cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 16-06-01.01 - AWA 10/06/2016 22:40:22.1.4 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.2457.568 [GMT 1:00]
Lancé depuis: c:\users\AWA\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\logs
c:\windows\system32\logs\ngtool.log
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-05-10 au 2016-06-10 ))))))))))))))))))))))))))))))))))))
.
.
2016-06-10 21:08 . 2016-06-10 21:08 -------- d-----w- c:\users\AWA\AppData\Roaming\Curiolab
2016-06-10 21:08 . 2016-06-10 21:13 -------- d-----w- c:\program files\Exterminate It!
2016-06-10 21:05 . 2016-06-10 21:05 -------- d-----w- c:\program files\Enigma Software Group
2016-06-10 20:23 . 2016-06-10 20:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.5832.dll
2016-06-10 14:49 . 2016-06-10 22:08 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-10 14:49 . 2016-06-10 14:49 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.4464.dll
2016-06-10 14:48 . 2016-06-10 15:00 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-06-10 14:48 . 2016-06-10 14:48 -------- d-----w- c:\programdata\Malwarebytes
2016-06-10 14:48 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-06-10 14:48 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-06-10 14:48 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-06-10 13:53 . 2016-06-10 13:53 -------- d-----w- c:\program files\Google
2016-06-09 11:30 . 2016-06-09 11:30 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.6048.dll
2016-06-02 19:34 . 2016-06-02 19:34 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.5292.dll
2016-06-02 15:54 . 2016-06-02 15:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.680.dll
2016-06-01 18:27 . 2016-06-01 18:27 -------- d-----w- c:\users\AWA\Nox_share
2016-06-01 18:27 . 2016-06-10 16:02 -------- d-----w- c:\users\AWA\.BigNox
2016-06-01 18:21 . 2015-09-08 08:16 104096 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2016-06-01 18:21 . 2016-06-01 18:21 -------- d-----w- c:\program files\Bignox
2016-06-01 18:21 . 2016-06-01 18:21 -------- d-----w- c:\users\AWA\AppData\Roaming\Nox
2016-06-01 18:20 . 2016-06-10 16:04 -------- d-----w- c:\users\AWA\AppData\Local\Nox
2016-06-01 18:06 . 2016-06-01 18:06 -------- d-----w- c:\users\AWA\AppData\Roaming\Corel
2016-06-01 18:06 . 2016-06-01 18:15 -------- d-----w- c:\users\AWA\AppData\Roaming\Ulead Systems
2016-06-01 18:02 . 2016-06-06 17:00 -------- d-----w- c:\programdata\Corel
2016-06-01 17:59 . 2016-06-01 17:59 -------- d-----w- c:\program files\Corel
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-10 22:08 . 2016-03-31 21:06 39928 ----a-w- c:\windows\system32\drivers\TS888.sys
2016-06-01 17:50 . 2016-02-02 23:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.5256.dll
2016-04-06 13:10 . 2016-04-06 13:10 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.2760.dll
2016-03-31 21:54 . 2016-03-31 21:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.5852.dll
2016-03-29 12:07 . 2015-05-08 17:45 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-03-29 12:07 . 2015-05-08 17:45 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-03-29 11:12 . 2016-03-29 11:12 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.4640.dll
2016-03-16 16:15 . 2016-03-16 16:15 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.3028.dll
2016-03-15 11:47 . 2016-03-15 11:47 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{192935C3-2BA5-49A8-A507-01C64870740F}\offreg.5064.dll
2016-03-15 10:55 . 2016-03-15 10:57 67896 ----a-w- c:\windows\system32\TSSK.sys
2016-03-15 10:55 . 2016-03-15 10:58 14008 ----a-w- c:\windows\system32\drivers\TSDefenseBt.sys
2016-03-15 10:55 . 2016-03-15 10:56 150072 ----a-w- c:\windows\system32\drivers\TFsFlt.sys
2016-03-15 10:55 . 2016-03-15 10:58 138552 ----a-w- c:\windows\system32\drivers\TAOKernel.sys
2016-03-15 10:55 . 2016-03-15 10:58 114616 ----a-w- c:\windows\system32\drivers\TAOAccelerator.sys
2016-03-15 10:39 . 2016-03-15 10:39 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\.QMDeskTopGCIcon]
@="{B7667919-3765-4815-A66D-98A09BE662D6}"
[HKEY_CLASSES_ROOT\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
2016-03-15 10:55 469344 ----a-w- c:\program files\Tencent\QQPCMgr\11.1.16908.217\QMGCShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-02-03 12:24 770088 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 9"="c:\program files\IObit\Advanced SystemCare\ASCTray.exe" [2016-01-11 2019616]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-11-10 3825232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-04-06 7137664]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]
"QQPCTray"="c:\program files\Tencent\QQPCMgr\11.1.16908.217\QQPCTray.exe" [2016-03-15 355296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]
@="service"
.
[HKLM\~\startupfolder\C:^Users^AWA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2015-05-09 17:03 107848 ----atw- c:\users\AWA\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2013-11-10 23:59 3825232 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2014-11-19 10:47 1092448 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2015-08-11 16:31 155648 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-09-01 12:55 90112 ----a-w- c:\program files\MAGIX\Video_deluxe_MX_Premium_Version_a_telecharger\Trayserver_FR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-03-06 22:52 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\AWA\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2016-01-14 2945312]
R2 QQRepairFixSVC;QQRepairFixSVC;c:\program files\Tencent\QQPCMGR\QQRepairFixSVC [2016-06-10 147176]
R3 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-17 87968]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2014-11-21 212992]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2013-02-06 35968]
R3 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2013-02-06 171136]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2013-02-06 299648]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2013-02-06 98432]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2013-02-06 148096]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2013-02-06 60544]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2013-02-06 264704]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2013-02-06 470656]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files\Dell Digital Delivery\DeliveryService.exe [2012-04-09 166912]
R3 DellUpdate;Dell Update Service;c:\program files\Dell Update\DellUpService.exe [2015-08-27 237272]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-05-02 83864]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [2015-06-08 509424]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-06-20 17672]
R3 MyWiFiRouterDHCP;MyWiFiRouterDHCP;c:\program files\Wi-Fi\WiFiGxSvc.exe [2014-11-18 47464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2014-09-04 252632]
R3 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-10-13 743688]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-05-02 181912]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2013-05-02 181912]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 TAOFrame;TAOFrame;c:\program files\Tencent\QQPCMgr\11.1.16908.217\TAOFrame.exe [2016-03-15 297952]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TSSK;TSSK;c:\windows\system32\tssk.sys [2016-03-15 67896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys [2009-07-13 15872]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 ZDServ;ZDServ;c:\programdata\ZDSupport\ZDServ\ZDServ.exe [2013-11-06 427264]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [2014-10-27 40136]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-07-09 531264]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-07-09 24896]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 16880]
S0 ngvss;ngvss; [x]
S0 TsFltMgr;tencent TsFltMgr;c:\windows\system32\drivers\TsFltMgr.sys [2016-01-14 128280]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-02-03 35096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-05-09 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-02-23 447848]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-03-15 23840]
S1 QMIEProtect;QMIEProtect;c:\program files\Tencent\QQPCMgr\11.1.16908.217\QMIEProtect.sys [2016-01-12 50488]
S1 QMUdisk;tencent QMUdisk;c:\program files\Tencent\QQPCMgr\11.1.16908.217\QMUdisk.sys [2016-02-27 104152]
S1 softaal;softaal;c:\program files\Tencent\QQPCMgr\11.1.16908.217\softaal.sys [2016-03-15 36280]
S1 SRepairDrv;SRepairDrv;c:\program files\Tencent\QQPCMGR\SRepairDrv [2016-06-10 176376]
S1 TAOKernelDriver;Tencent TAO kernel driver.;c:\windows\system32\Drivers\TAOKernel.sys [2016-03-15 138552]
S1 TSDefenseBt;TSDefenseBt;c:\windows\system32\DRIVERS\TSDefenseBt.sys [2016-03-15 14008]
S1 TSKSP;TSKSP;c:\program files\Tencent\QQPCMgr\11.1.16908.217\TSKsp.sys [2016-03-15 210072]
S1 TSSysKit;TSSysKit;c:\program files\Tencent\QQPCMgr\11.1.16908.217\TSSysKit.sys [2016-03-15 101560]
S1 txwifinat;TX WiFi NAT Driver;c:\windows\system32\DRIVERS\txwifinat.sys [2014-12-01 31152]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2015-09-08 104096]
S1 XQHDrv;BigNox Service;c:\windows\system32\DRIVERS\XQHDrv.sys [2015-09-08 203424]
S2 AdvancedSystemCareService9;Advanced SystemCare Service 9;c:\program files\IObit\Advanced SystemCare\ASCService.exe [2016-01-05 446240]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-02-03 32792]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-02-03 91168]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-02-03 127432]
S2 IAStorDataMgrSvc;Technologie de stockage Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-07-09 7168]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-11-07 108000]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe [2014-10-30 280680]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-17 165760]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2016-03-10 126336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
S2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [2015-03-31 60608]
S2 QQPCRTP;QQPCMgr RTP Service;c:\program files\Tencent\QQPCMgr\11.1.16908.217\QQPCRTP.exe [2016-03-15 301728]
S2 QQSysMon;QQSysMon;c:\program files\Tencent\QQPCMgr\11.1.16908.217\QQSysMon.sys [2016-03-15 108984]
S2 TAOAccelerator;Tencent TAOAccelerator driver.;c:\windows\system32\Drivers\TAOAccelerator.sys [2016-03-15 114616]
S2 tsnethlp;TsNetHlp.sys;c:\program files\Tencent\QQPCMgr\11.1.16908.217\TsNetHlp.sys [2016-03-31 43832]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 364416]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2016-02-03 252152]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2016-02-03 4403136]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2013-02-06 25728]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys [2014-09-26 368912]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2013-02-22 352752]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2013-12-10 801776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2016-06-10 119512]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2014-08-26 247512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-08-09 552080]
S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys [2014-09-11 1606872]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-11-22 25328]
S3 TFsFlt;TFsFlt;c:\windows\system32\Drivers\TFsFlt.sys [2016-03-15 150072]
S3 TS888;TS888;c:\program files\Tencent\QQPCMgr\11.1.16908.217\TS888.sys [2016-06-10 39928]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2016-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-08 12:07]
.
2016-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034668450-742595012-2351708714-1000Core.job
- c:\users\AWA\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-09 17:03]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://top81.com.cn
mStart Page = hxxp://top81.com.cn
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.2
FF - ProfilePath - c:\users\AWA\AppData\Roaming\Mozilla\Firefox\Profiles\hcrlyvga.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mysites123.com/?type=hp&ts=1458038770&z=89cf489a8923d5f6ff63492g0zbwdb1edc0bam7mbe&from=amt&uid=wdcxwd10jpvx-75jc3t0_wxb1a53s8834a53s8834
FF - ExtSQL: !HIDDEN! 2016-03-15 11:46; deskCutv2@gmail.com; c:\users\AWA\AppData\Roaming\Mozilla\Firefox\Profiles\hcrlyvga.default\extensions\deskCutv2@gmail.com
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" QQPCTray"="\"c:\\Program Files\\Tencent\\QQPCMgr\\11.1.16908.217\\QQPCTray.exe\" /regrun"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QQRepaire2e]
"ImagePath"="\"c:\program files\Tencent\QQPCMGR\QQRepaire2e\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QQRepairFixSVC]
"ImagePath"="c:\program files\Tencent\QQPCMGR\QQRepairFixSVC"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SRepairDrv]
"ImagePath"="\??\c:\program files\Tencent\QQPCMGR\SRepairDrv"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2034668450-742595012-2351708714-1000_Classes\CLSID\{0390b153-ce0a-4e90-8527-01aa2e0d708d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000107
"Therad"=dword:0000001a
"SpecVersion"=dword:0000002a
.
[HKEY_USERS\S-1-5-21-2034668450-742595012-2351708714-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):64,34,43,fc,59,50,2d,02,37,2f,62,a3,f3,f7,ad,d6,a1,74,41,85,64,
fb,9f,eb,ca,fa,7d,c5,ea,44,ac,04,c7,20,34,66,2e,a7,a6,bf,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(4400)
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Tencent\QQPCMgr\11.1.16908.217\QMGCShellExt.dll
c:\progra~1\TeraCopy\TERACO~2.DLL
c:\windows\system32\ieframe.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\igfxEM.exe
c:\windows\system32\igfxHK.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\igfxTray.exe
c:\program files\IObit\Advanced SystemCare\Monitor.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Heure de fin: 2016-06-10 23:15:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-06-10 22:15
.
Avant-CF: 82 679 824 384 octets libres
Après-CF: 82 773 008 384 octets libres
.
- - End Of File - - 783C26F29740A7F5CDE0D9E862F6D54B
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité