Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-10-23.01 - mumu 25/10/2015 9:33.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.2814.1403 [GMT 1:00]
Lancé depuis: c:\users\mumu\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Une copie infectée de c:\windows\system32\drivers\ntfs.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!ntfs.sys
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-09-25 au 2015-10-25 ))))))))))))))))))))))))))))))))))))
.
.
2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2015-10-25 08:44 . 2015-10-25 08:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-20 17:11 . 2015-10-24 18:37 -------- d-----w- c:\program files\ZHPFix
2015-10-19 16:29 . 2015-10-24 18:43 -------- d-----w- c:\users\mumu\AppData\Roaming\ZHP
2015-10-15 07:05 . 2015-09-18 17:47 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 07:05 . 2015-09-18 17:44 587776 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 07:05 . 2015-09-18 17:44 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 07:05 . 2015-09-18 17:44 423936 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 07:05 . 2015-09-18 17:44 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 07:05 . 2015-09-18 17:44 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 07:05 . 2015-09-18 17:35 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-10-14 06:52 . 2015-09-01 17:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-14 06:52 . 2015-09-01 17:52 104448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-14 06:52 . 2015-09-01 17:52 348672 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 06:52 . 2015-09-01 17:52 181760 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-14 06:52 . 2015-09-01 17:50 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-14 06:52 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-10-14 06:50 . 2015-09-18 18:58 818264 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-10-02 14:40 . 2015-10-02 14:40 17314496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-09-29 11:20 . 2015-09-29 11:20 -------- d-----w- c:\users\mumu\AppData\Local\Topaz Labs
2015-09-29 11:19 . 2015-09-29 11:20 -------- d-----w- c:\program files\Topaz Labs
2015-09-29 11:19 . 2015-09-29 11:19 -------- d-----w- c:\program files\Common Files\Topaz Labs
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-17 20:16 . 2012-03-31 16:44 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-17 20:16 . 2012-03-31 16:44 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-02 02:48 . 2015-09-09 07:12 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48 . 2015-09-09 07:12 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48 . 2015-09-09 07:12 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48 . 2015-09-09 07:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:36 . 2015-09-09 07:12 2384896 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:33 . 2015-09-09 07:12 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-09-01 13:09 . 2015-05-19 08:53 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-09-01 13:09 . 2015-05-19 08:53 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-08-27 17:58 . 2015-09-09 07:12 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58 . 2015-09-09 07:12 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51 . 2015-09-09 07:12 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 07:12 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-05 17:41 . 2015-09-09 07:12 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:40 . 2015-09-09 07:12 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40 . 2015-09-09 07:12 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 07:12 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-07-30 17:57 . 2015-08-12 06:54 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-12 06:54 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-12 06:54 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 06:54 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-07-25 1126480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-05-09 12021464]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-09-01 782008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"Silverlight for Internet Explorer"="c:\program files\Silverlight\ie\bin\Silverlight.exe" [2015-08-01 414208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Assistant de configuration NETGEAR WNA3100.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2012-3-31 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacrokeyManager]
2010-12-24 15:31 7134952 ----a-w- c:\windows\System32\WTMKM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 09:20 30877280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 AntiVirMailService;Avira Protection e-mail;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2015-09-01 887128]
R2 AntiVirWebService;Avira Protection Web;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2015-09-01 1213072]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2014-04-09 26032]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-06 699896]
R3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-01 1343400]
R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2011-11-02 167520]
R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2011-11-02 142432]
R4 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-11 122000]
R4 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-06-25 63488]
R4 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
R4 WTService;WTService;c:\windows\system32\atwtusb.exe [2011-01-26 870120]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-05-20 37896]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-22 242240]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2015-09-01 461672]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-05-19 37896]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 17536800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 19232]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-06-17 718552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
Contenu du dossier 'Tâches planifiées'
.
2015-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:16]
.
2015-10-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-34896904-1898965610-2012109929-1000Core.job
- c:\users\mumu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-30 18:53]
.
2015-10-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-34896904-1898965610-2012109929-1000UA.job
- c:\users\mumu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-30 18:53]
.
.
------- Examen supplémentaire -------
.
uStart Page = https://www.google.fr/?gws_rd=ssl
mStart Page = www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(5268)
c:\program files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\GWX\GWX.exe
c:\program files\DAEMON Tools Pro\DTShellHlp.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2015-10-25 09:53:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-10-25 08:53
.
Avant-CF: 249 766 121 472 octets libres
Après-CF: 249 683 759 104 octets libres
.
- - End Of File - - D331978CE8759CE668B28EE627DAA3FD
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.2814.1403 [GMT 1:00]
Lancé depuis: c:\users\mumu\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Une copie infectée de c:\windows\system32\drivers\ntfs.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!ntfs.sys
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-09-25 au 2015-10-25 ))))))))))))))))))))))))))))))))))))
.
.
2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2015-10-25 08:44 . 2015-10-25 08:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-20 17:11 . 2015-10-24 18:37 -------- d-----w- c:\program files\ZHPFix
2015-10-19 16:29 . 2015-10-24 18:43 -------- d-----w- c:\users\mumu\AppData\Roaming\ZHP
2015-10-15 07:05 . 2015-09-18 17:47 23384 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-15 07:05 . 2015-09-18 17:44 587776 ----a-w- c:\windows\system32\invagent.dll
2015-10-15 07:05 . 2015-09-18 17:44 615936 ----a-w- c:\windows\system32\generaltel.dll
2015-10-15 07:05 . 2015-09-18 17:44 423936 ----a-w- c:\windows\system32\devinv.dll
2015-10-15 07:05 . 2015-09-18 17:44 1120768 ----a-w- c:\windows\system32\appraiser.dll
2015-10-15 07:05 . 2015-09-18 17:44 62976 ----a-w- c:\windows\system32\acmigration.dll
2015-10-15 07:05 . 2015-09-18 17:35 999936 ----a-w- c:\windows\system32\aeinv.dll
2015-10-14 06:52 . 2015-09-01 17:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-14 06:52 . 2015-09-01 17:52 104448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-14 06:52 . 2015-09-01 17:52 348672 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 06:52 . 2015-09-01 17:52 181760 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-14 06:52 . 2015-09-01 17:50 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-14 06:52 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-10-14 06:50 . 2015-09-18 18:58 818264 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-10-02 14:40 . 2015-10-02 14:40 17314496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-09-29 11:20 . 2015-09-29 11:20 -------- d-----w- c:\users\mumu\AppData\Local\Topaz Labs
2015-09-29 11:19 . 2015-09-29 11:20 -------- d-----w- c:\program files\Topaz Labs
2015-09-29 11:19 . 2015-09-29 11:19 -------- d-----w- c:\program files\Common Files\Topaz Labs
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-17 20:16 . 2012-03-31 16:44 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-17 20:16 . 2012-03-31 16:44 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-02 02:48 . 2015-09-09 07:12 26624 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 02:48 . 2015-09-09 07:12 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 02:48 . 2015-09-09 07:12 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 02:48 . 2015-09-09 07:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 01:36 . 2015-09-09 07:12 2384896 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:33 . 2015-09-09 07:12 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-09-01 13:09 . 2015-05-19 08:53 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-09-01 13:09 . 2015-05-19 08:53 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-08-27 17:58 . 2015-09-09 07:12 1391104 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 17:58 . 2015-09-09 07:12 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 17:51 . 2015-09-09 07:12 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 07:12 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-05 17:41 . 2015-09-09 07:12 751104 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:40 . 2015-09-09 07:12 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2015-08-05 17:40 . 2015-09-09 07:12 216064 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-09 07:12 19968 ----a-w- c:\windows\system32\jnwmon.dll
2015-07-30 17:57 . 2015-08-12 06:54 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57 . 2015-08-12 06:54 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57 . 2015-08-12 06:54 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 13:13 . 2015-08-12 06:54 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-07-25 1126480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-05-09 12021464]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-09-01 782008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"Silverlight for Internet Explorer"="c:\program files\Silverlight\ie\bin\Silverlight.exe" [2015-08-01 414208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Assistant de configuration NETGEAR WNA3100.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2012-3-31 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacrokeyManager]
2010-12-24 15:31 7134952 ----a-w- c:\windows\System32\WTMKM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 09:20 30877280 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 AntiVirMailService;Avira Protection e-mail;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2015-09-01 887128]
R2 AntiVirWebService;Avira Protection Web;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2015-09-01 1213072]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2014-04-09 26032]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-06 699896]
R3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-01 1343400]
R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2011-11-02 167520]
R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2011-11-02 142432]
R4 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-11 122000]
R4 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-06-25 63488]
R4 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
R4 WTService;WTService;c:\windows\system32\atwtusb.exe [2011-01-26 870120]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-05-20 37896]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-22 242240]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2015-09-01 461672]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-05-19 37896]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-10-12 1433216]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-10-12 1773696]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 17536800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 19232]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2014-06-17 718552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
Contenu du dossier 'Tâches planifiées'
.
2015-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:16]
.
2015-10-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-34896904-1898965610-2012109929-1000Core.job
- c:\users\mumu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-30 18:53]
.
2015-10-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-34896904-1898965610-2012109929-1000UA.job
- c:\users\mumu\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-30 18:53]
.
.
------- Examen supplémentaire -------
.
uStart Page = https://www.google.fr/?gws_rd=ssl
mStart Page = www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(5268)
c:\program files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\GWX\GWX.exe
c:\program files\DAEMON Tools Pro\DTShellHlp.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2015-10-25 09:53:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-10-25 08:53
.
Avant-CF: 249 766 121 472 octets libres
Après-CF: 249 683 759 104 octets libres
.
- - End Of File - - D331978CE8759CE668B28EE627DAA3FD
A36C5E4F47E84449FF07ED3517B43A31