cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-03-25.01 - user 27/03/2015 14:43:26.3.2 - x86
Microsoft Windows�7 �dition Int�grale 6.1.7601.1.1252.32.1036.18.2046.774 [GMT 1:00]
Lanc� depuis: c:\users\user\Downloads\ComboFix.exe
Commutateurs utilis�s :: c:\users\user\Desktop\CFScript - Raccourci.lnk
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-02-27 au 2015-03-27 ))))))))))))))))))))))))))))))))))))
.
.
2015-03-27 13:54 . 2015-03-27 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-27 10:28 . 2015-03-27 10:28 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48C297F6-A239-4C08-841E-4CE85587A841}\offreg.dll
2015-03-27 10:18 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48C297F6-A239-4C08-841E-4CE85587A841}\mpengine.dll
2015-03-26 13:53 . 2015-03-26 13:53 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-03-26 13:38 . 2015-03-26 13:56 -------- d-----w- c:\users\user\AppData\Roaming\ZHP
2015-03-26 13:38 . 2015-03-26 13:53 -------- d-----w- c:\program files\ZHPDiag
2015-03-25 12:26 . 2015-03-11 03:30 534528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-25 12:26 . 2015-03-11 03:30 623616 ----a-w- c:\windows\system32\invagent.dll
2015-03-25 12:26 . 2015-03-11 03:29 327168 ----a-w- c:\windows\system32\devinv.dll
2015-03-25 12:26 . 2015-03-11 03:29 818176 ----a-w- c:\windows\system32\appraiser.dll
2015-03-25 12:26 . 2015-03-11 03:29 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-25 12:26 . 2015-03-11 03:29 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-25 12:26 . 2015-03-11 03:29 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-25 12:26 . 2015-03-11 03:26 892928 ----a-w- c:\windows\system32\aeinv.dll
2015-03-21 11:14 . 2015-03-21 11:14 -------- d-----w- c:\windows\system32\vbox
2015-03-20 19:20 . 2015-03-20 19:20 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-03-20 19:20 . 2015-03-20 19:20 43112 ----a-w- c:\windows\avastSS.scr
2015-03-19 16:05 . 2015-03-19 16:05 17189552 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2015-03-17 20:33 . 2015-03-17 20:33 -------- d-----w- c:\program files\Common Files\Java
2015-03-17 20:27 . 2015-03-17 20:32 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-03-14 18:24 . 2015-02-04 03:35 24199824 ----a-w- c:\windows\system32\nvoglv32.dll
2015-03-14 18:24 . 2015-02-04 03:35 11272048 ----a-w- c:\windows\system32\nvopencl.dll
2015-03-14 18:24 . 2015-02-04 03:35 10702664 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-03-14 18:24 . 2015-02-04 03:35 908432 ----a-w- c:\windows\system32\NvIFR.dll
2015-03-14 18:24 . 2015-02-04 03:35 870032 ----a-w- c:\windows\system32\NvFBC.dll
2015-03-14 18:24 . 2015-02-04 03:35 911504 ----a-w- c:\windows\system32\nvdispgenco3234144.dll
2015-03-14 18:24 . 2015-02-04 03:35 1060680 ----a-w- c:\windows\system32\nvdispco3234144.dll
2015-03-14 18:23 . 2015-02-04 03:35 3987784 ----a-w- c:\windows\system32\nvcuvid.dll
2015-03-14 18:23 . 2015-02-04 03:35 11209376 ----a-w- c:\windows\system32\nvcuda.dll
2015-03-14 18:23 . 2015-02-04 03:35 15294096 ----a-w- c:\windows\system32\nvcompiler.dll
2015-03-14 18:00 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-14 17:59 . 2015-01-31 03:33 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2015-03-14 17:59 . 2015-01-31 03:33 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-14 17:59 . 2015-01-31 00:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
2015-03-14 17:58 . 2015-01-17 02:30 828928 ----a-w- c:\windows\system32\msctf.dll
2015-03-14 17:58 . 2015-02-26 03:11 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-03-14 17:58 . 2014-11-26 03:32 571904 ----a-w- c:\windows\system32\oleaut32.dll
2015-03-14 17:52 . 2015-02-20 04:13 26624 ----a-w- c:\windows\system32\lpk.dll
2015-03-14 17:52 . 2015-02-20 04:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-03-14 17:52 . 2015-02-20 04:13 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-03-14 17:52 . 2015-02-20 04:13 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-03-14 17:49 . 2015-02-03 03:11 100864 ----a-w- c:\windows\system32\audiodg.exe
2015-03-14 17:48 . 2014-12-08 02:46 308224 ----a-w- c:\windows\system32\scesrv.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-26 13:03 . 2014-05-12 07:48 114904 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-03-20 19:20 . 2013-12-30 17:51 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-03-20 19:20 . 2013-12-30 17:47 206976 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-03-20 19:20 . 2013-12-30 17:47 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-03-20 19:20 . 2011-10-12 11:40 427480 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-03-20 19:20 . 2014-04-25 16:39 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-03-20 19:20 . 2012-03-18 19:13 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-03-20 19:20 . 2011-10-12 11:40 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-03-20 19:19 . 2011-10-12 11:40 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-19 16:05 . 2012-04-08 19:31 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-19 16:05 . 2011-10-12 10:12 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 03:23 . 2011-01-17 02:17 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-04 03:35 . 2011-10-07 09:22 16128576 ----a-w- c:\windows\system32\nvwgf2um.dll
2015-02-04 03:35 . 2011-10-07 09:22 14497760 ----a-w- c:\windows\system32\nvd3dum.dll
2015-02-04 03:35 . 2011-10-07 09:22 2824176 ----a-w- c:\windows\system32\nvapi.dll
2015-02-04 02:06 . 2011-01-07 19:06 4388040 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-04 02:06 . 2011-01-07 19:06 3060936 ----a-w- c:\windows\system32\nvsvc.dll
2015-02-04 02:05 . 2011-01-07 19:06 670536 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-04 02:05 . 2011-01-07 19:06 61584 ----a-w- c:\windows\system32\nvshext.dll
2015-02-04 02:05 . 2011-01-07 19:06 2553032 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-04 02:05 . 2011-01-07 19:06 374928 ----a-w- c:\windows\system32\nvmctray.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-20 19:20 644608 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30872168]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
"VoipConnect"="c:\program files\VoipConnect.com\VoipConnect\voipconnect.exe" [2015-03-18 31445088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-20 5511352]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-09-17 2193560]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-09-17 2460488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"20150107"="c:\program files\AVAST Software\Avast\setup\emupdate\f8780838-4256-4cca-8a72-08266e32bfe2.exe" [2015-03-27 183232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2014-09-17 02:15 2460488 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-03-20 106912]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2013-10-28 276048]
R2 Modem HDM EC156. RunOuc;Modem HDM EC156. OUC;c:\program files\Modem HDM EC156\UpdateDog\ouc.exe [2013-12-05 651856]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys [2013-12-30 38472]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2013-12-05 95232]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2013-12-05 381952]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 MRV6X32U;Belkin N1 Wireless USB Network Adapter Driver for Windows Vista x86;c:\windows\system32\DRIVERS\MRVW24B.sys [2007-10-28 310016]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SiSGbeLH;Pilote SiS191/SiS190 Ethernet Device NDIS 6.0;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-14 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-03-20 788272]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-03-20 427480]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-03-20 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-03-20 73440]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-09-17 915784]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-09-17 1795912]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-09-17 18044744]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-03-20 220240]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-03-20 3205216]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2013-12-05 77824]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-09-17 19272]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-09-04 32928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
Contenu du dossier 'T�ches planifi�es'
.
2015-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 16:05]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C14F3E34-4EEB-48E1-A9CF-FD297665B695}: NameServer = 192.168.60.58 192.168.50.55
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f3d2su7p.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1623966849-1757875805-1393319330-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1623966849-1757875805-1393319330-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-03-27 14:56:53
ComboFix-quarantined-files.txt 2015-03-27 13:56
ComboFix2.txt 2015-03-27 13:34
ComboFix3.txt 2015-03-27 11:25
.
Avant-CF: 46.388.772.864 octets libres
Apr�s-CF: 46.409.736.192 octets libres
.
- - End Of File - - 1AA2354E3645B39CB061D1B5D8D580E5
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité