cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-10-15.01 - sos pc 18/10/2015 11:11:42.1.1 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.2046.1017 [GMT 0:00]
Lancé depuis: c:\users\sos pc\Downloads\Programs\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\pfm0bsmq.exe
c:\users\sos pc\AppData\Local\nsk2D18.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-09-18 au 2015-10-18 ))))))))))))))))))))))))))))))))))))
.
.
2015-10-18 11:19 . 2015-10-18 11:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14D922BD-4D9D-455F-BF90-F5DDB760608C}\offreg.2408.dll
2015-10-18 11:19 . 2015-10-18 11:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-16 17:49 . 2015-10-16 17:49 -------- d-----w- c:\users\sos pc\AppData\Roaming\EPSON
2015-10-16 15:23 . 2015-10-16 15:43 -------- d-----w- c:\users\sos pc\AppData\Roaming\PhotoFiltre 7
2015-10-16 15:23 . 2015-10-16 15:23 -------- d-----w- c:\program files\PhotoFiltre 7
2015-10-15 17:02 . 2011-08-10 00:00 341504 ----a-w- c:\windows\system32\esw2ud.dll
2015-10-15 17:02 . 2009-10-16 00:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2015-10-15 17:02 . 2009-10-16 00:00 12800 ----a-w- c:\windows\system32\escdev.dll
2015-10-15 17:02 . 2015-10-15 17:02 -------- d-----w- c:\program files\epson
2015-10-15 16:57 . 2015-10-15 16:57 -------- d-----w- c:\users\sos pc\AppData\Local\ElevatedDiagnostics
2015-10-14 14:40 . 2015-10-14 14:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14D922BD-4D9D-455F-BF90-F5DDB760608C}\offreg.3988.dll
2015-10-13 16:58 . 2015-10-13 17:00 -------- d-----w- c:\users\sos pc\AppData\Roaming\Solvusoft
2015-10-13 16:55 . 2015-10-13 16:58 -------- d-----w- c:\program files\Pochette Express 2
2015-10-12 15:03 . 2015-10-12 15:04 -------- d-----w- c:\users\sos pc\AppData\Roaming\Mobogenie
2015-10-12 15:03 . 2015-10-12 15:03 -------- d-----w- c:\users\sos pc\mobogenieP2sp
2015-10-12 15:02 . 2015-10-12 15:50 -------- d-----w- c:\program files\Mobogenie3
2015-10-11 19:07 . 2015-10-11 19:07 -------- d-----w- c:\program files\RayDld
2015-10-10 20:06 . 2015-10-10 20:06 -------- d-----w- c:\users\sos pc\AppData\Roaming\TeamViewer
2015-10-10 20:06 . 2015-10-10 20:06 -------- d-----w- c:\program files\TeamViewer
2015-10-05 13:45 . 2015-10-06 21:36 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-05 13:44 . 2015-10-06 21:31 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-10-05 13:44 . 2015-10-05 13:44 -------- d-----w- c:\programdata\Malwarebytes
2015-10-05 13:44 . 2015-06-18 08:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-05 13:44 . 2015-06-18 08:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 13:44 . 2015-06-18 08:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-04 19:16 . 2015-10-04 19:16 -------- d--h--w- c:\programdata\CanonBJ
2015-10-04 19:16 . 2008-02-25 20:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9I.DLL
2015-10-04 19:16 . 2008-02-25 20:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9I.DLL
2015-10-04 19:15 . 2008-02-25 20:00 230912 ----a-w- c:\windows\system32\CNMLM9I.DLL
2015-10-04 14:35 . 2015-10-05 14:34 -------- d-----w- c:\users\sos pc\AppData\Local\Systweak
2015-10-04 14:34 . 2012-10-15 17:02 17840 ----a-w- c:\windows\system32\roboot.exe
2015-10-04 14:34 . 2015-10-04 14:37 -------- d-----w- c:\users\sos pc\AppData\Roaming\systweak
2015-10-03 23:04 . 2015-10-03 23:04 -------- d-----w- c:\program files\Common Files\s3xpmpqs
2015-10-03 22:13 . 2015-10-03 22:15 -------- d-----w- c:\program files\Feed Notifier
2015-10-03 22:04 . 2015-10-05 14:38 -------- d-----w- c:\program files\Concom
2015-10-03 22:02 . 2015-10-04 14:04 -------- d-----w- c:\users\sos pc\AppData\Local\4C4C4544-1443909776-4210-8044-B5C04F4C3731
2015-10-03 22:01 . 2015-10-05 14:38 -------- d-----w- c:\program files\4C4C4544-1443909707-4210-8044-B5C04F4C3731
2015-10-03 21:59 . 2015-10-12 19:12 -------- d-----w- c:\program files\globalUpdate
2015-10-03 21:59 . 2015-10-03 21:59 -------- d-----w- c:\users\sos pc\AppData\Local\globalUpdate
2015-10-03 17:24 . 2015-10-03 17:25 -------- d-----w- c:\windows\WindowsMobile
2015-09-30 22:34 . 2007-04-10 01:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2015-09-30 22:34 . 2009-10-01 03:01 63488 ----a-w- c:\windows\system32\E_FD4BGCE.DLL
2015-09-30 20:15 . 2015-09-30 20:15 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14D922BD-4D9D-455F-BF90-F5DDB760608C}\offreg.3028.dll
2015-09-21 20:34 . 2015-09-21 20:34 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14D922BD-4D9D-455F-BF90-F5DDB760608C}\offreg.324.dll
2015-09-21 14:46 . 2015-09-21 14:46 -------- d-----w- c:\program files\Common Files\Skype
2015-09-21 14:46 . 2015-09-21 14:46 -------- d-----r- c:\program files\Skype
2015-09-19 19:42 . 2015-09-19 19:42 -------- d-----w- c:\program files\WinPcap
2015-09-19 19:39 . 2006-09-21 13:59 389120 ----a-w- c:\windows\system32\actskn43.ocx
2015-09-18 15:59 . 2015-09-18 15:59 -------- d-----w- c:\users\sos pc\AppData\Roaming\CyberLink
2015-09-18 15:59 . 2015-09-18 18:58 -------- d-----w- c:\users\Public\CyberLink
2015-09-18 15:58 . 2015-09-18 15:58 -------- d-----w- c:\users\sos pc\AppData\Local\CyberLink
2015-09-18 15:56 . 2015-09-18 15:56 -------- d-----w- c:\program files\NSIS Uninstall Information
2015-09-18 15:52 . 2015-09-18 15:52 -------- d-----w- c:\programdata\Package Cache
2015-09-18 15:51 . 2015-09-19 18:25 -------- d-----w- c:\programdata\SUPPORTDIR
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-16 19:41 . 2015-08-11 22:09 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-16 19:41 . 2015-08-11 22:09 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-31 21:10 . 2015-08-31 21:10 65536 ----a-w- c:\windows\IFinst27.exe
2015-08-11 12:22 . 2015-09-13 17:22 2895360 ----a-w- c:\windows\system32\pwNative.exe
2015-07-31 09:37 . 2015-09-17 12:12 9234960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14D922BD-4D9D-455F-BF90-F5DDB760608C}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-20 3898960]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-08-19 6490904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2012-08-16 17:46 573304 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-08-19 23:08 6490904 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2015-04-20 14:48 3898960 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-09-28 00:43 57981568 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 12:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 CLMirrorDriver;CLMirrorDriver;c:\windows\system32\DRIVERS\CLMirrorDriver.sys [x]
R3 clwvd7;CyberLink WebCam Virtual Driver 7.0 Service;c:\windows\system32\DRIVERS\clwvd7.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2015-03-05 13064]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys [2013-09-02 2514648]
S0 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2015-03-05 17160]
S2 AIPS;Arp Intelligent Protection Service;c:\program files\netcut\services\AIPS.exe [2011-07-28 262144]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2012-08-16 66424]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2012-08-16 384888]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-04-18 122432]
S2 ihpmServer;ihpmServer;c:\program files\RayDld\ihpmServer.exe [2015-10-09 268520]
S2 MobogenieService;MobogenieService;c:\program files\Mobogenie3\MobogenieService.exe [2015-05-28 127680]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 32896]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-15 21:20 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-10-17 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_19_0_0_226_pepper.exe [2015-10-16 19:41]
.
2015-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11 19:41]
.
2015-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-08 14:06]
.
2015-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-10-08 14:06]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.oursurfing.com/?type=hp&ts=1444590421&z=bd601f3714d3bfa1976de0eg4zez4zdw8tbe2z6o0g&from=amt&uid=hitachixhts542516k9sa00_080422bb6c00qggzmwncx
mStart Page = hxxp://www.oursurfing.com/?type=hp&ts=1444590421&z=bd601f3714d3bfa1976de0eg4zez4zdw8tbe2z6o0g&from=amt&uid=hitachixhts542516k9sa00_080422bb6c00qggzmwncx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-ApnTBMon - c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,30,fb,54,d6,c8,cc,46,b0,cb,66,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,30,fb,54,d6,c8,cc,46,b0,cb,66,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-10-18 11:20:44
ComboFix-quarantined-files.txt 2015-10-18 11:20
.
Avant-CF: 48 886 476 800 octets libres
Après-CF: 48 659 382 272 octets libres
.
- - End Of File - - 0791404BFE1C98F6058653640DE3731C
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité