cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-10-15.01 - sylvie 17/10/2015 21:07:37.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2301.1412 [GMT 2:00]
Lancé depuis: c:\users\sylvie\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\Logs\websocketpp.log
c:\users\sylvie\AppData\Roaming\Microsoft\Windows\Recent\vice versa.url
c:\windows\system32\spsys.log
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-09-17 au 2015-10-17 ))))))))))))))))))))))))))))))))))))
.
.
2015-10-17 19:24 . 2015-10-17 19:30 -------- d-----w- c:\users\sylvie\AppData\Local\temp
2015-10-17 11:51 . 2012-10-15 15:02 17840 ----a-w- c:\windows\system32\roboot.exe
2015-10-17 00:29 . 2015-08-31 14:05 8884144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31061F51-6044-4776-ABB0-A00AD7531374}\mpengine.dll
2015-10-17 00:29 . 2015-09-01 16:00 1305088 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-17 00:29 . 2015-09-01 16:00 115200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-17 00:26 . 2015-09-28 17:17 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-10-17 00:26 . 2015-09-26 16:09 3606464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-10-17 00:26 . 2015-09-26 16:09 3554240 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-17 00:25 . 2015-10-17 09:50 -------- d-----w- c:\windows\system32\catroot2
2015-10-16 22:23 . 2015-10-16 22:23 -------- d-----w- c:\program files\Microsoft ATS
2015-10-16 18:41 . 2015-08-31 14:05 8884144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-16 17:53 . 2015-10-16 17:54 -------- d-----w- c:\program files\CCleaner
2015-10-15 21:18 . 2015-10-15 21:35 -------- d-----w- c:\programdata\iolo
2015-10-15 21:18 . 2015-10-15 21:18 74703 ----a-w- c:\windows\system32\mfc45.dat
2015-10-15 21:18 . 2015-10-15 21:18 -------- d-----w- c:\program files\iolo
2015-10-12 23:37 . 2015-10-05 17:20 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-10-12 23:37 . 2015-10-05 17:20 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E0020741-10CA-4E75-AF23-026A72107C34}\gapaengine.dll
2015-10-11 22:06 . 2015-10-11 22:06 -------- d-----w- c:\users\sylvie\.MCTranscodingSDK
2015-10-11 19:10 . 2015-10-11 19:10 -------- d-----w- c:\users\sylvie\AppData\Roaming\TuneUp Software
2015-10-11 19:10 . 2015-10-11 19:10 -------- d-----w- c:\users\sylvie\AppData\Local\TuneUp Software
2015-10-11 19:06 . 2015-10-11 19:06 -------- d--h--w- c:\programdata\Common Files
2015-10-11 19:06 . 2015-10-11 19:17 -------- d-----w- c:\programdata\TuneUp Software
2015-10-09 13:22 . 2015-10-09 13:23 -------- d-----w- c:\program files\Common Files\Adobe
2015-10-07 20:50 . 2015-10-07 20:50 -------- d-----w- c:\program files\Mz Ultimate Tools
2015-10-05 17:49 . 2015-10-05 17:49 -------- d-----w- c:\users\sylvie\AppData\Local\Windows Live
2015-10-05 17:49 . 2015-10-05 17:49 -------- d-----w- c:\program files\Common Files\Windows Live
2015-10-05 17:48 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2015-10-05 15:07 . 2015-10-05 15:08 -------- d-----w- c:\program files\Microsoft Security Client
2015-10-05 15:07 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2015-10-05 14:17 . 2015-10-05 14:17 -------- d-----w- c:\users\sylvie\AppData\Roaming\Bitdefender
2015-10-04 00:11 . 2015-10-04 00:11 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A82CE3D-8AE8-467E-BD46-C45AC219ED38}\offreg.2476.dll
2015-10-02 14:07 . 2015-08-31 23:05 8884144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2A82CE3D-8AE8-467E-BD46-C45AC219ED38}\mpengine.dll
2015-09-28 14:04 . 2015-09-28 14:04 -------- d-----w- c:\users\sylvie\AppData\Roaming\OpenOffice
2015-09-28 14:01 . 2015-09-28 14:01 -------- d-----w- c:\program files\OpenOffice 4
2015-09-24 21:17 . 2015-10-17 04:47 -------- d-----w- c:\users\sylvie\AppData\Roaming\vlc
2015-09-24 13:42 . 2015-09-24 13:42 -------- d-----w- c:\program files\AC3Filter
2015-09-23 00:04 . 2015-10-17 10:15 -------- d-----w- C:\FRST
2015-09-22 09:52 . 2015-09-22 09:52 -------- d-----w- c:\users\sylvie\AppData\Local\Apps
2015-09-21 12:57 . 2015-09-21 12:57 -------- d-----w- C:\OEM
2015-09-21 12:16 . 2015-10-16 22:15 -------- d-----w- c:\users\sylvie\AppData\Roaming\ZHP
2015-09-19 19:21 . 2015-09-19 19:21 -------- d-----w- c:\program files\AMD APP
2015-09-19 19:20 . 2015-09-19 17:19 14864 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2015-09-19 18:20 . 2015-09-19 22:19 -------- d-----w- c:\program files\Silicon Image
2015-09-18 22:57 . 2015-05-27 15:38 2825944 ----a-w- c:\windows\RtlExUpd.dll
2015-09-18 22:51 . 2015-09-18 22:51 -------- d-----w- c:\windows\system32\DAX2
2015-09-18 22:50 . 2015-09-18 23:08 -------- d-----w- c:\windows\system32\RTCOM
2015-09-18 22:44 . 2015-09-18 23:12 -------- d--h--w- c:\program files\Temp
2015-09-18 22:36 . 2011-05-23 22:21 2189312 ----a-w- c:\windows\system32\drivers\athr.sys
2015-09-18 22:35 . 2010-06-08 07:05 12800 ----a-w- c:\windows\system32\drivers\anodlwf.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-17 01:51 . 2014-11-09 00:20 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-17 01:33 . 2015-09-15 23:54 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-17 01:33 . 2015-09-15 23:54 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-05 07:50 . 2014-11-09 00:19 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 07:50 . 2014-11-09 00:19 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 07:50 . 2014-11-09 00:19 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-19 16:30 . 2007-04-11 14:40 63488 ----a-w- c:\windows\system32\drivers\ESM7SK.sys
2015-09-19 16:10 . 2008-10-09 10:40 12200 ----a-w- c:\windows\system32\drivers\SiRemFil.sys
2015-09-19 16:10 . 2008-10-09 10:40 217128 ----a-w- c:\windows\system32\drivers\Si3132r5.sys
2015-09-15 00:12 . 2015-09-15 00:12 4422992 ----a-w- c:\windows\system32\mfc100u.dll
2015-09-06 23:36 . 2015-09-06 23:36 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-02 21:26 . 2015-09-15 14:59 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-09-02 21:26 . 2015-09-15 14:59 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-09-02 21:26 . 2015-09-09 15:15 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 19:55 . 2015-09-09 15:15 2067456 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 19:54 . 2015-09-09 15:15 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-09-01 09:51 . 2015-09-01 09:51 365576 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2015-08-14 22:55 . 2015-09-05 15:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-13 14:15 . 2015-09-09 15:20 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-08-13 14:15 . 2015-09-09 15:20 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-08-05 15:59 . 2015-09-09 15:15 602112 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-04 22:03 . 2015-08-04 22:03 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 22:03 . 2015-08-04 22:03 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-31 21:46 . 2015-09-05 05:18 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-07-31 21:46 . 2015-09-05 05:18 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-07-31 21:46 . 2015-09-05 05:18 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-07-31 21:46 . 2015-09-05 05:18 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-07-31 20:41 . 2015-09-05 05:18 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-31 20:40 . 2015-09-05 05:18 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-07-31 20:35 . 2015-09-05 05:18 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-07-31 20:33 . 2015-09-05 05:18 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-07-31 20:33 . 2015-09-05 05:18 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-07-31 19:27 . 2015-09-05 06:23 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-22 20:54 . 2015-09-05 02:31 367616 ----a-w- c:\windows\system32\html.iec
2015-07-22 20:51 . 2015-09-05 02:31 1810432 ----a-w- c:\windows\system32\jscript9.dll
2015-07-22 20:46 . 2015-09-05 02:31 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-07-22 20:45 . 2015-09-05 02:31 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-07-22 20:44 . 2015-09-05 02:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-07-22 20:44 . 2015-09-05 02:31 421888 ----a-w- c:\windows\system32\vbscript.dll
2015-07-22 20:43 . 2015-09-05 02:31 11776 ----a-w- c:\windows\system32\mshta.exe
2015-07-21 16:07 . 2015-09-05 06:26 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-21 16:07 . 2015-09-05 06:26 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-07-21 16:03 . 2015-09-05 06:26 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-21 16:03 . 2015-09-05 06:26 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-07-21 16:03 . 2015-09-05 06:26 49664 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" [2013-12-06 747264]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2015-09-04 433160]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2015-06-18 12336856]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2015-06-26 1861640]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 981688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-09-16 20:32 6495144 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-09-04 12:13 55357464 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2015-10-17 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe [2015-10-16 23:52]
.
2015-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-15 01:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.42.129
FF - ProfilePath - c:\users\sylvie\AppData\Roaming\Mozilla\Firefox\Profiles\4hi4u7e4.default-1442513685671\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Malwarebytes Anti-Malware_is1 - c:\users\sylvie\Desktop\OUTLIS DE DESINFECTIONS\Malwarebytes Anti-Malware\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-17 21:29
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\conime.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2015-10-17 21:35:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-10-17 19:35
.
Avant-CF: 62 278 979 584 octets libres
Après-CF: 62 007 394 304 octets libres
.
- - End Of File - - E32D224D711535945EAD9E80F43E2F06
5C616939100B85E558DA92B899A0FC36

Publicité


Signaler le contenu de ce document

Publicité