cjoint

Publicité


Publicité

Commentaire : ComboFix 15-12-16.01 - bibliothèque 17/12/2015 18:17:55.1.2 - x86 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.2038.1239 [GMT 0:00] Lancé depuis: c:\users\bibliothÞque\Downloads\Programs\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\FreeVideoCutter.exe c:\program files\FreeVideoCutter.exe\avcodec-54.dll c:\program files\FreeVideoCutter.exe\avdevice-54.dll c:\program files\FreeVideoCutter.exe\avfilter-2.dll c:\program files\FreeVideoCutter.exe\avformat-54.dll c:\program files\FreeVideoCutter.exe\avresample-0.dll c:\program files\FreeVideoCutter.exe\avutil-51.dll c:\program files\FreeVideoCutter.exe\ffmpeg.exe c:\program files\FreeVideoCutter.exe\FreeVideoCutter.exe c:\program files\FreeVideoCutter.exe\postproc-52.dll c:\program files\FreeVideoCutter.exe\swresample-0.dll c:\program files\FreeVideoCutter.exe\swscale-2.dll c:\program files\FreeVideoCutter.exe\unins000.dat c:\program files\FreeVideoCutter.exe\unins000.exe c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer(36).exe c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\12\Plugin.exe c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\12\resources\plugin.dll c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\2\Plugin.exe c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\Plugin.exe c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5\Plugin.exe c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\6\Plugin.exe c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7\Plugin.exe c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7\resources\38.0.5.dll c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7\resources\39.0.0.dll c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\7\resources\40.0.0.dll c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8\Plugin.exe c:\programdata\77790361-426c-4fa2-8cf3-5994543d685d\temp c:\users\bibliothèque\Desktop\Logo.Maker.2.0\Logo Maker 2.0\Extra\Desktop_.ini . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Service Mgr ExpressFind -------\Service_Service Mgr ExpressFind . . ((((((((((((((((((((((((((((( Fichiers créés du 2015-11-17 au 2015-12-17 )))))))))))))))))))))))))))))))))))) . . 2015-12-17 17:18 . 2015-12-17 18:10 -------- d-----w- C:\[Smad-Cage] 2015-12-17 17:18 . 2015-12-17 17:18 -------- d-----w- c:\users\bibliothèque\AppData\Roaming\Smadav 2015-12-17 17:18 . 2015-12-17 18:04 -------- d-----w- c:\program files\SMADAV 2015-12-17 17:15 . 2015-12-17 17:15 -------- d-----w- c:\program files\Virus Effect Remover 2015-12-16 15:28 . 2015-12-16 15:28 -------- d-----w- c:\users\bibliothèque\AppData\Roaming\Enigma Software Group 2015-12-16 15:27 . 2015-12-16 15:27 -------- d-----w- c:\users\bibliothèque\Start Menu 2015-12-16 15:27 . 2015-12-16 15:27 -------- d-----w- C:\sh4ldr 2015-12-16 15:26 . 2015-12-16 15:26 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys 2015-12-16 15:25 . 2015-12-16 15:25 -------- d-----w- c:\program files\Enigma Software Group 2015-12-15 16:46 . 2015-12-15 16:46 10592424 ----a-w- c:\program files\Mozilla Firefox\icudt55.dll 2015-12-15 16:46 . 2015-12-15 16:46 901288 ----a-w- c:\program files\Mozilla Firefox\icuuc55.dll 2015-12-15 16:46 . 2015-12-15 16:46 59560 ----a-w- c:\program files\Mozilla Firefox\lgpllibs.dll 2015-12-15 16:46 . 2015-12-15 16:46 1287848 ----a-w- c:\program files\Mozilla Firefox\icuin55.dll 2015-12-04 19:08 . 2015-12-04 19:08 -------- d-----w- c:\program files\Common Files\AV . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2015-12-08 19:34 . 2015-01-20 20:02 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-12-08 19:34 . 2015-01-20 20:02 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-12-08 19:34 . 2015-07-15 14:35 9498816 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2015-12-02 19:08 . 2015-01-20 20:09 435464 ----a-w- c:\windows\system32\drivers\aswsp.sys 2015-12-02 19:08 . 2015-01-20 20:09 794952 ----a-w- c:\windows\system32\drivers\aswsnx.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-07-23 15:38 692512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-05-30 13:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Web Companion"="c:\program files\Lavasoft\Web Companion\Application\WebCompanion.exe" [2015-06-08 1381648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-02 6108752] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2011-09-12 18:17 3392920 ----a-w- c:\program files\Internet Download Manager\IDMan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2015-03-25 14:20 31682144 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Companion] 2015-06-08 14:11 1381648 ----a-w- c:\program files\Lavasoft\Web Companion\Application\WebCompanion.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\users\bibliothèque\AppData\Local\Google\Update\GoogleUpdate.exe" /c . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-07-23 113592] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [2015-12-16 784256] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2015-12-16 19984] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-12-02 794952] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-12-02 435464] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-07-23 24016] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-07-23 76000] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-06-09 113680] S2 LavasoftTcpService;LavasoftTcpService;c:\program files\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2015-06-08 2751792] S2 SearchProtectionService;IE Search Set;c:\program files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2015-03-12 17768] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [2014-07-16 1781048] S2 Update Mgr ExpressFind;Update Mgr ExpressFind;c:\program files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\Updater.exe [2015-12-16 642832] S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [2014-06-23 12320] . . Contenu du dossier 'Tâches planifiées' . 2015-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-20 19:34] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://start.myplaycity.com/ mStart Page = hxxp://start.myplaycity.com/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm LSP: c:\windows\system32\LavasoftTcpService.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\bibliothèque\AppData\Roaming\Mozilla\Firefox\Profiles\ahgzkzlx.default-1427261074332\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRdQEKUAxCGBgTJg4PTA1EFlQOeAhbBBRDF1FGeQhZAg0URAUFIk0FA18DB0VXfWFoKB8fHHBbMEtdEko3SFtH FF - prefs.js: keyword.URL - hxxp://www.mystart.com/results.php?pr=vmn&id=mystarttb&v=5_5&ent=bs____campaignID___&q= user_pref(xpinstall.signatures.required,false); . - - - - ORPHELINS SUPPRIMES - - - - . AddRemove-{94895EA7-873E-4FCB-9C7B-DD3F7019D618}_is1 - c:\program files\FreeVideoCutter.exe\unins000.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-2053750956-4045658761-3888934064-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):f2,de,cc,99,00,4f,f1,2f,4a,9d,1d,03,76,e1,6e,f0,d9,c4,4e,d4,e2, 80,56,ac,71,43,d9,df,09,cc,fc,c2,c6,e3,32,2e,5a,e6,ac,90,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2053750956-4045658761-3888934064-1000_Classes\CLSID\{def5eddf-1e25-48ef-8853-edb05ea88403}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000005a "Therad"=dword:00000023 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\system32\taskhost.exe c:\program files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Heure de fin: 2015-12-17 18:30:27 - La machine a redémarré ComboFix-quarantined-files.txt 2015-12-17 18:30 . Avant-CF: 80 427 991 040 octets libres Après-CF: 80 075 902 976 octets libres . - - End Of File - - BB45E361D3D7B441C8F6BA4EF02D78E4 A36C5E4F47E84449FF07ED3517B43A31

Format du document : text/plain


Publicité


Signaler le contenu de ce document

Publicité