cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 16-03-19.01 - nounours 28/03/2016 9:07.2.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3999.251 [GMT 2:00]
Lancé depuis: c:\users\nounours\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\nounours\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\nounours\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-02-28 au 2016-03-28 ))))))))))))))))))))))))))))))))))))
.
.
2016-03-28 07:24 . 2016-03-28 07:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-28 07:19 . 2016-03-28 07:19 0 ---ha-w- c:\users\nounours\BITD66B.tmp
2016-03-28 07:16 . 2016-03-28 07:16 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF1A684E-07EF-426D-BC18-786BCAF9636D}\offreg.2176.dll
2016-03-27 20:06 . 2016-03-28 05:50 -------- d-----w- c:\users\nounours\AppData\Local\Spotify
2016-03-27 20:06 . 2016-03-27 20:06 -------- d-----w- c:\users\nounours\AppData\Local\CEF
2016-03-27 20:03 . 2016-03-28 05:51 -------- d-----w- c:\users\nounours\AppData\Roaming\Spotify
2016-03-27 20:03 . 2016-03-27 20:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF1A684E-07EF-426D-BC18-786BCAF9636D}\offreg.1272.dll
2016-03-27 18:39 . 2016-03-10 10:51 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF1A684E-07EF-426D-BC18-786BCAF9636D}\mpengine.dll
2016-03-27 17:49 . 2016-03-27 17:49 -------- d-----w- c:\users\nounours\AppData\Local\ElevatedDiagnostics
2016-03-27 09:41 . 2016-03-27 13:07 -------- d-----w- C:\FRST
2016-03-27 09:21 . 2016-03-27 09:21 -------- d-----w- c:\users\nounours\AppData\Local\Avira
2016-03-27 08:31 . 2016-03-27 08:32 -------- d-----w- c:\program files (x86)\ZHPFix
2016-03-27 00:47 . 2016-03-27 00:47 -------- d-----w- c:\users\nounours\AppData\Roaming\Avira
2016-03-27 00:42 . 2016-02-22 16:23 69888 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2016-03-27 00:42 . 2016-02-22 16:23 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2016-03-27 00:42 . 2016-02-22 16:23 133168 ----a-w- c:\windows\system32\drivers\avipbb.sys
2016-03-27 00:42 . 2016-02-22 16:23 154816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2016-03-27 00:30 . 2016-03-27 18:11 -------- d-----w- c:\users\Public\Speedup Sessions
2016-03-27 00:27 . 2016-03-27 00:47 -------- d-----w- c:\program files (x86)\Avira
2016-03-27 00:27 . 2016-03-27 00:42 -------- d-----w- c:\programdata\Avira
2016-03-26 19:10 . 2016-03-26 19:47 -------- d-----w- c:\programdata\Easybits Magic Desktop for HP
2016-03-26 15:48 . 2016-03-27 08:51 -------- d-----w- c:\users\nounours\AppData\Roaming\ZHP
2016-03-26 15:14 . 2016-03-26 15:15 -------- d-----w- c:\program files (x86)\GUMA65C.tmp
2016-03-26 15:14 . 2016-03-26 15:14 6871040 ----a-w- c:\program files (x86)\GUTA821.tmp
2016-03-26 10:09 . 2016-03-26 10:09 -------- d-----w- c:\windows\SysWow64\%Data%
2016-03-26 09:34 . 2016-03-26 20:25 -------- d-----w- C:\AdwCleaner
2016-03-25 16:40 . 2016-03-25 16:40 -------- d-s---w- c:\windows\SysWow64\Microsoft
2016-03-25 16:33 . 2016-03-25 16:33 181064 ----a-w- c:\windows\PSEXESVC.EXE
2016-03-25 13:52 . 2016-03-27 00:24 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-25 13:50 . 2016-03-10 13:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-25 13:50 . 2016-03-10 13:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-25 13:50 . 2016-03-10 13:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-25 13:50 . 2016-03-25 13:51 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-03-25 13:50 . 2016-03-25 13:50 -------- d-----w- c:\programdata\Malwarebytes
2016-03-25 12:15 . 2016-03-25 12:16 -------- d-----w- c:\program files\CCleaner
2016-03-25 11:03 . 2016-03-25 11:03 -------- d-sh--w- c:\users\nounours\AppData\Local\EmieUserList
2016-03-25 11:03 . 2016-03-25 11:03 -------- d-sh--w- c:\users\nounours\AppData\Local\EmieSiteList
2016-03-25 11:03 . 2016-03-25 11:03 -------- d-sh--w- c:\users\nounours\AppData\Local\EmieBrowserModeList
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-26 11:56 . 2012-10-11 13:56 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-26 11:56 . 2011-12-04 10:11 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-03 11:20 . 2015-03-03 11:20 79 ----a-w- c:\program files (x86)\prefs.js
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-03-11 8686296]
"Spotify Web Helper"="c:\users\nounours\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2016-03-27 1524336]
"Spotify"="c:\users\nounours\AppData\Roaming\Spotify\Spotify.exe" [2016-03-27 6805616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-23 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-20 60712]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2016-03-26 1444880]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-03-04 66328]
"Avira System Speedup User Starter"="c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" [2016-03-23 14952]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2016-02-22 807392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AntiVirMailService;Avira Protection e-mail;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Protection Web;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 SpeedupService;Avira System Speedup;c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe;c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-26 06:55 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.108\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 11:56]
.
2016-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce05f3ab706ae7.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 21:11]
.
2016-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 21:11]
.
2016-03-28 c:\windows\Tasks\HPCeeScheduleFornounours.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
TCP: DhcpNameServer = 192.168.1.254
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2932048975-2122173119-2500850375-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j&A*s*i*a*6*6*6*k&a*v*i*\OpenWithList]
@Class="Shell"
"a"="firefox.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Avira\Antivirus\avguard.exe
c:\program files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Heure de fin: 2016-03-28 09:38:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-03-28 07:38
ComboFix2.txt 2016-03-27 16:39
.
Avant-CF: 237 607 120 896 octets libres
Après-CF: 237 546 414 080 octets libres
.
- - End Of File - - FE1BD5FDDD4B885F6A28FC72D7890A5E
8570EA836906A43B9B12D94A6BF1B6FE

Publicité


Signaler le contenu de ce document

Publicité