cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-09-21.01 - hp 24/09/2015 20:11:47.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.2021.1065 [GMT 2:00]
Lancé depuis: c:\users\hp\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FreeVideoCutter.exe
c:\program files\FreeVideoCutter.exe\FreeVideoCutter.exe
c:\users\hp\AppData\Roaming\ZHP
c:\users\hp\AppData\Roaming\ZHP\HOSTS.txt
c:\users\hp\AppData\Roaming\ZHP\Licence.txt
c:\users\hp\AppData\Roaming\ZHP\Tempo.txt
c:\users\hp\AppData\Roaming\ZHP\Trace.txt
c:\users\hp\AppData\Roaming\ZHP\ZHPDiag.txt
c:\users\hp\AppData\Roaming\ZHP\ZHPDiag3.exe
c:\users\hp\ChromeSetup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-08-24 au 2015-09-24 ))))))))))))))))))))))))))))))))))))
.
.
2015-09-24 18:07 . 2015-07-20 13:49 208664 ----a-w- c:\windows\system32\drivers\asw7C13.tmp
2015-09-24 18:07 . 2015-07-20 13:49 113592 ----a-w- c:\windows\system32\drivers\asw7C62.tmp
2015-09-24 18:07 . 2015-07-20 13:49 76000 ----a-w- c:\windows\system32\drivers\asw77DC.tmp
2015-09-24 18:07 . 2015-07-20 13:49 49776 ----a-w- c:\windows\system32\drivers\asw7869.tmp
2015-09-24 18:07 . 2015-07-20 13:49 433264 ----a-w- c:\windows\system32\drivers\asw7906.tmp
2015-09-24 18:07 . 2015-07-20 13:49 81728 ----a-w- c:\windows\system32\drivers\asw7683.tmp
2015-09-24 18:07 . 2015-07-20 13:49 24016 ----a-w- c:\windows\system32\drivers\asw776E.tmp
2015-09-24 18:07 . 2015-07-20 13:48 788784 ----a-w- c:\windows\system32\drivers\asw7421.tmp
2015-09-24 18:07 . 2015-09-24 18:07 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-09-24 18:07 . 2015-09-24 18:07 43112 ----a-w- c:\windows\avastSS.scr
2015-09-22 11:38 . 2015-09-22 11:38 98520 ----a-w- c:\windows\system32\drivers\72D10B4D.sys
2015-09-21 17:47 . 2015-09-21 17:47 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABF57CF8-C89D-462F-B5A7-6921700B9810}\offreg.2712.dll
2015-09-18 13:23 . 2015-09-18 13:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABF57CF8-C89D-462F-B5A7-6921700B9810}\offreg.2840.dll
2015-09-18 12:00 . 2015-09-24 18:01 -------- d-----w- c:\program files\Common Files\Adobe
2015-09-16 13:52 . 2015-09-16 13:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABF57CF8-C89D-462F-B5A7-6921700B9810}\offreg.3068.dll
2015-09-16 13:34 . 2015-09-16 13:34 98520 ----a-w- c:\windows\system32\drivers\2C070F6D.sys
2015-09-15 18:02 . 2015-09-15 18:02 -------- d-----w- c:\users\hp\AppData\Local\CrashRpt
2015-09-15 17:20 . 2015-09-15 17:20 98520 ----a-w- c:\windows\system32\drivers\24486E7C.sys
2015-09-13 19:14 . 2015-09-13 19:15 -------- d-----w- c:\users\hp\AppData\Local\Free Video Cutter 1.3
2015-09-13 19:14 . 2015-09-13 19:14 -------- d-----w- c:\program files\Tomatosoft
2015-09-13 19:10 . 2015-09-13 19:10 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABF57CF8-C89D-462F-B5A7-6921700B9810}\offreg.2812.dll
2015-09-13 17:34 . 2015-09-13 17:34 98520 ----a-w- c:\windows\system32\drivers\66435CDC.sys
2015-09-13 13:34 . 2015-09-13 13:34 98520 ----a-w- c:\windows\system32\drivers\0255253C.sys
2015-09-13 10:49 . 2015-09-13 10:49 98520 ----a-w- c:\windows\system32\drivers\077626CE.sys
2015-09-12 22:34 . 2015-09-12 22:34 98520 ----a-w- c:\windows\system32\drivers\6E607463.sys
2015-09-12 17:34 . 2015-09-12 17:34 98520 ----a-w- c:\windows\system32\drivers\72FF0ED4.sys
2015-09-10 11:34 . 2015-09-10 11:34 98520 ----a-w- c:\windows\system32\drivers\29BE5F2B.sys
2015-09-09 14:56 . 2015-09-09 14:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABF57CF8-C89D-462F-B5A7-6921700B9810}\offreg.2876.dll
2015-09-09 14:37 . 2015-09-24 17:50 -------- d-----w- c:\users\hp\AppData\Roaming\YcanPDF
2015-09-09 12:25 . 2015-09-09 12:25 98520 ----a-w- c:\windows\system32\drivers\47B737FE.sys
2015-09-08 21:34 . 2015-09-08 21:34 98520 ----a-w- c:\windows\system32\drivers\744A0DEF.sys
2015-09-08 17:34 . 2015-09-08 17:34 98520 ----a-w- c:\windows\system32\drivers\72A05611.sys
2015-09-08 11:35 . 2015-09-08 11:35 98520 ----a-w- c:\windows\system32\drivers\110D433F.sys
2015-09-07 19:47 . 2015-09-07 19:47 98520 ----a-w- c:\windows\system32\drivers\735E6DCE.sys
2015-09-06 18:34 . 2015-09-06 18:34 98520 ----a-w- c:\windows\system32\drivers\7B9967E3.sys
2015-09-05 13:34 . 2015-09-05 13:34 98520 ----a-w- c:\windows\system32\drivers\6917342B.sys
2015-09-04 20:34 . 2015-09-04 20:34 98520 ----a-w- c:\windows\system32\drivers\2C5B2757.sys
2015-09-04 10:34 . 2015-09-04 10:34 98520 ----a-w- c:\windows\system32\drivers\37A35C2E.sys
2015-09-03 11:34 . 2015-09-03 11:34 98520 ----a-w- c:\windows\system32\drivers\59C73C1F.sys
2015-09-02 21:34 . 2015-09-02 21:34 98520 ----a-w- c:\windows\system32\drivers\63653919.sys
2015-09-01 10:28 . 2015-09-01 10:28 98520 ----a-w- c:\windows\system32\drivers\78CA6D95.sys
2015-08-31 17:34 . 2015-08-31 17:34 98520 ----a-w- c:\windows\system32\drivers\554B6514.sys
2015-08-30 10:37 . 2015-08-30 10:37 98520 ----a-w- c:\windows\system32\drivers\652A57F7.sys
2015-08-29 09:34 . 2015-08-29 09:34 98520 ----a-w- c:\windows\system32\drivers\1156595F.sys
2015-08-28 11:34 . 2015-08-28 14:33 98520 ----a-w- c:\windows\system32\drivers\1EE66746.sys
2015-08-27 21:34 . 2015-08-27 21:34 98520 ----a-w- c:\windows\system32\drivers\4E6B6456.sys
2015-08-27 17:34 . 2015-08-27 17:34 98520 ----a-w- c:\windows\system32\drivers\16852CB0.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-24 18:22 . 2015-08-12 10:29 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-24 18:07 . 2014-11-14 08:30 115640 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-09-24 18:07 . 2014-11-14 08:30 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-09-24 18:07 . 2014-11-14 08:30 434184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-09-24 18:07 . 2014-11-14 08:30 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-09-24 18:07 . 2014-11-14 08:30 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-09-24 18:07 . 2014-11-14 08:30 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-09-24 18:07 . 2014-11-14 08:30 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-09-24 18:07 . 2014-11-14 08:30 789296 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-21 22:34 . 2015-08-21 22:34 98520 ----a-w- c:\windows\system32\drivers\50E53D83.sys
2015-08-21 15:34 . 2015-08-21 15:34 98520 ----a-w- c:\windows\system32\drivers\06D67BE1.sys
2015-08-20 02:18 . 2015-08-22 14:30 9234960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABF57CF8-C89D-462F-B5A7-6921700B9810}\mpengine.dll
2015-08-19 22:34 . 2015-08-19 22:34 98520 ----a-w- c:\windows\system32\drivers\52C02118.sys
2015-08-18 20:34 . 2015-08-18 20:34 98520 ----a-w- c:\windows\system32\drivers\0698772E.sys
2015-08-17 08:30 . 2015-08-17 08:30 98520 ----a-w- c:\windows\system32\drivers\298A7EA3.sys
2015-08-16 13:35 . 2015-08-16 13:35 98520 ----a-w- c:\windows\system32\drivers\138319EE.sys
2015-08-15 16:34 . 2015-08-15 16:34 98520 ----a-w- c:\windows\system32\drivers\0B5A5504.sys
2015-08-14 21:34 . 2015-08-14 21:34 98520 ----a-w- c:\windows\system32\drivers\3B696C98.sys
2015-08-13 21:34 . 2015-08-13 21:34 98520 ----a-w- c:\windows\system32\drivers\26531E66.sys
2015-08-13 16:33 . 2015-08-13 15:44 98520 ----a-w- c:\windows\system32\drivers\5736126E.sys
2015-08-13 11:34 . 2015-08-13 11:34 98520 ----a-w- c:\windows\system32\drivers\33A65334.sys
2015-08-05 13:13 . 2015-08-05 13:08 179600 ----a-w- c:\windows\system32\mfevtps.exe
2015-08-05 13:13 . 2012-06-22 05:52 575984 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-07-20 13:49 692512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-07-20 6109776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-01-04 280576]
.
c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe nas [2014-12-31 12128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-16 108032]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2015-06-23 1371960]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 206784]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-09-24 789296]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-09-24 434184]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-09-24 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-09-24 76000]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-09-24 115640]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2015-08-05 179600]
S2 SparkSvc;Baidu Spark Service;c:\program files\baidu\Baidu Browser\sparkservice.exe [2015-09-21 97080]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-{F0A37341-D692-11D4-A984-009027EC0A9C} - c:\program files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2208684320-2269802520-2041164698-1000_Classes\CLSID\{1925d5c4-c89f-4d2a-b390-b5d4f25e477f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000015b
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_USERS\S-1-5-21-2208684320-2269802520-2041164698-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):bf,b2,5a,7d,80,4f,79,f9,71,f3,80,76,95,8a,27,3e,57,bb,88,63,68,
53,f2,95,f4,5f,73,12,82,24,c3,da,a7,59,b8,ee,63,66,65,48,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Paltalk Messenger\paltalk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Heure de fin: 2015-09-24 20:32:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-09-24 18:32
.
Avant-CF: 8 704 593 920 octets libres
Après-CF: 8 415 432 704 octets libres
.
- - End Of File - - 278A222954C737EEA1D5C6F5C9B73E3B
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité