cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 17-01-13.01 - SAAD 17/01/2017 23:33:56.1.4 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.2792.1566 [GMT 1:00]
Lancé depuis: c:\users\SAAD\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.402.0 *Enabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Personal firewall *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.402.0 *Enabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\driverhardwarev2.sys
c:\program files\ma-config.com\Drivers\driverhardwarev2ia64.sys
c:\program files\ma-config.com\Drivers\driverhardwarev2x64.cat
c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys
c:\program files\ma-config.com\Drivers\matos9x.vxd
c:\program files\ma-config.com\Langues\LangueMC_de.xml
c:\program files\ma-config.com\Langues\LangueMC_en.xml
c:\program files\ma-config.com\Langues\LangueMC_es.xml
c:\program files\ma-config.com\Langues\LangueMC_fr.xml
c:\program files\ma-config.com\Langues\LangueMC_pt.xml
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\maconfservice.exe
c:\program files\ma-config.com\MCATLActiveX.dll
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\MCNoyau.dll
c:\program files\ma-config.com\MCrypt.dll
c:\program files\ma-config.com\MCSettings.exe
c:\program files\ma-config.com\nphardwaredetection.dll
c:\program files\ma-config.com\sqlite3.dll
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\mcbase.db
c:\users\SAAD\AppData\Roaming\Microsoft\Windows\Recent\errorlog.txt
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_driverhardwarev2
-------\Legacy_driverhardwarev2
-------\Service_driverhardwarev2
-------\Service_maconfservice
-------\Service_driverhardwarev2
-------\Service_maconfservice
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-12-17 au 2017-01-17 ))))))))))))))))))))))))))))))))))))
.
.
2017-01-17 17:13 . 2017-01-17 17:33 -------- d-----w- c:\users\SAAD\Doctor Web
2017-01-13 14:58 . 2017-01-13 15:09 -------- d-----w- c:\users\SAAD\AppData\Roaming\.clamwin
2017-01-13 14:58 . 2017-01-13 14:58 -------- d-----w- c:\programdata\.clamwin
2017-01-13 14:58 . 2017-01-13 14:58 -------- d-----w- c:\program files\ClamWin
2017-01-12 23:19 . 2017-01-13 14:16 -------- d-----w- C:\AdwCleaner
2017-01-12 22:16 . 2017-01-12 22:16 -------- d-----w- c:\users\SAAD\AppData\Local\CrashRpt
2017-01-12 21:57 . 2017-01-17 22:50 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-01-12 21:57 . 2017-01-12 21:57 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2017-01-12 21:57 . 2017-01-12 21:57 -------- d-----w- c:\programdata\Malwarebytes
2017-01-12 21:57 . 2016-03-10 13:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-01-12 21:57 . 2016-03-10 13:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-01-12 21:57 . 2016-03-10 13:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-01-12 21:48 . 2017-01-12 22:43 -------- d-----w- c:\users\SAAD\AppData\Roaming\ZHP
2017-01-06 13:09 . 2017-01-06 13:09 -------- d-----w- c:\users\SAAD\.borland
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-10-25 16:30 . 2016-11-22 18:53 43 ----a-w- c:\users\SAAD\AppData\Roaming\pdfdrawcodec.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 13:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-06-13 3948600]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-07-13 6851288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Accélérateur de démarrage AutoCAD.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Accélérateur de démarrage AutoCAD.lnk
backup=c:\windows\pss\Accélérateur de démarrage AutoCAD.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-07-13 20:40 6851288 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin]
2016-03-19 22:33 86016 ----a-w- c:\program files\ClamWin\bin\ClamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget\P0000000000000000]
2012-02-29 06:03 249440 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIIKE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2016-06-13 15:25 3948600 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2016-04-08 22:10 51656320 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2014-09-15 17:28 748256 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray.exe]
2012-08-15 14:18 104088 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-03-23 327808]
R2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [2012-08-15 15680000]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 ShareItSvc;ShareItSvc;c:\program files\SHAREit\SHAREit\Shareit.Service.exe [2016-04-15 33224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2016-08-21 71336]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 71152]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 61296]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-08-21 206472]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2016-08-21 156320]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2016-08-21 52904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-09-15 208896]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2016-08-21 121504]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2016-08-21 2171280]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-11 122000]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\cmw_srv.exe [2016-06-28 2757752]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-05-24 134144]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2012-08-01 719512]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-07-12 22768]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2014-06-21 77824]
S3 int0800;Intel 28F320C3 Flash Update Device Driver v6.4;c:\windows\system32\DRIVERS\flashud.sys [2009-09-09 42496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2017-01-17 170200]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2016-02-10 165440]
S3 RtkAvrcp;Realtek Bluetooth A/V Remote Control Target;c:\windows\system32\DRIVERS\RtkAvrcp.sys [2015-09-03 64624]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys [2015-10-13 542512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2015-10-20 728832]
S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys [2015-11-13 305408]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys [2014-04-01 2888408]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2015-11-12 36968]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 21:02 1384792 ----a-w- c:\program files\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\SAAD\AppData\Roaming\Mozilla\Firefox\Profiles\14ktzpgo.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
------- Associations de fichier -------
.
.scr=AutoCADScriptFile
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,1b,4d,26,7e,c9,8d,42,82,0d,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,1b,4d,26,7e,c9,8d,42,82,0d,8a,\
.
[HKEY_USERS\S-1-5-21-1613826604-1655161629-2986491360-1000_Classes\CLSID\{5784d9fb-9658-4809-8945-4132d53bcd67}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000082
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_USERS\S-1-5-21-1613826604-1655161629-2986491360-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ad,c6,45,24,35,0d,c9,b8,52,36,69,d5,d7,80,83,3a,a2,37,00,60,a9,
90,dc,9c,79,41,9c,12,75,dc,a6,24,e0,1b,6a,97,38,09,a6,fb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\vmnat.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\conhost.exe
c:\program files\ESET\ESET Smart Security\egui.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2017-01-18 00:04:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-01-17 23:04
.
Avant-CF: 82 829 045 760 octets libres
Après-CF: 82 429 726 720 octets libres
.
- - End Of File - - DFDD028F21B961D767136E2512BBB6DE
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité