Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-05-04.01 - acer 15/12/2018 20:08:07.1.4 - x86
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2670.1420 [GMT 1:00]
Lancé depuis: c:\users\acer\Desktop\combofix-17-5-4-1.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\Logs\npapi.txt
c:\programdata\ma-config.com\Temp\componenttemp.gz
c:\users\acer\Documents\~yt8E6D.tmp
c:\users\acer\Documents\~ytFA1C.tmp
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
E:\360Downloads
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2018-11-15 au 2018-12-15 ))))))))))))))))))))))))))))))))))))
.
.
2018-12-15 19:21 . 2018-12-15 19:21 63760 ----a-w- c:\windows\system32\drivers\mbam.sys
2018-12-15 19:21 . 2018-12-15 19:21 172280 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2018-12-15 19:21 . 2018-12-15 19:21 106144 ----a-w- c:\windows\system32\drivers\farflt.sys
2018-12-15 19:19 . 2018-12-15 19:36 -------- d-----w- c:\users\acer\AppData\Local\temp
2018-12-15 18:50 . 2018-12-15 19:21 230120 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-12-09 21:15 . 2018-12-15 19:21 60016 ----a-w- c:\windows\system32\drivers\EnigmaFileMonDriver.sys
2018-12-09 21:15 . 2018-12-13 19:12 -------- d-----w- c:\programdata\EnigmaSoft Limited
2018-12-09 21:13 . 2018-12-09 21:14 -------- d-----w- C:\sh5ldr
2018-12-09 20:37 . 2018-12-09 20:52 -------- d-----w- c:\program files\EnigmaSoft
2018-12-08 22:17 . 2018-12-08 22:46 -------- d-----w- C:\Pre_Scan
2018-12-07 16:16 . 2018-12-07 16:16 -------- d-----w- c:\users\acer\AppData\Local\ESET
2018-12-07 16:09 . 2018-12-12 16:33 -------- d-----w- c:\program files\ESET
2018-12-07 16:04 . 2018-12-07 16:04 -------- d-----w- c:\program files\7-Zip
2018-12-07 00:06 . 2018-12-07 00:06 -------- d-----w- c:\users\acer\AppData\Roaming\addpcs
2018-12-04 23:15 . 2018-12-05 05:16 -------- d-----w- C:\[Smad-Cage]
2018-12-04 23:15 . 2018-12-04 23:15 -------- d-----w- c:\users\acer\AppData\Roaming\Smadav
2018-12-04 23:15 . 2018-12-04 23:15 -------- d-----w- c:\program files\SMADAV
2018-12-04 21:50 . 2018-12-04 21:50 -------- d-----w- c:\users\acer\AppData\Local\mbam
2018-12-01 16:45 . 2018-12-01 16:46 -------- d-----w- c:\program files\Common Files\Atheros
2018-11-30 11:28 . 2018-11-30 11:28 -------- d-----w- c:\users\acer\AppData\Local\MagicScreen
2018-11-30 11:20 . 2018-11-30 11:37 -------- d-----w- c:\programdata\inst
2018-11-26 20:27 . 2018-11-26 20:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4360.dll
2018-11-24 12:25 . 2018-11-24 12:25 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.2844.dll
2018-11-23 16:42 . 2018-12-06 23:09 -------- d-----w- c:\users\acer\AppData\Local\CrashDumps
2018-11-20 19:44 . 2018-12-01 20:28 -------- d-----w- c:\program files\Bluetooth Suite
2018-11-20 19:39 . 2018-11-20 19:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4308.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-05 23:06 . 2016-06-21 23:01 842240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-12-05 23:06 . 2016-06-21 23:01 175104 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-11-20 19:45 . 2011-09-16 14:16 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2018-11-10 12:10 . 2018-11-10 12:10 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4932.dll
2018-11-07 17:44 . 2018-11-07 17:44 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4124.dll
2018-10-27 21:29 . 2018-10-27 21:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4276.dll
2018-10-26 11:01 . 2018-10-26 11:01 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4672.dll
2018-10-19 12:00 . 2018-10-19 12:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.5296.dll
2018-10-17 14:37 . 2018-10-17 14:37 54240 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2018-09-22 14:57 . 2018-09-22 14:57 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.5256.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-23 19:22 223432 ----a-w- c:\users\acer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-23 19:22 223432 ----a-w- c:\users\acer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-23 19:22 223432 ----a-w- c:\users\acer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CONNMGRTRAY"="c:\program files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe" [2011-06-20 363112]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-12-06 7175384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-16 10820200]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2011-08-16 1571432]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1210640]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-04-05 1813800]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 141824]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-04 147560]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-04 182888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-04 191592]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-09-16 841376]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-09-16 694432]
.
c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Moniteur de la technologie Intel® Turbo Boost 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2018-10-09 09:57 510984 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-12-06 14:09 7175384 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2017-10-06 11:38 27832264 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AntiRansom;Kaspersky Anti-Ransomware Tool for Business 1.1;c:\program files\Kaspersky Lab\Kaspersky Anti-Ransomware Tool for Business 1.1\anti_ransom.exe [x]
R2 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;c:\program files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2018-09-19 5073376]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-07-18 317408]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x]
R3 BlueStacksDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\BstkDrv.sys [2018-10-09 252360]
R3 eapihdrv;eapihdrv;c:\users\acer\AppData\Local\Temp\ehdrv.sys [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 375776]
R3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys [2016-06-07 48056]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2011-04-19 68208]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 227600]
R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2017-08-14 55328]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-18 1343400]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2013-10-08 71888]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-10-08 63824]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys [2016-06-02 108888]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-09-16 84640]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 EsgShKernel;SpyHunter 5 Kernel;c:\program files\EnigmaSoft\SpyHunter\ShKernel.exe [2018-12-09 7878960]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2016-04-07 108032]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 99192]
S2 ShMonitor;SpyHunter 5 Kernel Monitor;c:\program files\EnigmaSoft\SpyHunter\ShMonitor.exe [2018-12-09 433456]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2015-06-24 5097232]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2014-02-27 722624]
S2 WindscribeService;WindscribeService;c:\program files\Windscribe\WindscribeService.exe [2017-05-09 71272]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 60456]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 17960]
S3 bScsiMSx;bScsiMSx;c:\windows\system32\DRIVERS\bScsiMSx.sys [2011-05-16 42536]
S3 bScsiSDx;bScsiSDx;c:\windows\system32\DRIVERS\bScsiSDx.sys [2011-05-06 54824]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 25248]
S3 EnigmaFileMonDriver;EnigmaFileMonDriver Mini-Filter Driver;c:\windows\system32\Drivers\EnigmaFileMonDriver.sys [2018-12-15 60016]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 119592]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-10-02 289792]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-05-09 361000]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0127.sys [2017-08-14 26208]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2016-05-27 36944]
S3 tapwindscribe0901;Windscribe VPN;c:\windows\system32\DRIVERS\tapwindscribe0901.sys [2017-04-21 41976]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 121856]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMPROTECTION
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-12-12 21:34 2100192 ----a-w- c:\program files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-898282021-3541179277-2100125183-1000_Classes\CLSID\{289fe66a-cabf-432f-a221-ef75cc27e8b7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000088
"Therad"=dword:0000001a
"SpecVersion"=dword:0000013e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-898282021-3541179277-2100125183-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):13,16,c0,6a,5a,a7,3f,f9,3f,bb,ef,4c,61,bb,f9,b9,d0,7a,bd,79,b9,
2d,b6,74,9e,c1,3d,5d,59,ed,0f,d7,49,cc,c4,25,63,b1,ce,c4,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\TEMP\Ins5F8.tmp
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\taskhost.exe
c:\program files\Smadav\SMc:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\users\acer\AppData\Local\Programs\Opera\launcher.exe
c:\users\acer\AppData\Local\Programs\Opera\56.0.3051.116\opera_autoupdate.exe
.
**************************************************************************
.
Heure de fin: 2018-12-15 20:41:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2018-12-15 19:41
.
Avant-CF: 206 856 187 904 octets libres
Après-CF: 206 545 182 720 octets libres
.
- - End Of File - - 2F9276BA4E2859284496755325BA7767
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2670.1420 [GMT 1:00]
Lancé depuis: c:\users\acer\Desktop\combofix-17-5-4-1.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\Logs\npapi.txt
c:\programdata\ma-config.com\Temp\componenttemp.gz
c:\users\acer\Documents\~yt8E6D.tmp
c:\users\acer\Documents\~ytFA1C.tmp
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
E:\360Downloads
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2018-11-15 au 2018-12-15 ))))))))))))))))))))))))))))))))))))
.
.
2018-12-15 19:21 . 2018-12-15 19:21 63760 ----a-w- c:\windows\system32\drivers\mbam.sys
2018-12-15 19:21 . 2018-12-15 19:21 172280 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2018-12-15 19:21 . 2018-12-15 19:21 106144 ----a-w- c:\windows\system32\drivers\farflt.sys
2018-12-15 19:19 . 2018-12-15 19:36 -------- d-----w- c:\users\acer\AppData\Local\temp
2018-12-15 18:50 . 2018-12-15 19:21 230120 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-12-09 21:15 . 2018-12-15 19:21 60016 ----a-w- c:\windows\system32\drivers\EnigmaFileMonDriver.sys
2018-12-09 21:15 . 2018-12-13 19:12 -------- d-----w- c:\programdata\EnigmaSoft Limited
2018-12-09 21:13 . 2018-12-09 21:14 -------- d-----w- C:\sh5ldr
2018-12-09 20:37 . 2018-12-09 20:52 -------- d-----w- c:\program files\EnigmaSoft
2018-12-08 22:17 . 2018-12-08 22:46 -------- d-----w- C:\Pre_Scan
2018-12-07 16:16 . 2018-12-07 16:16 -------- d-----w- c:\users\acer\AppData\Local\ESET
2018-12-07 16:09 . 2018-12-12 16:33 -------- d-----w- c:\program files\ESET
2018-12-07 16:04 . 2018-12-07 16:04 -------- d-----w- c:\program files\7-Zip
2018-12-07 00:06 . 2018-12-07 00:06 -------- d-----w- c:\users\acer\AppData\Roaming\addpcs
2018-12-04 23:15 . 2018-12-05 05:16 -------- d-----w- C:\[Smad-Cage]
2018-12-04 23:15 . 2018-12-04 23:15 -------- d-----w- c:\users\acer\AppData\Roaming\Smadav
2018-12-04 23:15 . 2018-12-04 23:15 -------- d-----w- c:\program files\SMADAV
2018-12-04 21:50 . 2018-12-04 21:50 -------- d-----w- c:\users\acer\AppData\Local\mbam
2018-12-01 16:45 . 2018-12-01 16:46 -------- d-----w- c:\program files\Common Files\Atheros
2018-11-30 11:28 . 2018-11-30 11:28 -------- d-----w- c:\users\acer\AppData\Local\MagicScreen
2018-11-30 11:20 . 2018-11-30 11:37 -------- d-----w- c:\programdata\inst
2018-11-26 20:27 . 2018-11-26 20:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4360.dll
2018-11-24 12:25 . 2018-11-24 12:25 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.2844.dll
2018-11-23 16:42 . 2018-12-06 23:09 -------- d-----w- c:\users\acer\AppData\Local\CrashDumps
2018-11-20 19:44 . 2018-12-01 20:28 -------- d-----w- c:\program files\Bluetooth Suite
2018-11-20 19:39 . 2018-11-20 19:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4308.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-05 23:06 . 2016-06-21 23:01 842240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-12-05 23:06 . 2016-06-21 23:01 175104 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-11-20 19:45 . 2011-09-16 14:16 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2018-11-10 12:10 . 2018-11-10 12:10 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4932.dll
2018-11-07 17:44 . 2018-11-07 17:44 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4124.dll
2018-10-27 21:29 . 2018-10-27 21:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4276.dll
2018-10-26 11:01 . 2018-10-26 11:01 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.4672.dll
2018-10-19 12:00 . 2018-10-19 12:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.5296.dll
2018-10-17 14:37 . 2018-10-17 14:37 54240 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2018-09-22 14:57 . 2018-09-22 14:57 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{83C400E9-6261-4140-9F19-700431C10195}\offreg.5256.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-23 19:22 223432 ----a-w- c:\users\acer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-23 19:22 223432 ----a-w- c:\users\acer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-23 19:22 223432 ----a-w- c:\users\acer\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CONNMGRTRAY"="c:\program files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe" [2011-06-20 363112]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-12-06 7175384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-16 10820200]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2011-08-16 1571432]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1210640]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-04-05 1813800]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 141824]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-04 147560]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-04 182888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-04 191592]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-09-16 841376]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-09-16 694432]
.
c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Moniteur de la technologie Intel® Turbo Boost 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2018-10-09 09:57 510984 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-12-06 14:09 7175384 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2017-10-06 11:38 27832264 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AntiRansom;Kaspersky Anti-Ransomware Tool for Business 1.1;c:\program files\Kaspersky Lab\Kaspersky Anti-Ransomware Tool for Business 1.1\anti_ransom.exe [x]
R2 KSDE1.0.0;Kaspersky Secure Connection Service 1.0.0;c:\program files\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2018-09-19 5073376]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-07-18 317408]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x]
R3 BlueStacksDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\BstkDrv.sys [2018-10-09 252360]
R3 eapihdrv;eapihdrv;c:\users\acer\AppData\Local\Temp\ehdrv.sys [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [2018-12-12 375776]
R3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys [2016-06-07 48056]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2011-04-19 68208]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 227600]
R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys [2017-08-14 55328]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-18 1343400]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2013-10-08 71888]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-10-08 63824]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys [2016-06-02 108888]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [2011-09-16 84640]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 EsgShKernel;SpyHunter 5 Kernel;c:\program files\EnigmaSoft\SpyHunter\ShKernel.exe [2018-12-09 7878960]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2016-04-07 108032]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 99192]
S2 ShMonitor;SpyHunter 5 Kernel Monitor;c:\program files\EnigmaSoft\SpyHunter\ShMonitor.exe [2018-12-09 433456]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2015-06-24 5097232]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2014-02-27 722624]
S2 WindscribeService;WindscribeService;c:\program files\Windscribe\WindscribeService.exe [2017-05-09 71272]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 60456]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 17960]
S3 bScsiMSx;bScsiMSx;c:\windows\system32\DRIVERS\bScsiMSx.sys [2011-05-16 42536]
S3 bScsiSDx;bScsiSDx;c:\windows\system32\DRIVERS\bScsiSDx.sys [2011-05-06 54824]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 25248]
S3 EnigmaFileMonDriver;EnigmaFileMonDriver Mini-Filter Driver;c:\windows\system32\Drivers\EnigmaFileMonDriver.sys [2018-12-15 60016]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-05 119592]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-10-02 289792]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-05-09 361000]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0127.sys [2017-08-14 26208]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2016-05-27 36944]
S3 tapwindscribe0901;Windscribe VPN;c:\windows\system32\DRIVERS\tapwindscribe0901.sys [2017-04-21 41976]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 121856]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMPROTECTION
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2018-12-12 21:34 2100192 ----a-w- c:\program files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-898282021-3541179277-2100125183-1000_Classes\CLSID\{289fe66a-cabf-432f-a221-ef75cc27e8b7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000088
"Therad"=dword:0000001a
"SpecVersion"=dword:0000013e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-898282021-3541179277-2100125183-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):13,16,c0,6a,5a,a7,3f,f9,3f,bb,ef,4c,61,bb,f9,b9,d0,7a,bd,79,b9,
2d,b6,74,9e,c1,3d,5d,59,ed,0f,d7,49,cc,c4,25,63,b1,ce,c4,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\TEMP\Ins5F8.tmp
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\taskhost.exe
c:\program files\Smadav\SMc:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\users\acer\AppData\Local\Programs\Opera\launcher.exe
c:\users\acer\AppData\Local\Programs\Opera\56.0.3051.116\opera_autoupdate.exe
.
**************************************************************************
.
Heure de fin: 2018-12-15 20:41:02 - La machine a redémarré
ComboFix-quarantined-files.txt 2018-12-15 19:41
.
Avant-CF: 206 856 187 904 octets libres
Après-CF: 206 545 182 720 octets libres
.
- - End Of File - - 2F9276BA4E2859284496755325BA7767
A36C5E4F47E84449FF07ED3517B43A31