Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-06-01.01 - a 13/06/2016 21:24:21.3.1 - x86
Microsoft Windows 7 Édition Starter 6.1.7601.1.1252.33.1036.18.2048.1321 [GMT 2:00]
Lancé depuis: c:\users\a\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-05-13 au 2016-06-13 ))))))))))))))))))))))))))))))))))))
.
.
2016-06-09 12:15 . 2016-06-09 12:20 -------- d-----w- c:\program files\ZHPFix
2016-06-09 10:07 . 2016-06-09 10:07 -------- d-----w- C:\MGADiagToolOutput
2016-06-09 10:06 . 2016-06-09 10:06 -------- d-----w- c:\programdata\Office Genuine Advantage
2016-06-08 20:41 . 2016-06-09 12:48 -------- d-----w- c:\users\a\AppData\Roaming\ZHP
2016-06-08 10:33 . 2016-06-08 10:33 -------- d-----w- c:\programdata\Malwarebytes
2016-06-08 10:33 . 2016-06-08 10:33 -------- d-----w- c:\users\a\AppData\Local\Programs
2016-05-29 09:48 . 2016-05-16 02:37 108496 ----a-w- c:\windows\system32\BootDefrag.exe
2016-05-29 09:48 . 2015-08-05 06:35 16064 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2016-05-29 09:40 . 2016-05-29 09:40 -------- d-----w- c:\users\a\AppData\Local\Macromedia
2016-05-28 21:08 . 2016-05-28 21:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE476DCC-9292-4E51-870E-8E672301F16A}\offreg.3988.dll
2016-05-28 18:43 . 2016-05-28 18:43 -------- d-----w- c:\users\a\AppData\Local\Diagnostics
2016-05-26 09:04 . 2016-05-26 09:00 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-05-26 09:03 . 2016-05-26 09:01 334280 ----a-w- c:\windows\system32\aswBoot.exe
2016-05-26 09:01 . 2016-05-26 09:01 52184 ----a-w- c:\windows\avastSS.scr
2016-05-25 09:22 . 2016-05-16 02:37 29648 ----a-w- c:\windows\system32\RegBootDefrag.exe
2016-05-25 08:57 . 2016-05-25 08:57 -------- d-----w- c:\program files\Common Files\Skype
2016-05-25 08:30 . 2016-05-25 08:30 -------- d-----w- c:\programdata\GlarySoft
2016-05-25 08:24 . 2016-05-25 08:24 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2016-05-25 08:23 . 2016-05-25 08:23 -------- d-----w- c:\users\a\AppData\Roaming\GlarySoft
2016-05-25 08:21 . 2016-06-13 08:56 -------- d-----w- c:\program files\Glary Utilities 5
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-26 09:03 . 2015-02-28 13:38 124808 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-05-26 09:02 . 2015-02-28 13:38 449640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-05-26 09:02 . 2015-02-28 13:38 221368 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-05-26 09:02 . 2015-02-28 13:38 58776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-05-26 09:02 . 2015-02-28 13:38 91232 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-05-26 09:02 . 2015-02-28 13:38 91168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-05-26 09:02 . 2015-02-28 13:38 32792 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-05-26 09:00 . 2015-02-28 13:38 815792 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-05-14 21:26 . 2016-03-03 21:59 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-14 21:26 . 2016-03-03 21:59 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-05-04 22:11 . 2016-05-04 22:11 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE476DCC-9292-4E51-870E-8E672301F16A}\offreg.2800.dll
2015-09-13 09:20 . 2015-09-13 09:20 6420480 ----a-w- c:\program files\GUT3D00.tmp
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-05-26 09:01 785176 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2016-05-16 43984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-06-10 7405752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2006-01-25 03:46 26112 ----a-w- c:\windows\System32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 13:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-05-26 124808]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-03-23 327808]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-02-08 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys [2015-08-05 16064]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-05-26 35096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-05-26 815792]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-05-26 449640]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-05-25 17472]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-05-26 32792]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-05-26 91168]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
utcsvc REG_MULTI_SZ DiagTrack
.
Contenu du dossier 'Tâches planifiées'
.
2016-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-03 21:26]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\ez4icmye.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-CCleaner Monitoring - c:\program files\CCleaner\CCleaner.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2016-06-14 00:06:17
ComboFix-quarantined-files.txt 2016-06-13 22:06
.
Avant-CF: 14 269 820 928 octets libres
Après-CF: 14 155 157 504 octets libres
.
- - End Of File - - ACCC381B078DBE7DBE20C5978FE9F4E9
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Édition Starter 6.1.7601.1.1252.33.1036.18.2048.1321 [GMT 2:00]
Lancé depuis: c:\users\a\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DEBUG.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-05-13 au 2016-06-13 ))))))))))))))))))))))))))))))))))))
.
.
2016-06-09 12:15 . 2016-06-09 12:20 -------- d-----w- c:\program files\ZHPFix
2016-06-09 10:07 . 2016-06-09 10:07 -------- d-----w- C:\MGADiagToolOutput
2016-06-09 10:06 . 2016-06-09 10:06 -------- d-----w- c:\programdata\Office Genuine Advantage
2016-06-08 20:41 . 2016-06-09 12:48 -------- d-----w- c:\users\a\AppData\Roaming\ZHP
2016-06-08 10:33 . 2016-06-08 10:33 -------- d-----w- c:\programdata\Malwarebytes
2016-06-08 10:33 . 2016-06-08 10:33 -------- d-----w- c:\users\a\AppData\Local\Programs
2016-05-29 09:48 . 2016-05-16 02:37 108496 ----a-w- c:\windows\system32\BootDefrag.exe
2016-05-29 09:48 . 2015-08-05 06:35 16064 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2016-05-29 09:40 . 2016-05-29 09:40 -------- d-----w- c:\users\a\AppData\Local\Macromedia
2016-05-28 21:08 . 2016-05-28 21:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE476DCC-9292-4E51-870E-8E672301F16A}\offreg.3988.dll
2016-05-28 18:43 . 2016-05-28 18:43 -------- d-----w- c:\users\a\AppData\Local\Diagnostics
2016-05-26 09:04 . 2016-05-26 09:00 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-05-26 09:03 . 2016-05-26 09:01 334280 ----a-w- c:\windows\system32\aswBoot.exe
2016-05-26 09:01 . 2016-05-26 09:01 52184 ----a-w- c:\windows\avastSS.scr
2016-05-25 09:22 . 2016-05-16 02:37 29648 ----a-w- c:\windows\system32\RegBootDefrag.exe
2016-05-25 08:57 . 2016-05-25 08:57 -------- d-----w- c:\program files\Common Files\Skype
2016-05-25 08:30 . 2016-05-25 08:30 -------- d-----w- c:\programdata\GlarySoft
2016-05-25 08:24 . 2016-05-25 08:24 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2016-05-25 08:23 . 2016-05-25 08:23 -------- d-----w- c:\users\a\AppData\Roaming\GlarySoft
2016-05-25 08:21 . 2016-06-13 08:56 -------- d-----w- c:\program files\Glary Utilities 5
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-26 09:03 . 2015-02-28 13:38 124808 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-05-26 09:02 . 2015-02-28 13:38 449640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-05-26 09:02 . 2015-02-28 13:38 221368 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-05-26 09:02 . 2015-02-28 13:38 58776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-05-26 09:02 . 2015-02-28 13:38 91232 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-05-26 09:02 . 2015-02-28 13:38 91168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-05-26 09:02 . 2015-02-28 13:38 32792 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-05-26 09:00 . 2015-02-28 13:38 815792 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-05-14 21:26 . 2016-03-03 21:59 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-05-14 21:26 . 2016-03-03 21:59 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-05-04 22:11 . 2016-05-04 22:11 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE476DCC-9292-4E51-870E-8E672301F16A}\offreg.2800.dll
2015-09-13 09:20 . 2015-09-13 09:20 6420480 ----a-w- c:\program files\GUT3D00.tmp
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-05-26 09:01 785176 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2016-05-16 43984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-06-10 7405752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2006-01-25 03:46 26112 ----a-w- c:\windows\System32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 13:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-05-26 124808]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-03-23 327808]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-02-08 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys [2015-08-05 16064]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-05-26 35096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-05-26 815792]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-05-26 449640]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-05-25 17472]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-05-26 32792]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-05-26 91168]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
utcsvc REG_MULTI_SZ DiagTrack
.
Contenu du dossier 'Tâches planifiées'
.
2016-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-03 21:26]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\ez4icmye.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-CCleaner Monitoring - c:\program files\CCleaner\CCleaner.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2016-06-14 00:06:17
ComboFix-quarantined-files.txt 2016-06-13 22:06
.
Avant-CF: 14 269 820 928 octets libres
Après-CF: 14 155 157 504 octets libres
.
- - End Of File - - ACCC381B078DBE7DBE20C5978FE9F4E9
A36C5E4F47E84449FF07ED3517B43A31