cjoint

Publicité


Publicité

Commentaire : Merci Team <3

Format du document : text/plain

Prévisualisation

ComboFix 17-12-11.01 - pc 26/12/2017 3:25.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1894.1234 [GMT 0:00]
Lancé depuis: c:\users\pc\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\pc\AppData\LocalEJmPLMmTxW.exe
c:\users\pc\AppData\LocalWysNWxZlin.exe
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\420d260d132c2dbbc87f0cd90e34797d.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-11-26 au 2017-12-26 ))))))))))))))))))))))))))))))))))))
.
.
2017-12-26 03:33 . 2017-12-26 03:33 -------- d-----w- c:\users\pc\AppData\Local\temp
2017-12-26 03:33 . 2017-12-26 03:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-12-24 05:31 . 2017-12-25 03:31 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.2008.dll
2017-12-21 02:42 . 2017-12-21 02:42 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.260.dll
2017-12-20 02:50 . 2017-12-20 02:50 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.2000.dll
2017-12-13 04:35 . 2017-12-22 06:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.1956.dll
2017-12-09 04:59 . 2017-12-09 04:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.2004.dll
2017-12-08 05:08 . 2017-12-08 05:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.2012.dll
2017-12-07 05:11 . 2017-12-07 05:11 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.2036.dll
2017-12-03 05:01 . 2017-12-03 05:01 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.1928.dll
2017-11-26 05:05 . 2017-11-26 05:05 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.2272.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-27 05:57 . 2017-02-11 06:07 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.2232.dll
2017-11-11 07:26 . 2017-11-11 07:26 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-11-11 02:37 . 2017-11-11 02:37 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.2144.dll
2017-10-28 00:34 . 2017-10-28 00:34 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-10-28 00:34 . 2017-10-28 00:34 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-10-25 14:34 . 2017-10-25 14:34 31032 ----a-w- c:\windows\system32\drivers\phantomtap.sys
2017-10-25 02:45 . 2017-10-25 02:45 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.1180.dll
2017-10-24 05:24 . 2017-10-24 05:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.1528.dll
2017-10-20 05:41 . 2017-10-20 05:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.728.dll
2017-10-16 05:42 . 2017-10-16 05:42 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97DBF322-0E5F-46EC-B57B-60ADA961C8D0}\offreg.3348.dll
2017-10-16 02:15 . 2017-10-16 02:15 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2017-10-16 02:15 . 2017-10-16 02:15 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2017-10-16 02:14 . 2017-10-16 02:14 9728 ----a-w- c:\windows\system32\Wdfres.dll
2017-10-16 02:14 . 2017-10-16 02:14 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2017-10-16 02:14 . 2017-10-16 02:14 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2017-10-16 02:14 . 2017-10-16 02:14 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2017-10-16 02:14 . 2017-10-16 02:14 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2017-10-16 02:14 . 2017-10-16 02:14 434688 ----a-w- c:\windows\system32\scavengeui.dll
2017-10-16 02:14 . 2017-10-16 02:14 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2017-10-16 02:13 . 2017-10-16 02:13 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2017-10-16 02:13 . 2017-10-16 02:13 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2017-10-16 02:13 . 2017-10-16 02:13 4916224 ----a-w- c:\windows\system32\mstscax.dll
2017-10-16 02:13 . 2017-10-16 02:13 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2017-10-16 02:13 . 2017-10-16 02:13 37376 ----a-w- c:\windows\system32\tsgqec.dll
2017-10-16 02:13 . 2017-10-16 02:13 3584 ----a-w- c:\windows\system32\drivers\fr-FR\tsusbflt.sys.mui
2017-10-16 02:13 . 2017-10-16 02:13 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2017-10-16 02:13 . 2017-10-16 02:13 317440 ----a-w- c:\windows\system32\wksprt.exe
2017-10-16 02:13 . 2017-10-16 02:13 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2017-10-16 02:13 . 2017-10-16 02:13 27136 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2017-10-16 02:13 . 2017-10-16 02:13 269312 ----a-w- c:\windows\system32\aaclient.dll
2017-10-16 02:13 . 2017-10-16 02:13 221184 ----a-w- c:\windows\system32\rdpudd.dll
2017-10-16 02:13 . 2017-10-16 02:13 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2017-10-16 02:13 . 2017-10-16 02:13 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2017-10-16 02:13 . 2017-10-16 02:13 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2017-10-16 02:13 . 2017-10-16 02:13 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-10-16 02:13 . 2017-10-16 02:13 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2017-10-16 02:13 . 2017-10-16 02:13 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-10-16 02:13 . 2017-10-16 02:13 1048064 ----a-w- c:\windows\system32\mstsc.exe
2017-10-16 02:13 . 2017-10-16 02:13 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-10-16 02:13 . 2017-10-16 02:13 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2017-10-16 02:13 . 2017-10-16 02:13 247808 ----a-w- c:\windows\system32\schannel.dll
2017-10-16 02:13 . 2017-10-16 02:13 22528 ----a-w- c:\windows\system32\lsass.exe
2017-10-16 02:13 . 2017-10-16 02:13 220160 ----a-w- c:\windows\system32\ncrypt.dll
2017-10-16 02:13 . 2017-10-16 02:13 22016 ----a-w- c:\windows\system32\secur32.dll
2017-10-16 02:13 . 2017-10-16 02:13 15872 ----a-w- c:\windows\system32\sspisrv.dll
2017-10-16 02:13 . 2017-10-16 02:13 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-10-16 02:13 . 2017-10-16 02:13 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2017-10-16 02:13 . 2017-10-16 02:13 100352 ----a-w- c:\windows\system32\sspicli.dll
2017-10-16 02:12 . 2017-10-16 02:12 903168 ----a-w- c:\windows\system32\certutil.exe
2017-10-16 02:12 . 2017-10-16 02:12 43008 ----a-w- c:\windows\system32\certenc.dll
2017-10-16 02:12 . 2017-10-16 02:12 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2017-10-16 02:12 . 2017-10-16 02:12 1160192 ----a-w- c:\windows\system32\crypt32.dll
2017-10-16 02:12 . 2017-10-16 02:12 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2017-05-22 11:16 759072 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ultracopier"="c:\program files\Supercopier\supercopier.exe" [2016-01-01 1157632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-04 147560]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-04 182888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2017-09-05 587288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files\IObit\IObit Uninstaller\IUService.exe [2017-06-14 206112]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2013-12-24 506664]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 hmatap;HMA TAP-Windows Adapter V9;c:\windows\system32\DRIVERS\hmatap.sys [2017-07-12 41408]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [x]
R3 phantomtap;Phantom TAP-Windows Adapter V9;c:\windows\system32\DRIVERS\phantomtap.sys [2017-10-25 31032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2017-10-16 14848]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-02-27 317400]
R3 SparkSvc;Baidu Spark Service;c:\program files\baidu\Baidu Browser\sparkservice.exe [2017-09-19 96784]
R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2015-03-13 1359040]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2017-10-16 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2017-10-16 27136]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-10-02 289792]
S3 IUFileFilter;IUFileFilter;c:\program files\IObit\IObit Uninstaller\drivers\win7_x86\IUFileFilter.sys [2017-06-06 20368]
S3 IURegProcessFilter;IURegProcessFilter;c:\program files\IObit\IObit Uninstaller\drivers\win7_x86\IURegProcessFilter.sys [2017-09-28 20336]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2014-01-07 270552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-01-08 693464]
S3 USBPcap;USBPcap Capture Service;c:\windows\system32\DRIVERS\USBPcap.sys [2017-08-20 31416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-12-07 01:58 1538904 ----a-w- c:\program files\Google\Chrome\Application\63.0.3239.84\Installer\chrmstp.exe
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = 164.132.201.163:3128
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{79B09984-746E-409E-AED9-09FA68FFE1A9}: NameServer = 77.234.40.79
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\jsj6k1z0.default\
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-MBAMService
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2647136356-2877453202-2289278983-1000_Classes\CLSID\{513a39cc-af87-4bc9-9fe2-5aa04920482f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000012c
"Therad"=dword:00000011
.
[HKEY_USERS\S-1-5-21-2647136356-2877453202-2289278983-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):73,87,09,4e,c3,8e,8c,78,78,f1,2b,ac,08,c6,ff,a3,5a,57,aa,d1,00,
96,96,b6,14,09,84,84,d0,eb,71,fb,ec,56,57,dd,32,67,6c,93,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-12-26 03:35:36
ComboFix-quarantined-files.txt 2017-12-26 03:35
.
Avant-CF: 5 929 578 496 octets libres
Après-CF: 6 120 828 928 octets libres
.
- - End Of File - - EB20AAE2E5AFA24F51281D2ECFA1BA3F
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité