Format du document : text/plain
Prévisualisation
ComboFix 16-09-28.01 - -user 06/10/2016 12:31:02.3.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1993.1094 [GMT 2:00]
Lancé depuis: c:\users\-user.WXPP-XXX\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\-user.WXPP-XXX\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
FW: Kaspersky Anti-Virus *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Anti-Virus *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
FILE ::
"c:\windows\System32\drivers\peleiq.sys"
"c:\windows\System32\drivers\qlswql.sys"
"c:\windows\System32\drivers\qmryom.sys"
"c:\windows\System32\drivers\rnhnor.sys"
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-09-06 au 2016-10-06 ))))))))))))))))))))))))))))))))))))
.
.
2016-10-06 10:41 . 2016-10-06 10:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2016-10-06 10:41 . 2016-10-06 10:41 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2016-10-06 10:41 . 2016-10-06 10:41 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2016-10-06 10:41 . 2016-10-06 10:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-06 10:41 . 2016-10-06 10:41 -------- d-----w- c:\users\-user\AppData\Local\temp
2016-09-23 07:00 . 2016-09-23 07:00 -------- d-----w- c:\program files\ESET
2016-09-23 05:54 . 2016-09-23 05:56 -------- d-----w- c:\program files\ZHPFix
2016-09-22 09:57 . 2016-10-06 10:43 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Local\Temp
2016-09-22 09:29 . 2016-09-22 09:52 -------- d-----w- C:\zoek_backup
2016-09-22 06:19 . 2016-09-22 07:35 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-22 06:18 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-22 06:18 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-22 06:18 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-22 06:18 . 2016-09-22 06:18 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-09-22 06:15 . 2016-10-05 13:53 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Roaming\AdAnti
2016-09-21 12:51 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2016-09-21 12:51 . 2012-07-05 20:06 687544 ----a-w- c:\windows\system32\deployJava1.dll
2016-09-21 12:37 . 2016-09-21 12:37 -------- d-----w- c:\users\-user.WXPP-XXX\.oracle_jre_usage
2016-09-21 12:37 . 2016-09-21 12:37 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2016-09-21 09:23 . 2016-08-05 15:13 2048 ----a-w- c:\windows\system32\tzres.dll
2016-09-21 08:00 . 2016-10-04 10:01 -------- d-----w- C:\FRST
2016-09-21 07:50 . 2016-09-23 06:08 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Roaming\ZHP
2016-09-20 13:43 . 2016-09-20 14:23 147328 ----a-w- c:\windows\system32\drivers\klflt.sys
2016-09-20 13:43 . 2016-09-20 14:14 53168 ----a-w- c:\windows\system32\drivers\klhk.sys
2016-09-19 13:26 . 2016-09-19 13:26 -------- d-----w- c:\windows\system32\kuv
2016-09-19 11:52 . 2016-09-19 11:52 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Local\Apps
2016-09-19 11:48 . 2016-09-19 11:48 -------- d-----w- c:\programdata\Avira
2016-09-19 11:48 . 2016-09-19 11:48 -------- d-----w- c:\programdata\Avg
2016-09-16 06:06 . 2016-09-16 06:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D7A9437-B946-46B6-A154-63D428BF9AC9}\offreg.4660.dll
2016-09-16 05:48 . 2016-08-02 22:19 9654712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D7A9437-B946-46B6-A154-63D428BF9AC9}\mpengine.dll
2016-09-14 07:18 . 2016-07-07 15:20 1309928 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-09-14 07:18 . 2016-07-07 15:20 240872 ----a-w- c:\windows\system32\drivers\netio.sys
2016-09-14 07:18 . 2016-07-07 15:20 187624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2016-09-14 07:18 . 2016-07-07 14:57 35840 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2016-09-14 07:18 . 2016-07-01 15:13 84480 ----a-w- c:\windows\system32\INETRES.dll
2016-09-14 07:18 . 2016-07-01 15:13 741888 ----a-w- c:\windows\system32\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-05 13:50 . 2001-08-17 05:59 237216 --sha-w- c:\windows\system32\drivers\rnhnor.sys
2016-10-05 13:50 . 2008-12-09 14:03 267024 --sha-w- c:\windows\system32\drivers\qlswql.sys
2016-10-05 13:50 . 2001-08-17 05:59 237216 --sha-w- c:\windows\system32\drivers\peleiq.sys
2016-09-21 12:52 . 2014-01-20 07:07 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-09-20 14:23 . 2015-06-11 17:32 44120 ----a-w- c:\windows\system32\drivers\klim6.sys
2016-09-20 14:23 . 2015-06-08 17:43 39304 ----a-w- c:\windows\system32\drivers\klpd.sys
2016-09-20 14:23 . 2015-06-06 06:48 66976 ----a-w- c:\windows\system32\drivers\kldisk.sys
2016-09-14 07:24 . 2012-06-20 10:36 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-09-14 07:24 . 2011-06-15 09:39 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-07-26 12:24 . 2010-01-13 09:03 406184 ------w- c:\windows\system32\MpSigStub.exe
2009-07-13 23:11 55296 --sha-w- c:\windows\System32\drivers\alifide.sys
2008-12-09 14:03 267024 --sha-w- c:\windows\System32\drivers\qmryom.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sage AutoUpdate.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sage AutoUpdate.lnk
backup=c:\windows\pss\Sage AutoUpdate.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-12-17 17:39 60688 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-12-08 19:23 6602152 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileOpenBroker]
2013-03-26 10:23 908144 ----a-w- c:\program files\FileOpen\Services\FileOpenBroker32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 00:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-12-17 21:12 157456 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iWareV3]
2009-03-27 19:55 507904 ----a-w- c:\program files\MouseDriver\OfficeMouse.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegTool]
2012-02-27 13:26 945152 ----a-w- c:\program files\Gemalto\Classic Client\BIN\RegTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-02 18:07 7596576 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SN0XRCV]
2006-10-23 08:11 102400 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\SN0XRCV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-06-01 11:08 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2015-03-12 39376]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 SageCHAU.Service;Sage AutoUpdate;c:\programdata\Sage\AutoUpdate\SageCHAU.Service.exe [2012-09-13 13312]
R3 CFcatchme;CFcatchme;c:\users\-USER~1.WXP\AppData\Local\Temp\CFcatchme.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2016-06-14 26168]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys [2016-06-14 40504]
R3 eapihdrv;eapihdrv;c:\users\-USER~1.WXP\AppData\Local\Temp\ehdrv.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2013-04-24 98816]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-10-30 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2014-06-10 18944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1343400]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R4 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [2012-08-16 53248]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\DRIVERS\cm_km.sys [2015-07-05 201912]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys [2015-06-06 46776]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys [2015-06-26 58224]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys [2016-09-20 53168]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2016-09-20 44120]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys [2016-09-20 39304]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2015-06-11 54328]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys [2015-06-16 87736]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2015-06-23 156856]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2013-07-30 137232]
S2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [2016-09-20 194000]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FileOpenManager;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManager32.exe [2013-03-19 217456]
S2 GslShmSrvc;GSL Share Memory;c:\program files\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2011-05-12 85504]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys [2016-09-20 66976]
S2 Sentinel RMS License Manager;Sentinel RMS License Manager;c:\program files\Common Files\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe [2010-05-26 847872]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-24 2066968]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-10 214696]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2016-09-20 147328]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2015-06-06 37048]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2015-06-06 38072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
utcsvc REG_MULTI_SZ DiagTrack
TherkaleSchedule REG_MULTI_SZ TherkaleSchedule
.
Contenu du dossier 'Tâches planifiées'
.
2016-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 07:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\-user.WXPP-XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rnxs7jbn.default-1474552426118\
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\conhost.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Heure de fin: 2016-10-06 12:48:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-10-06 10:48
ComboFix2.txt 2016-10-05 08:18
.
Avant-CF: 237 404 872 704 octets libres
Après-CF: 237 330 014 208 octets libres
.
- - End Of File - - 8B50B07F7CF9FB2BDD2238B7F7CFD276
A36C5E4F47E84449FF07ED3517B43A31