Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-09-28.01 - ok 03/10/2016 13:47:57.2.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.4024.1954 [GMT 0:00]
Lancé depuis: c:\users\ok\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\ok\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ok\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-09-03 au 2016-10-03 ))))))))))))))))))))))))))))))))))))
.
.
2016-10-03 13:52 . 2016-10-03 13:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-01 14:16 . 2016-10-01 14:16 -------- d-----w- c:\users\ok\AppData\Roaming\Avira
2016-10-01 00:52 . 2016-10-01 11:06 -------- d-----w- C:\FRST
2016-09-30 02:47 . 2016-09-30 02:48 -------- d-----w- c:\program files (x86)\ZHPFix
2016-09-29 00:12 . 2016-09-30 02:59 -------- d-----w- c:\users\ok\AppData\Roaming\ZHP
2016-09-19 16:24 . 2016-09-19 16:24 -------- d-----w- c:\users\ok\AppData\Local\AviraSpeedup
2016-09-14 17:34 . 2016-09-14 17:34 -------- d-----w- c:\users\ok\AppData\Local\Programs
2016-09-05 13:20 . 2013-06-18 09:33 123776 ----a-w- c:\windows\system32\drivers\jrdusbser.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-03 13:54 . 2016-07-20 17:16 180 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-03 13:52 . 2016-07-20 17:18 195824 ----a-w- c:\windows\system32\drivers\LDrvPro64.sys
2016-10-01 12:38 . 2016-07-20 17:50 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-10-01 12:38 . 2016-07-20 17:50 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-22 11:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2016-07-22 11:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2016-07-21 06:19 . 2016-07-21 06:19 144749672 ----a-w- c:\windows\system32\MRT.exe
2016-07-20 17:17 . 2016-07-20 17:17 0 ----a-w- c:\windows\system32\GfxValDisplayLog.bin
2016-07-20 17:16 . 2016-07-20 17:16 200 ----a-w- c:\windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-07-18 15:20 . 2016-08-30 04:12 79696 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2016-07-18 15:20 . 2016-08-30 04:12 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2016-07-18 15:20 . 2016-08-30 04:12 145984 ----a-w- c:\windows\system32\drivers\avipbb.sys
2016-07-18 15:20 . 2016-08-30 04:12 171752 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2016-07-11 03:13 . 2016-07-20 16:47 19220352 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-07-11 03:13 . 2016-07-20 16:47 9020656 ----a-w- c:\windows\SysWow64\nvopencl.dll
2016-07-11 03:13 . 2016-07-20 16:47 8742360 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2016-07-11 03:13 . 2016-07-20 16:47 490744 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-07-11 03:13 . 2016-07-20 16:47 406064 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-07-11 03:13 . 2016-07-20 16:47 38336 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2016-07-11 03:13 . 2016-07-20 16:47 31640512 ----a-w- c:\windows\system32\nvoglv64.dll
2016-07-11 03:13 . 2016-07-20 16:47 16790552 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-07-11 03:13 . 2016-07-20 16:47 10691632 ----a-w- c:\windows\system32\nvopencl.dll
2016-07-11 03:13 . 2016-07-20 16:47 10656112 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2016-07-11 03:13 . 2016-07-20 16:47 930360 ----a-w- c:\windows\system32\NvIFR64.dll
2016-07-11 03:13 . 2016-07-20 16:47 909880 ----a-w- c:\windows\SysWow64\NvFBC.dll
2016-07-11 03:13 . 2016-07-20 16:47 852024 ----a-w- c:\windows\SysWow64\NvIFR.dll
2016-07-11 03:13 . 2016-07-20 16:47 694672 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2016-07-11 03:13 . 2016-07-20 16:47 583736 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2016-07-11 03:13 . 2016-07-20 16:47 544120 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2016-07-11 03:13 . 2016-07-20 16:47 459320 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2016-07-11 03:13 . 2016-07-20 16:47 444472 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2016-07-11 03:13 . 2016-07-20 16:47 394808 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2016-07-11 03:13 . 2016-07-20 16:47 25414080 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2016-07-11 03:13 . 2016-07-20 16:47 177952 ----a-w- c:\windows\system32\nvinitx.dll
2016-07-11 03:13 . 2016-07-20 16:47 1571776 ----a-w- c:\windows\system32\nvdispgenco6436881.dll
2016-07-11 03:13 . 2016-07-20 16:47 155768 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-07-11 03:13 . 2016-07-20 16:47 153416 ----a-w- c:\windows\system32\nvoglshim64.dll
2016-07-11 03:13 . 2016-07-20 16:47 13581880 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2016-07-11 03:13 . 2016-07-20 16:47 131584 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2016-07-11 03:13 . 2016-07-20 16:47 1001016 ----a-w- c:\windows\system32\NvFBC64.dll
2016-07-11 03:13 . 2016-07-20 16:47 8615336 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-07-11 03:13 . 2016-07-20 16:47 3542072 ----a-w- c:\windows\system32\nvcuvid.dll
2016-07-11 03:13 . 2016-07-20 16:47 3099072 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2016-07-11 03:13 . 2016-07-20 16:47 1939000 ----a-w- c:\windows\system32\nvdispco6436881.dll
2016-07-11 03:13 . 2016-07-20 16:47 17321352 ----a-w- c:\windows\system32\nvd3dumx.dll
2016-07-11 03:13 . 2016-07-20 16:47 14371384 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-07-11 03:13 . 2016-07-20 16:47 10234336 ----a-w- c:\windows\system32\nvcuda.dll
2016-07-11 03:13 . 2016-07-20 16:47 39977920 ----a-w- c:\windows\system32\nvcompiler.dll
2016-07-11 03:13 . 2016-07-20 16:47 3840096 ----a-w- c:\windows\system32\nvapi64.dll
2016-07-11 03:13 . 2016-07-20 16:47 35115968 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2016-07-11 03:13 . 2016-07-20 16:47 3393576 ----a-w- c:\windows\SysWow64\nvapi.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DriveTheLife2013"="c:\program files (x86)\OSTotoSoft\DriverTalent\DriveTheLife.exe" [2015-08-25 2136928]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-08-19 60136]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2016-09-28 830064]
"IAM_Morocco Estoril ModemListener"="c:\program files (x86)\My Connection\L850\BackgroundService\ModemListener.exe" [2015-01-04 169768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirMailService;Avira Protection e-mail;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Protection Web;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R3 cpuz134;cpuz134;c:\users\ok\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\ok\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LDrvPro;LDrvPro;c:\windows\system32\drivers\LDrvPro64.sys;c:\windows\SYSNATIVE\drivers\LDrvPro64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 IAM_Morocco Estoril Modem Device Helper;IAM_Morocco Estoril Modem Device Helper;c:\program files (x86)\My Connection\L850\BackgroundService\ServiceManager.exe;c:\program files (x86)\My Connection\L850\BackgroundService\ServiceManager.exe [x]
S2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 LDrvSvc;Local Driver Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalDriverService REG_MULTI_SZ LDrvSvc
.
Contenu du dossier 'Tâches planifiées'
.
2016-10-01 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-10-01 11:39]
.
2016-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-20 12:38]
.
2016-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-07-29 10:58]
.
2016-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-07-29 10:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-04 13269064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 172.20.10.1
FF - ProfilePath - c:\users\ok\AppData\Roaming\Mozilla\Firefox\Profiles\wpxuz9uk.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_181_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_181_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Avira\Antivirus\avguard.exe
.
**************************************************************************
.
Heure de fin: 2016-10-03 13:58:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-10-03 13:58
ComboFix2.txt 2016-10-01 14:31
.
Avant-CF: 274 090 590 208 octets libres
Après-CF: 274 015 375 360 octets libres
.
- - End Of File - - 606AE02232A7804BFCBF5F4074A22041
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.4024.1954 [GMT 0:00]
Lancé depuis: c:\users\ok\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\ok\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ok\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-09-03 au 2016-10-03 ))))))))))))))))))))))))))))))))))))
.
.
2016-10-03 13:52 . 2016-10-03 13:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-01 14:16 . 2016-10-01 14:16 -------- d-----w- c:\users\ok\AppData\Roaming\Avira
2016-10-01 00:52 . 2016-10-01 11:06 -------- d-----w- C:\FRST
2016-09-30 02:47 . 2016-09-30 02:48 -------- d-----w- c:\program files (x86)\ZHPFix
2016-09-29 00:12 . 2016-09-30 02:59 -------- d-----w- c:\users\ok\AppData\Roaming\ZHP
2016-09-19 16:24 . 2016-09-19 16:24 -------- d-----w- c:\users\ok\AppData\Local\AviraSpeedup
2016-09-14 17:34 . 2016-09-14 17:34 -------- d-----w- c:\users\ok\AppData\Local\Programs
2016-09-05 13:20 . 2013-06-18 09:33 123776 ----a-w- c:\windows\system32\drivers\jrdusbser.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-03 13:54 . 2016-07-20 17:16 180 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-03 13:52 . 2016-07-20 17:18 195824 ----a-w- c:\windows\system32\drivers\LDrvPro64.sys
2016-10-01 12:38 . 2016-07-20 17:50 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-10-01 12:38 . 2016-07-20 17:50 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-22 11:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2016-07-22 11:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2016-07-21 06:19 . 2016-07-21 06:19 144749672 ----a-w- c:\windows\system32\MRT.exe
2016-07-20 17:17 . 2016-07-20 17:17 0 ----a-w- c:\windows\system32\GfxValDisplayLog.bin
2016-07-20 17:16 . 2016-07-20 17:16 200 ----a-w- c:\windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-07-18 15:20 . 2016-08-30 04:12 79696 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2016-07-18 15:20 . 2016-08-30 04:12 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2016-07-18 15:20 . 2016-08-30 04:12 145984 ----a-w- c:\windows\system32\drivers\avipbb.sys
2016-07-18 15:20 . 2016-08-30 04:12 171752 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2016-07-11 03:13 . 2016-07-20 16:47 19220352 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-07-11 03:13 . 2016-07-20 16:47 9020656 ----a-w- c:\windows\SysWow64\nvopencl.dll
2016-07-11 03:13 . 2016-07-20 16:47 8742360 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2016-07-11 03:13 . 2016-07-20 16:47 490744 ----a-w- c:\windows\system32\nvumdshimx.dll
2016-07-11 03:13 . 2016-07-20 16:47 406064 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2016-07-11 03:13 . 2016-07-20 16:47 38336 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2016-07-11 03:13 . 2016-07-20 16:47 31640512 ----a-w- c:\windows\system32\nvoglv64.dll
2016-07-11 03:13 . 2016-07-20 16:47 16790552 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-07-11 03:13 . 2016-07-20 16:47 10691632 ----a-w- c:\windows\system32\nvopencl.dll
2016-07-11 03:13 . 2016-07-20 16:47 10656112 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2016-07-11 03:13 . 2016-07-20 16:47 930360 ----a-w- c:\windows\system32\NvIFR64.dll
2016-07-11 03:13 . 2016-07-20 16:47 909880 ----a-w- c:\windows\SysWow64\NvFBC.dll
2016-07-11 03:13 . 2016-07-20 16:47 852024 ----a-w- c:\windows\SysWow64\NvIFR.dll
2016-07-11 03:13 . 2016-07-20 16:47 694672 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2016-07-11 03:13 . 2016-07-20 16:47 583736 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2016-07-11 03:13 . 2016-07-20 16:47 544120 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2016-07-11 03:13 . 2016-07-20 16:47 459320 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2016-07-11 03:13 . 2016-07-20 16:47 444472 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2016-07-11 03:13 . 2016-07-20 16:47 394808 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2016-07-11 03:13 . 2016-07-20 16:47 25414080 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2016-07-11 03:13 . 2016-07-20 16:47 177952 ----a-w- c:\windows\system32\nvinitx.dll
2016-07-11 03:13 . 2016-07-20 16:47 1571776 ----a-w- c:\windows\system32\nvdispgenco6436881.dll
2016-07-11 03:13 . 2016-07-20 16:47 155768 ----a-w- c:\windows\SysWow64\nvinit.dll
2016-07-11 03:13 . 2016-07-20 16:47 153416 ----a-w- c:\windows\system32\nvoglshim64.dll
2016-07-11 03:13 . 2016-07-20 16:47 13581880 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2016-07-11 03:13 . 2016-07-20 16:47 131584 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2016-07-11 03:13 . 2016-07-20 16:47 1001016 ----a-w- c:\windows\system32\NvFBC64.dll
2016-07-11 03:13 . 2016-07-20 16:47 8615336 ----a-w- c:\windows\SysWow64\nvcuda.dll
2016-07-11 03:13 . 2016-07-20 16:47 3542072 ----a-w- c:\windows\system32\nvcuvid.dll
2016-07-11 03:13 . 2016-07-20 16:47 3099072 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2016-07-11 03:13 . 2016-07-20 16:47 1939000 ----a-w- c:\windows\system32\nvdispco6436881.dll
2016-07-11 03:13 . 2016-07-20 16:47 17321352 ----a-w- c:\windows\system32\nvd3dumx.dll
2016-07-11 03:13 . 2016-07-20 16:47 14371384 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-07-11 03:13 . 2016-07-20 16:47 10234336 ----a-w- c:\windows\system32\nvcuda.dll
2016-07-11 03:13 . 2016-07-20 16:47 39977920 ----a-w- c:\windows\system32\nvcompiler.dll
2016-07-11 03:13 . 2016-07-20 16:47 3840096 ----a-w- c:\windows\system32\nvapi64.dll
2016-07-11 03:13 . 2016-07-20 16:47 35115968 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2016-07-11 03:13 . 2016-07-20 16:47 3393576 ----a-w- c:\windows\SysWow64\nvapi.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DriveTheLife2013"="c:\program files (x86)\OSTotoSoft\DriverTalent\DriveTheLife.exe" [2015-08-25 2136928]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-08-19 60136]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2016-09-28 830064]
"IAM_Morocco Estoril ModemListener"="c:\program files (x86)\My Connection\L850\BackgroundService\ModemListener.exe" [2015-01-04 169768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AntiVirMailService;Avira Protection e-mail;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Protection Web;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
R3 cpuz134;cpuz134;c:\users\ok\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\ok\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LDrvPro;LDrvPro;c:\windows\system32\drivers\LDrvPro64.sys;c:\windows\SYSNATIVE\drivers\LDrvPro64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 IAM_Morocco Estoril Modem Device Helper;IAM_Morocco Estoril Modem Device Helper;c:\program files (x86)\My Connection\L850\BackgroundService\ServiceManager.exe;c:\program files (x86)\My Connection\L850\BackgroundService\ServiceManager.exe [x]
S2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 LDrvSvc;Local Driver Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalDriverService REG_MULTI_SZ LDrvSvc
.
Contenu du dossier 'Tâches planifiées'
.
2016-10-01 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-10-01 11:39]
.
2016-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-20 12:38]
.
2016-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-07-29 10:58]
.
2016-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-07-29 10:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-04 13269064]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 172.20.10.1
FF - ProfilePath - c:\users\ok\AppData\Roaming\Mozilla\Firefox\Profiles\wpxuz9uk.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_181_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_181_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Avira\Antivirus\avguard.exe
.
**************************************************************************
.
Heure de fin: 2016-10-03 13:58:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-10-03 13:58
ComboFix2.txt 2016-10-01 14:31
.
Avant-CF: 274 090 590 208 octets libres
Après-CF: 274 015 375 360 octets libres
.
- - End Of File - - 606AE02232A7804BFCBF5F4074A22041
A36C5E4F47E84449FF07ED3517B43A31