ComboFix 15-08-08.01 - toshiba 12/08/2015 14:08:34.1.4 - x86 Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2701.1674 [GMT 1:00] Lancé depuis: c:\users\toshiba\Downloads\Programs\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\toshiba\AppData\Roaming\Wifi Checker Script.vbs c:\users\toshiba\French_Picture_Dictionary .pdf c:\users\toshiba\ZHPDiag3.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2015-07-12 au 2015-08-12 )))))))))))))))))))))))))))))))))))) . . 2015-08-12 13:16 . 2015-08-12 13:16 -------- d-----w- c:\users\Invité\AppData\Local\temp 2015-08-12 13:16 . 2015-08-12 13:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-08-12 12:39 . 2015-08-12 12:41 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2015-08-11 13:02 . 2015-08-11 13:02 -------- d-----r- c:\users\toshiba\Virtual Machines 2015-08-11 12:50 . 2015-08-11 12:51 -------- d-----w- c:\users\toshiba\AppData\Roaming\ZHP 2015-08-11 12:35 . 2009-09-23 01:19 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys 2015-08-11 12:35 . 2009-09-23 01:18 2169856 ----a-w- c:\windows\system32\VPCWizard.exe 2015-08-11 12:35 . 2009-09-23 01:18 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys 2015-08-11 12:35 . 2009-09-23 01:18 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys 2015-08-11 12:35 . 2009-09-23 01:19 294912 ----a-w- c:\windows\system32\drivers\vpcvmm.sys 2015-08-11 12:35 . 2009-09-23 01:18 1260032 ----a-w- c:\windows\system32\VPCSettings.exe 2015-08-11 12:35 . 2009-09-23 01:18 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll 2015-08-11 12:35 . 2009-09-23 01:18 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll 2015-08-11 12:35 . 2009-09-23 01:18 3329536 ----a-w- c:\windows\system32\vpc.exe 2015-08-11 12:35 . 2009-09-23 01:18 1002496 ----a-w- c:\windows\system32\VMWindow.exe 2015-08-11 12:35 . 2009-09-23 01:18 793600 ----a-w- c:\windows\system32\vmsal.exe 2015-08-11 04:08 . 2015-08-11 04:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.2424.dll 2015-08-10 21:33 . 2015-08-10 22:40 -------- d-----w- c:\users\toshiba\AppData\Local\PrivaZer 2015-08-10 21:33 . 2015-08-10 21:33 -------- d-----w- c:\program files\PrivaZer 2015-08-10 21:33 . 2015-08-10 21:33 -------- d-----w- c:\programdata\privazer 2015-08-08 15:47 . 2015-08-08 15:47 -------- d-----w- c:\users\toshiba\AppData\Roaming\xvirus 2015-08-08 15:47 . 2015-08-08 15:51 -------- d-----w- c:\program files\Xvirus Personal Guard 2015-08-07 04:40 . 2015-08-07 04:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4668.dll 2015-08-05 22:54 . 2015-08-05 22:54 -------- d-----w- c:\users\toshiba\AppData\Roaming\TechSmith 2015-08-05 22:24 . 2015-08-05 22:25 -------- d-----w- c:\users\toshiba\AppData\Local\qBittorrent 2015-08-05 22:24 . 2015-08-12 13:04 -------- d-----w- c:\users\toshiba\AppData\Roaming\qBittorrent 2015-08-05 22:23 . 2015-08-05 22:23 -------- d-----w- c:\program files\qBittorrent 2015-08-05 22:14 . 2015-08-05 22:14 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith 2015-08-05 22:13 . 2015-08-05 22:13 -------- d-----w- c:\programdata\TechSmith 2015-08-05 22:13 . 2015-08-05 22:13 -------- d-----w- c:\program files\TechSmith 2015-08-05 02:45 . 2015-08-05 02:45 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4184.dll 2015-08-04 18:06 . 2015-08-12 12:22 -------- d-----w- c:\program files\CCleaner 2015-08-04 13:58 . 2015-08-04 14:00 -------- d-----w- c:\program files\Half Life 2015-08-03 22:02 . 2015-08-03 22:02 -------- d-----w- c:\program files\MSECache 2015-08-02 02:56 . 2015-08-02 02:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.3656.dll 2015-08-02 00:56 . 2015-08-02 00:56 -------- d-----w- c:\users\toshiba\AppData\Roaming\AVAST Software 2015-08-02 00:53 . 2015-08-02 00:52 113592 ----a-w- c:\windows\system32\drivers\aswStm.sys 2015-08-02 00:53 . 2015-08-02 00:52 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-08-02 00:53 . 2015-08-02 00:52 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-08-02 00:53 . 2015-08-02 00:52 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-08-02 00:53 . 2015-08-02 00:52 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-08-02 00:53 . 2015-08-02 00:52 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-08-02 00:53 . 2015-08-02 00:52 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2015-08-02 00:53 . 2015-08-02 00:52 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-08-02 00:53 . 2015-08-02 00:52 26096 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2015-08-02 00:53 . 2015-08-02 00:52 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys 2015-08-02 00:53 . 2015-08-02 00:52 313472 ----a-w- c:\windows\system32\aswBoot.exe 2015-08-02 00:52 . 2015-08-02 00:52 43112 ----a-w- c:\windows\avastSS.scr 2015-08-02 00:52 . 2015-08-02 00:52 275856 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys 2015-08-02 00:51 . 2015-08-02 00:51 -------- d-----w- c:\program files\AVAST Software 2015-08-01 23:53 . 2015-08-08 15:47 -------- d-----w- c:\users\toshiba\AppData\Local\Mysecuritywin 2015-08-01 23:39 . 2015-08-01 23:39 -------- d-----w- c:\programdata\Ultra Adware Killer 2015-08-01 22:54 . 2015-07-11 12:26 136635 --sha-w- c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wifi Checker Script.vbs 2015-08-01 22:53 . 2015-08-08 17:42 -------- d-----w- C:\Program Files (x86) 2015-08-01 22:22 . 2015-08-09 20:37 -------- d-----w- c:\users\toshiba\AppData\Roaming\MPC-HC 2015-08-01 22:03 . 2015-08-01 22:03 -------- d-----w- c:\program files\MPC-HC 2015-08-01 21:32 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2015-08-01 21:32 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2015-08-01 21:32 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2015-08-01 21:32 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2015-08-01 21:31 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2015-08-01 21:31 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2015-08-01 21:31 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2015-08-01 21:31 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2015-08-01 21:31 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2015-08-01 21:20 . 2015-08-01 21:20 -------- d-----w- c:\programdata\GridinSoft 2015-08-01 18:38 . 2015-08-01 18:38 -------- d-----w- c:\programdata\Loaris 2015-08-01 18:38 . 2015-08-01 18:38 -------- d-----w- c:\program files\Loaris 2015-08-01 13:17 . 2012-11-01 14:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys 2015-08-01 13:17 . 2015-08-01 14:45 -------- d-----w- c:\program files\PC Tools 2015-08-01 12:58 . 2015-08-01 15:45 -------- d-----w- c:\programdata\PC Tools 2015-08-01 12:58 . 2015-08-01 12:58 -------- d-----w- c:\users\toshiba\AppData\Roaming\TestApp 2015-07-31 15:53 . 2015-07-31 15:53 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys 2015-07-31 10:26 . 2015-07-31 10:26 -------- d-----w- c:\programdata\Vitalwerks 2015-07-30 22:20 . 2015-07-30 22:28 -------- d-----w- C:\Counter-Strike 2D 2015-07-30 17:51 . 2015-07-30 17:51 -------- d-----w- c:\program files\Sierra On-Line 2015-07-30 17:50 . 2015-07-30 17:50 -------- d-----w- c:\program files\real 2015-07-29 23:08 . 2015-07-29 23:08 -------- d-----w- c:\users\toshiba\.eclipse 2015-07-29 13:39 . 2015-07-29 14:31 -------- d-----w- c:\users\toshiba\AppData\Roaming\IVONA Reader 2015-07-29 13:39 . 2015-07-29 13:41 -------- d-----w- c:\program files\IVONA 2015-07-28 14:10 . 2015-07-28 14:10 -------- d-----w- c:\users\toshiba\AppData\Local\Vitalwerks 2015-07-24 12:09 . 2015-08-11 13:29 -------- d-----w- c:\users\toshiba\AppData\Local\CrashDumps 2015-07-23 20:32 . 2015-07-23 20:32 -------- d-----w- c:\users\toshiba\AppData\Local\CEF 2015-07-23 14:09 . 2015-07-23 14:09 -------- d-----w- c:\users\toshiba\AppData\Local\Activision 2015-07-23 14:01 . 2015-07-23 14:40 -------- d-----w- c:\program files\Activision 2015-07-21 16:10 . 2015-07-21 16:15 -------- d-----w- c:\programdata\Informer Technologies, Inc 2015-07-18 15:54 . 2015-07-18 15:54 -------- d-----w- c:\users\toshiba\AppData\Roaming\Project Reality 2015-07-18 15:08 . 2015-07-18 15:08 -------- d-----w- c:\users\toshiba\AppData\Local\Project Reality 2015-07-18 05:07 . 2015-07-18 05:07 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4864.dll 2015-07-17 18:17 . 2015-07-17 18:17 -------- d-----w- c:\program files\RagnoTech Softworks 2015-07-16 19:54 . 2015-07-16 19:54 -------- d-----w- c:\programdata\Package Cache 2015-07-16 19:53 . 2015-07-16 19:53 110280 ----a-w- c:\windows\system32\drivers\L1C62x86.sys 2015-07-16 19:48 . 2015-07-16 19:48 48504 ----a-w- c:\windows\system32\drivers\tosrfec.sys 2015-07-16 19:48 . 2015-07-16 19:48 3310592 ----a-w- c:\windows\system32\drivers\athr.sys 2015-07-16 19:47 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2015-07-16 19:47 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2015-07-16 19:47 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2015-07-16 19:47 . 2015-07-16 19:47 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll 2015-07-16 19:47 . 2015-07-16 19:47 150816 ----a-w- c:\windows\system32\drivers\TeeDriver.sys 2015-07-16 19:22 . 2015-07-16 19:22 942080 ----a-w- c:\windows\system32\AmRdrIco.icl 2015-07-16 19:22 . 2015-07-16 19:22 61440 ----a-w- c:\windows\system32\drivers\AmUStor.sys 2015-07-16 07:28 . 2015-07-16 07:28 -------- d-----w- c:\users\toshiba\s 2015-07-16 07:28 . 2015-07-16 07:28 -------- d-----w- c:\users\toshiba\AppData\Local\Temporary Internet Files 2015-07-16 07:28 . 2015-07-16 07:28 -------- d-----w- c:\users\toshiba\AppData\Local\History 2015-07-16 07:28 . 2015-07-16 07:28 -------- d-----w- c:\windows\system32\dllcache 2015-07-16 07:28 . 2015-07-16 07:28 -------- d-----w- C:\Temp 2015-07-16 04:24 . 2015-08-01 08:41 -------- d-----w- c:\programdata\ProductData 2015-07-16 04:24 . 2015-07-16 04:24 -------- d-----w- c:\programdata\IObit 2015-07-16 04:24 . 2015-07-16 04:24 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS 2015-07-16 04:24 . 2015-07-16 04:24 -------- d-----w- c:\program files\IObit . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2015-08-12 12:20 . 2015-02-26 19:30 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-07-18 15:05 . 2015-07-02 13:39 138576 ----a-w- c:\users\toshiba\AppData\Roaming\PnkBstrK.sys 2015-07-18 15:04 . 2015-07-02 13:39 291496 ----a-w- c:\windows\system32\PnkBstrB.ex0 2015-07-16 19:49 . 2014-07-13 15:04 62464 ----a-w- c:\windows\system32\igfxsrvc.dll 2015-07-16 19:49 . 2014-07-13 15:04 9074176 ----a-w- c:\windows\system32\igfxress.dll 2015-07-16 19:49 . 2014-07-13 15:04 492032 ----a-w- c:\windows\system32\igfxdev.dll 2015-07-16 19:49 . 2014-07-13 15:04 451584 ----a-w- c:\windows\system32\igfxpph.dll 2015-07-16 19:49 . 2014-07-13 15:04 3528704 ----a-w- c:\windows\system32\igdusc32.dll 2015-07-16 19:49 . 2014-07-13 15:04 11434496 ----a-w- c:\windows\system32\igdumdim32.dll 2015-07-16 19:49 . 2014-07-13 15:04 185344 ----a-w- c:\windows\system32\hccutils.dll 2015-07-15 14:19 . 2014-10-02 23:17 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-07-15 14:19 . 2014-07-13 14:55 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-07-09 11:16 . 2015-07-09 11:16 98704 ----a-w- c:\windows\system32\drivers\VBoxNetAdp6.sys 2015-07-09 11:16 . 2015-07-09 11:16 119304 ----a-w- c:\windows\system32\drivers\VBoxNetLwf.sys 2015-07-08 04:16 . 2015-07-08 04:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.5648.dll 2015-07-03 05:20 . 2015-07-03 05:20 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.5056.dll 2015-07-02 03:56 . 2015-07-02 03:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4584.dll 2015-06-27 04:32 . 2015-06-27 04:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.1792.dll 2015-06-23 03:27 . 2015-06-23 03:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4104.dll 2015-06-22 16:57 . 2015-06-22 16:57 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2015-06-22 16:57 . 2015-06-22 16:57 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2015-06-18 07:41 . 2015-02-26 19:29 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-06-18 07:41 . 2015-02-26 19:29 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-06-18 07:41 . 2015-02-26 19:29 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-06-18 01:06 . 2015-06-18 01:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.1024.dll 2015-06-16 23:23 . 2015-06-16 23:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2015-06-16 23:23 . 2015-06-16 23:23 69632 ----a-w- c:\windows\system32\QuickTime.qts 2015-06-11 04:27 . 2015-06-11 04:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.3672.dll 2015-06-10 04:09 . 2015-06-10 04:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.5640.dll 2015-06-04 04:07 . 2015-06-04 04:07 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4432.dll 2015-06-03 02:37 . 2015-06-03 02:37 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.6068.dll 2015-05-30 03:31 . 2015-05-30 03:31 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.5192.dll 2015-05-28 23:26 . 2015-05-28 23:26 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4544.dll 2015-05-20 22:23 . 2015-05-20 22:24 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2015-05-20 12:55 . 2015-05-20 13:57 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2015-05-18 03:57 . 2015-05-28 23:19 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\mpengine.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-08-02 00:52 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wifi Checker Script"="wscript.exe" [2009-07-14 141824] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-21 3903056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-02 6109776] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200] . c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Wifi Checker Script.vbs [2015-7-11 136635] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AntiUsbWormUpdate.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbWormUpdate.lnk backup=c:\windows\pss\AntiUsbWormUpdate.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AntiWormUpdate.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AntiWormUpdate.lnk backup=c:\windows\pss\AntiWormUpdate.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^boottimer.lnk] path=c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\boottimer.lnk backup=c:\windows\pss\boottimer.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk] path=c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk backup=c:\windows\pss\PalTalk.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2014-11-20 18:13 1021128 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager] 2012-03-09 15:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiWormUpdate] 2012-01-29 22:34 750320 ----a-w- c:\google\AutoIt3.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast] 2015-08-02 00:52 6109776 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2015-05-26 20:47 107848 ----atw- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2015-07-16 19:49 318960 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSPALauncher] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2015-05-21 16:12 3903056 ----a-w- c:\program files\Internet Download Manager\IDMan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2015-07-16 19:49 308720 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2015-07-16 19:49 315376 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2015-06-16 23:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2015-04-30 12:45 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Security] 2015-02-03 18:59 695528 ----a-w- c:\program files\USB Disk Security\USBGuard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wifi Checker Script] 2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvirusstart] 2015-08-08 15:47 82944 ----a-w- c:\program files\Xvirus Personal Guard\xvirusstart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage] 2011-02-25 11:52 136488 ----a-w- c:\program files\CyberLink\YouCam\YCMMirage.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray] 2011-02-25 11:52 162912 ----a-w- c:\program files\CyberLink\YouCam\YouCamTray.exe . R0 rfljf;rfljf;c:\windows\System32\drivers\nbfrahay.sys [x] R1 VBoxNetAdp;VBoxNetAdp;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys [2015-07-09 98704] R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-08-02 113592] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160] R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880] R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-08-02 3218624] R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2008-08-29 103552] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x] R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x] R3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-12-04 351288] R3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-12-04 796216] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2012-09-10 18432] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2015-07-31 16128] R3 VBoxNetFlt;VBoxNetFlt;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2015-08-02 275856] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 ngvss;ngvss; [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-08-02 26096] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-08-02 788784] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-08-02 433264] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-07-16 23840] S2 AIPS;Arp Intelligent Protection Service;c:\program files\NetCutDefender\services\AIPS.exe [2011-07-28 262144] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-08-02 24016] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-08-02 76000] S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2015-08-02 109008] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968] S2 IntelHaxm;Intel HAXM Service;c:\windows\system32\DRIVERS\IntelHaxm.sys [2015-01-30 78848] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-08-02 220752] S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2015-07-16 61440] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 27632] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2015-07-16 110280] S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2015-07-16 150816] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - TROJANKILLERDRIVER . Contenu du dossier 'Tâches planifiées' . 2015-08-09 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job - c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-15 14:19] . 2015-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-02 14:19] . 2015-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55693033-2967138888-3080695052-1000Core.job - c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-26 20:47] . 2015-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55693033-2967138888-3080695052-1000UA.job - c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-26 20:47] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.guard-search.com/?gd=GB1000094&ctid=&octid=EB_ORIGINAL_CTID&ISID=116D1CDF-DC3C-42BE-BEB4-3C1F9AAEE043&SearchSource=55&CUI=SB_CUI&UM=8&UP=6588E404-1E2C-47C8-9F27-D6639FF2946F&D=IN_DA&SSPV=GB10A mStart Page = https://www.google.com/?trackid=sp-006 mSearch Bar = https://www.google.com/?trackid=sp-006 uInternet Settings,ProxyServer = 4everproxy.com:80 uInternet Settings,ProxyOverride = ;*.local IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm TCP: DhcpNameServer = 192.168.1.1 0.0.0.0 FF - ProfilePath - c:\users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\bvdaaffl.default\ FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006 FF - prefs.js: browser.search.selectedEngine - Google (avast) FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006 FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006 FF - prefs.js: network.proxy.http - 200.62.59.184 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-10 - (no file) MSConfigStartUp-AntiUsbWorm - start c:\google\AutoIt3.exe MSConfigStartUp-CCleaner Monitoring - c:\program files\CCleaner\CCleaner.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,d2,3a,1e,a3,c3,91,48,99,39,97,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,d2,3a,1e,a3,c3,91,48,99,39,97,\ . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="OperaStable" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="OperaStable" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="OperaStable" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice] @Denied: (2) (LocalSystem) "Progid"="OperaStable" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="OperaStable" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="OperaStable" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="OperaStable" . [HKEY_USERS\S-1-5-21-55693033-2967138888-3080695052-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):00,de,8a,3e,ac,b8,cf,5d,2a,d6,55,20,93,7e,20,0d,d9,fb,f4,1e,2e, 48,88,a5,11,8d,8b,4c,40,7c,99,cb,c6,3a,7c,d6,5b,31,5a,87,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-55693033-2967138888-3080695052-1000_Classes\CLSID\{9d7e3145-9cf7-4d44-be79-3845875553ba}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000155 "Therad"=dword:00000015 "SpecVersion"=dword:00000155 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2015-08-12 14:17:31 ComboFix-quarantined-files.txt 2015-08-12 13:17 . Avant-CF: 112 536 244 224 octets libres Après-CF: 112 443 592 704 octets libres . - - End Of File - - 7592DADA154259D7C07AC20CAF45EB11 A36C5E4F47E84449FF07ED3517B43A31