Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-09-14.01 - NET1 09.2017 ?. 23:12:20.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.33.1033.18.4093.2871 [GMT 2:00]
Lancé depuis: c:\users\NET1\Desktop\ComboFix.exe
AV: AVG Antivirus *Disabled/Outdated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG Antivirus *Disabled/Outdated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\SETD72E.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-08-21 au 2017-09-21 ))))))))))))))))))))))))))))))))))))
.
.
2017-09-21 21:30 . 2017-09-21 21:30 -------- d-----w- c:\users\Sashka\AppData\Local\temp
2017-09-07 19:39 . 2017-09-09 10:37 -------- d-----w- C:\FRST
2017-09-03 14:30 . 2017-09-03 14:30 -------- d-----w- c:\users\NET1\AppData\Local\ElevatedDiagnostics
2017-09-01 10:02 . 2017-09-06 19:54 192960 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-09-01 10:02 . 2017-09-17 13:38 45472 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-09-01 09:48 . 2017-09-21 20:35 253888 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-09-01 09:47 . 2017-09-02 21:28 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-09-01 09:47 . 2017-09-01 09:47 -------- d-----w- c:\programdata\Malwarebytes
2017-09-01 09:47 . 2017-09-01 09:47 -------- d-----w- c:\program files\Malwarebytes
2017-09-01 09:34 . 2017-09-02 19:20 -------- d-----w- C:\AdwCleaner
2017-09-01 09:18 . 2017-09-03 16:09 -------- d-----w- c:\users\NET1\AppData\Roaming\ZHP
2017-09-01 09:18 . 2017-09-03 16:04 -------- d-----w- c:\users\NET1\AppData\Local\ZHP
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\users\Sashka\Downloads\Sky38i.exe" [2017-03-29 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirna.exe" [2017-09-14 239592]
.
c:\users\NET1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
R2 AVG Antivirus;AVG Antivirus;c:\program files (x86)\AVG\Antivirus\AVGSvc.exe;c:\program files (x86)\AVG\Antivirus\AVGSvc.exe [x]
R2 GLOBUL Connection Manager. RunOuc;GLOBUL Connection Manager. OUC;c:\program files (x86)\GLOBUL Connection Manager\UpdateDog\ouc.exe;c:\program files (x86)\GLOBUL Connection Manager\UpdateDog\ouc.exe [x]
R2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe;c:\windows\SYSNATIVE\nvservice.exe [x]
R3 avgbIDSAgent;avgbIDSAgent;c:\program files (x86)\AVG\Antivirus\x64\aswidsagenta.exe;c:\program files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [x]
R3 avgHwid;avgHwid;c:\windows\system32\drivers\avgHwid.sys;c:\windows\SYSNATIVE\drivers\avgHwid.sys [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 cmnxusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s 20140303;c:\windows\system32\DRIVERS\cmnxusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnxusbser.sys [x]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbser.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 avgbidsh;avgbidsh;c:\windows\\SystemRoot\system32\drivers\avgbidsha.sys;c:\windows\\SystemRoot\system32\drivers\avgbidsha.sys [x]
S0 avgblog;avgblog;c:\windows\\SystemRoot\system32\drivers\avgbloga.sys;c:\windows\\SystemRoot\system32\drivers\avgbloga.sys [x]
S0 avgbuniv;avgbuniv;c:\windows\\SystemRoot\system32\drivers\avgbuniva.sys;c:\windows\\SystemRoot\system32\drivers\avgbuniva.sys [x]
S0 avgRvrt;avgRvrt;c:\windows\\SystemRoot\system32\drivers\avgRvrt.sys;c:\windows\\SystemRoot\system32\drivers\avgRvrt.sys [x]
S0 avgVmm;avgVmm;c:\windows\\SystemRoot\system32\drivers\avgVmm.sys;c:\windows\\SystemRoot\system32\drivers\avgVmm.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avgbdisk;avgbdisk;c:\windows\system32\drivers\avgbdiska.sys;c:\windows\SYSNATIVE\drivers\avgbdiska.sys [x]
S1 avgbidsdriver;avgbidsdriver;c:\windows\system32\drivers\avgbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\avgbidsdrivera.sys [x]
S1 avgRdr;avgRdr;c:\windows\system32\drivers\avgRdr2.sys;c:\windows\SYSNATIVE\drivers\avgRdr2.sys [x]
S1 avgSnx;avgSnx;c:\windows\system32\drivers\avgSnx.sys;c:\windows\SYSNATIVE\drivers\avgSnx.sys [x]
S1 avgSP;avgSP;c:\windows\system32\drivers\avgSP.sys;c:\windows\SYSNATIVE\drivers\avgSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 avgMonFlt;avgMonFlt;c:\windows\system32\drivers\avgMonFlt.sys;c:\windows\SYSNATIVE\drivers\avgMonFlt.sys [x]
S2 avgStm;avgStm;c:\windows\system32\drivers\avgStm.sys;c:\windows\SYSNATIVE\drivers\avgStm.sys [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirna.exe" [2017-09-14 239592]
"AVGUI.exe"="c:\program files (x86)\AVG\Antivirus\AvLaunch.exe" [2017-05-14 263232]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1919B7F5-A30A-4F19-A4E7-0AA588002B59}: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Web TuneUp\vprot.exe
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe
AddRemove-AVG Web TuneUp - c:\program files (x86)\AVG Web TuneUp\UNINSTALL.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-09-21 23:35:58
ComboFix-quarantined-files.txt 2017-09-21 21:35
.
Avant-CF: 43 551 997 952 bytes free
Après-CF: 43 124 457 472 bytes free
.
- - End Of File - - 3BA323268D03B46367D10D55E0757D4D
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.33.1033.18.4093.2871 [GMT 2:00]
Lancé depuis: c:\users\NET1\Desktop\ComboFix.exe
AV: AVG Antivirus *Disabled/Outdated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG Antivirus *Disabled/Outdated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\SETD72E.tmp
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-08-21 au 2017-09-21 ))))))))))))))))))))))))))))))))))))
.
.
2017-09-21 21:30 . 2017-09-21 21:30 -------- d-----w- c:\users\Sashka\AppData\Local\temp
2017-09-07 19:39 . 2017-09-09 10:37 -------- d-----w- C:\FRST
2017-09-03 14:30 . 2017-09-03 14:30 -------- d-----w- c:\users\NET1\AppData\Local\ElevatedDiagnostics
2017-09-01 10:02 . 2017-09-06 19:54 192960 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-09-01 10:02 . 2017-09-17 13:38 45472 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-09-01 09:48 . 2017-09-21 20:35 253888 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-09-01 09:47 . 2017-09-02 21:28 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-09-01 09:47 . 2017-09-01 09:47 -------- d-----w- c:\programdata\Malwarebytes
2017-09-01 09:47 . 2017-09-01 09:47 -------- d-----w- c:\program files\Malwarebytes
2017-09-01 09:34 . 2017-09-02 19:20 -------- d-----w- C:\AdwCleaner
2017-09-01 09:18 . 2017-09-03 16:09 -------- d-----w- c:\users\NET1\AppData\Roaming\ZHP
2017-09-01 09:18 . 2017-09-03 16:04 -------- d-----w- c:\users\NET1\AppData\Local\ZHP
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\users\Sashka\Downloads\Sky38i.exe" [2017-03-29 21633320]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirna.exe" [2017-09-14 239592]
.
c:\users\NET1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
R2 AVG Antivirus;AVG Antivirus;c:\program files (x86)\AVG\Antivirus\AVGSvc.exe;c:\program files (x86)\AVG\Antivirus\AVGSvc.exe [x]
R2 GLOBUL Connection Manager. RunOuc;GLOBUL Connection Manager. OUC;c:\program files (x86)\GLOBUL Connection Manager\UpdateDog\ouc.exe;c:\program files (x86)\GLOBUL Connection Manager\UpdateDog\ouc.exe [x]
R2 nvservice;NVIDIA GuardService;c:\windows\system32\nvservice.exe;c:\windows\SYSNATIVE\nvservice.exe [x]
R3 avgbIDSAgent;avgbIDSAgent;c:\program files (x86)\AVG\Antivirus\x64\aswidsagenta.exe;c:\program files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [x]
R3 avgHwid;avgHwid;c:\windows\system32\drivers\avgHwid.sys;c:\windows\SYSNATIVE\drivers\avgHwid.sys [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 cmnxusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s 20140303;c:\windows\system32\DRIVERS\cmnxusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnxusbser.sys [x]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbser.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 avgbidsh;avgbidsh;c:\windows\\SystemRoot\system32\drivers\avgbidsha.sys;c:\windows\\SystemRoot\system32\drivers\avgbidsha.sys [x]
S0 avgblog;avgblog;c:\windows\\SystemRoot\system32\drivers\avgbloga.sys;c:\windows\\SystemRoot\system32\drivers\avgbloga.sys [x]
S0 avgbuniv;avgbuniv;c:\windows\\SystemRoot\system32\drivers\avgbuniva.sys;c:\windows\\SystemRoot\system32\drivers\avgbuniva.sys [x]
S0 avgRvrt;avgRvrt;c:\windows\\SystemRoot\system32\drivers\avgRvrt.sys;c:\windows\\SystemRoot\system32\drivers\avgRvrt.sys [x]
S0 avgVmm;avgVmm;c:\windows\\SystemRoot\system32\drivers\avgVmm.sys;c:\windows\\SystemRoot\system32\drivers\avgVmm.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avgbdisk;avgbdisk;c:\windows\system32\drivers\avgbdiska.sys;c:\windows\SYSNATIVE\drivers\avgbdiska.sys [x]
S1 avgbidsdriver;avgbidsdriver;c:\windows\system32\drivers\avgbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\avgbidsdrivera.sys [x]
S1 avgRdr;avgRdr;c:\windows\system32\drivers\avgRdr2.sys;c:\windows\SYSNATIVE\drivers\avgRdr2.sys [x]
S1 avgSnx;avgSnx;c:\windows\system32\drivers\avgSnx.sys;c:\windows\SYSNATIVE\drivers\avgSnx.sys [x]
S1 avgSP;avgSP;c:\windows\system32\drivers\avgSP.sys;c:\windows\SYSNATIVE\drivers\avgSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeActiveFileMonitor12.0;Adobe Active File Monitor V12;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 avgMonFlt;avgMonFlt;c:\windows\system32\drivers\avgMonFlt.sys;c:\windows\SYSNATIVE\drivers\avgMonFlt.sys [x]
S2 avgStm;avgStm;c:\windows\system32\drivers\avgStm.sys;c:\windows\SYSNATIVE\drivers\avgStm.sys [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 DisplayLinkService;DisplayLink Service;c:\program files\DisplayLink Core Software\DisplayLinkService.exe;c:\program files\DisplayLink Core Software\DisplayLinkService.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirna.exe" [2017-09-14 239592]
"AVGUI.exe"="c:\program files (x86)\AVG\Antivirus\AvLaunch.exe" [2017-05-14 263232]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1919B7F5-A30A-4F19-A4E7-0AA588002B59}: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Web TuneUp\vprot.exe
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe
AddRemove-AVG Web TuneUp - c:\program files (x86)\AVG Web TuneUp\UNINSTALL.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-09-21 23:35:58
ComboFix-quarantined-files.txt 2017-09-21 21:35
.
Avant-CF: 43 551 997 952 bytes free
Après-CF: 43 124 457 472 bytes free
.
- - End Of File - - 3BA323268D03B46367D10D55E0757D4D
A36C5E4F47E84449FF07ED3517B43A31