cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-10-01.01 - Packard Bell 05/10/2015 18:32:34.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3070.1859 [GMT 2:00]
Lancé depuis: c:\users\Packard Bell\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 3
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-09-05 au 2015-10-05 ))))))))))))))))))))))))))))))))))))
.
.
2015-10-05 16:43 . 2015-10-05 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-04 13:40 . 2015-10-04 16:30 -------- d-----w- C:\FRST
2015-10-04 09:41 . 2015-10-04 09:41 -------- d-----w- C:\MGADiagToolOutput
2015-10-04 09:41 . 2015-10-04 09:41 -------- d-----w- c:\programdata\Office Genuine Advantage
2015-10-04 08:45 . 2015-10-04 08:45 -------- d-----w- c:\program files\CrystalDiskInfo
2015-10-04 08:29 . 2015-10-04 17:05 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\ZHP
2015-10-03 23:10 . 2015-10-03 23:11 -------- d-----w- c:\program files\CCleaner
2015-10-03 22:29 . 2015-10-03 22:29 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-03 22:29 . 2015-10-03 23:08 -------- d-----w- c:\programdata\RogueKiller
2015-10-03 21:10 . 2015-10-04 12:12 -------- d-----w- C:\AdwCleaner
2015-10-03 17:42 . 2015-10-03 21:28 -------- d-----w- c:\users\Packard Bell\AppData\Local\Opera Software
2015-10-03 17:42 . 2015-10-03 21:28 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Opera Software
2015-10-03 17:38 . 2015-10-03 17:38 -------- d-----w- c:\users\Packard Bell\AppData\Local\{F538F1AF-0DD1-45B8-90EA-0B9E6DDF35A6}
2015-10-03 17:32 . 2015-10-05 16:45 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-03 17:31 . 2015-06-18 06:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-03 17:31 . 2015-06-18 06:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-03 17:31 . 2015-06-18 06:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-03 17:30 . 2015-10-03 17:31 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-10-03 17:30 . 2015-10-03 17:30 -------- d-----w- c:\programdata\Malwarebytes
2015-10-03 17:29 . 2015-10-03 21:13 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\Common
2015-10-03 17:24 . 2015-10-03 18:04 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\RunDir
2015-09-28 10:55 . 2015-09-28 10:55 -------- d-----w- c:\users\Packard Bell\AppData\Roaming\TSv
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-19 07:49 644608 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-19 5512912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-09-16 20:32 6495144 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2014-10-13 32064]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-10-13 89856]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2015-05-27 13528]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys [2015-05-27 26328]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2014-10-13 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2014-10-13 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2014-10-13 153672]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2014-10-13 130248]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2014-10-13 136904]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2014-10-13 17864]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2014-10-13 153672]
R3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\DRIVERS\ssceserd.sys [2014-10-13 130376]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-19 788272]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-04-19 427736]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-19 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-19 73440]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-19 106912]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-10-13 743688]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-04-19 220240]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-04-19 3205216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Examen supplémentaire -------
.
uStart Page = www.google.com
uDefault_Search_URL = www.google.com
mStart Page = www.google.com
mSearch Bar = https://fr.yahoo.com/?fr=hp-avast&type=avastbcl
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-Sony PC Companion - c:\program files\Sony\Sony PC Companion\PCCompanion.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2015-10-05 18:51:26 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-10-05 16:51
.
Avant-CF: 60 335 386 624 octets libres
Après-CF: 60 258 041 856 octets libres
.
- - End Of File - - FAE685E450F783DF6BD132728C26D09E
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité