cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-12-07.01 - Admin 07/12/2015 20:33:19.3.4 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3997.2873 [GMT 1:00]
Lancé depuis: c:\users\Admin.BEGHDAD_TOSH1\Downloads\ComboFix.exe
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nilsen\AppData\Roaming\app
c:\users\Nilsen\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Nilsen\AppData\Roaming\app\Jerakine_lang_vesrion.dat
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-11-07 au 2015-12-07 ))))))))))))))))))))))))))))))))))))
.
.
2015-12-07 19:44 . 2015-12-07 19:44 -------- d-----w- c:\users\Nilsen\AppData\Local\temp
2015-12-07 19:44 . 2015-12-07 19:44 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2015-12-07 19:44 . 2015-12-07 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-07 19:44 . 2015-12-07 19:44 -------- d-----w- c:\users\ADMIN\AppData\Local\temp
2015-12-06 21:35 . 2015-12-06 21:36 -------- d-----w- c:\windows\system32\catroot2
2015-12-04 19:02 . 2015-12-04 19:02 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-12-04 18:10 . 2015-12-04 18:10 -------- d-----w- C:\RegBackup
2015-12-04 17:44 . 2015-12-04 17:44 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-12-03 08:55 . 2015-12-03 08:56 -------- d-----w- c:\program files (x86)\ZHPFix
2015-12-03 08:46 . 2015-12-06 15:38 -------- d-----w- c:\users\Admin.BEGHDAD_TOSH1\AppData\Roaming\ZHP
2015-12-02 20:55 . 2015-12-06 15:38 -------- d-----w- C:\AdwCleaner
2015-12-02 20:20 . 2015-12-07 19:45 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-12-02 20:20 . 2015-12-02 20:20 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-12-02 20:20 . 2015-12-02 20:20 -------- d-----w- c:\programdata\Malwarebytes
2015-12-02 20:20 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-12-02 20:20 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-02 20:20 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-02 17:40 . 2015-12-02 17:40 -------- d-----w- c:\users\Admin.BEGHDAD_TOSH1\AppData\Local\Opera Software
2015-12-02 17:40 . 2015-12-02 17:40 -------- d-----w- c:\users\Admin.BEGHDAD_TOSH1\AppData\Roaming\Opera Software
2015-12-02 17:22 . 2015-12-02 17:22 -------- d-----w- c:\users\Admin.BEGHDAD_TOSH1\AppData\Local\Programs
2015-11-23 20:28 . 2015-11-23 20:28 -------- d-----w- c:\users\Admin.BEGHDAD_TOSH1\AppData\Roaming\Sony Creative Software Inc
2015-11-21 23:32 . 2015-11-21 23:39 -------- d-----w- c:\users\Admin.BEGHDAD_TOSH1\AppData\Roaming\MAXON
2015-11-21 23:31 . 2015-11-21 23:31 -------- d-----w- c:\program files (x86)\Common Files\Intel
2015-11-21 13:26 . 2015-11-21 13:26 -------- d-----w- c:\users\Admin.BEGHDAD_TOSH1\AppData\Local\Mega Limited
2015-11-14 14:08 . 2015-11-14 14:39 -------- d-----w- c:\program files (x86)\Heroes of the Storm Public Test
2015-11-14 13:17 . 2015-11-18 09:44 -------- d-----w- c:\program files (x86)\Heroes of the Storm
2015-11-14 13:11 . 2015-11-18 09:44 -------- d-----w- c:\program files (x86)\Battle.net
2015-11-12 18:01 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys
2015-11-11 13:03 . 2015-11-11 13:03 -------- d-----w- c:\users\Admin.BEGHDAD_TOSH1\AppData\Roaming\LolClient
2015-11-11 12:16 . 2015-11-03 22:10 293064 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-11-11 12:12 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-11-11 10:39 . 2015-11-11 10:39 -------- d-----w- c:\programdata\Riot Games
2015-11-11 10:38 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2015-11-11 10:38 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2015-11-11 10:38 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2015-11-11 10:38 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2015-11-11 10:38 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2015-11-11 10:37 . 2015-11-11 10:37 -------- d-----w- C:\Riot Games
2015-11-11 10:32 . 2015-12-03 09:47 -------- d-----w- c:\users\Admin.BEGHDAD_TOSH1\AppData\Roaming\Riot Games
2015-11-10 21:11 . 2015-11-10 21:11 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-11-10 21:11 . 2015-11-10 21:11 -------- d-----r- c:\program files (x86)\Skype
2015-11-10 18:58 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-11-10 18:58 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-10 17:56 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-10 17:56 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-11-10 17:56 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-11-10 17:56 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-11-10 17:56 . 2015-08-05 17:56 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-11-10 17:56 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
2015-11-10 17:56 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-11-10 17:56 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-11-10 17:56 . 2015-07-15 20:24 2560 ----a-w- c:\windows\system32\drivers\fr-FR\mountmgr.sys.mui
2015-11-10 17:56 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
2015-11-10 17:26 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-11-10 17:23 . 2015-06-15 21:50 112064 ----a-w- c:\windows\system32\consent.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-02 14:49 . 2015-01-17 14:25 75472 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-12-02 14:49 . 2015-01-17 14:25 162072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-12-02 14:49 . 2015-01-17 14:25 140448 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-11-11 23:01 . 2015-01-17 15:10 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-10-20 00:45 . 2015-11-11 12:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-11-05 50270848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-12-02 803200]
"QAppTray"="c:\program files (x86)\Qustodio\qapp\QAppTray.exe" [2015-02-26 3670280]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2015-10-14 66320]
.
c:\users\Nilsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IRIScan Mouse.lnk - c:\program files (x86)\IRIScan Mouse\Scanner Mouse.exe /tray [2013-1-22 37777000]
Super Finder XT.lnk - c:\program files (x86)\SuperFinder\SuperFinder.exe auto [2015-1-17 2447360]
.
c:\users\Admin.BEGHDAD_TOSH1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IRIScan Mouse.lnk - c:\program files (x86)\IRIScan Mouse\Scanner Mouse.exe /tray [2013-1-22 37777000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Service de gestion Web;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 qwdf64;qwdf64 service;c:\windows\system32\Drivers\qwdf64.sys;c:\windows\SYSNATIVE\Drivers\qwdf64.sys [x]
S1 qwdr64;qwdr64 service;c:\windows\system32\Drivers\qwdr64.sys;c:\windows\SYSNATIVE\Drivers\qwdr64.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ftpsvc;Service FTP Microsoft;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\system32\irstrtsv.exe;c:\windows\SYSNATIVE\irstrtsv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 qengine;qengine;c:\program files (x86)\Qustodio\qproxy\qengine.exe;c:\program files (x86)\Qustodio\qproxy\qengine.exe [x]
S2 qupdate;qupdate;c:\program files (x86)\Qustodio\qapp\QUpdateService.exe;c:\program files (x86)\Qustodio\qapp\QUpdateService.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-02 20:39 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.73\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-07 17:20]
.
2015-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-07 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = https://search.avira.net/#web/result?source=art&q=
mStart Page = www.google.com
mDefault_Search_URL = https://search.avira.net/#web/result?source=art&q=
mDefault_Page_URL = https://search.avira.net/#web/result?source=art&q=
mSearch Page = https://search.avira.net/#web/result?source=art&q=
TCP: DhcpNameServer = 192.168.0.254
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file)
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file)
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\irstrtsv.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
.
**************************************************************************
.
Heure de fin: 2015-12-07 20:48:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-12-07 19:48
ComboFix2.txt 2015-12-07 10:38
.
Avant-CF: 23 563 825 152 octets libres
Après-CF: 23 282 475 008 octets libres
.
- - End Of File - - 150BF0F64061ED0A1068794C14226545
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité