com; c:\users\lolita\AppData\Roaming\Mozilla\Firefox\Profiles\yhac1y8t.default\extensions\faststartff@gmail.com
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:0000040c
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{CCF34A01-35D2-4155-9021-1797E838319A}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.437.0"
"UniqueId"="000313ED5388B8D2"
"ScannerBuild"=dword:0000133a
"ScannerVersionId"=dword:00000ff3
"ScannerVersion"="Open window for status."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-10-14 17:13:48
ComboFix-quarantined-files.txt 2015-10-14 15:13
.
Avant-CF: 53 367 394 304 octets libres
Après-CF: 52 866 904 064 octets libres
.
- - End Of File - - 6B045C6A6171004184A8E2D277F78949
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité