ComboFix 15-10-01.01 - EMILIE ROGER 02/10/2015 18:27:06.1.2 - x86 Lancé depuis: e:\desktop\ComboFix.exe . /wow section - STAGE 3 . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\msdownld.tmp c:\windows\security\Database\tmp.edb c:\windows\system32\pt c:\windows\system32\pt\toscdspd.cpl.mui . . ((((((((((((((((((((((((((((( Fichiers créés du 2015-09-02 au 2015-10-02 )))))))))))))))))))))))))))))))))))) . . 2015-10-02 16:43 . 2015-10-02 16:43 -------- d-----w- c:\users\EMILIE ROGER\AppData\Local\temp 2015-10-02 16:43 . 2015-10-02 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-10-01 16:49 . 2015-10-02 13:20 -------- d-----w- C:\FRST 2015-10-01 07:45 . 2015-10-01 07:45 -------- d-----w- c:\users\EMILIE ROGER\AppData\Local\Mozilla 2015-10-01 07:41 . 2015-10-01 07:41 -------- d-----w- c:\program files\Mozilla Maintenance Service 2015-09-30 20:43 . 2015-09-30 20:44 -------- d-----w- c:\program files\ZHPFix 2015-09-30 10:48 . 2015-10-01 11:45 -------- d-----w- c:\users\EMILIE ROGER\AppData\Roaming\ZHP 2015-09-17 07:12 . 2015-09-15 09:22 313472 ----a-w- c:\windows\system32\aswBoot.exe 2015-09-15 09:23 . 2015-09-15 09:22 161472 ----a-w- c:\windows\system32\drivers\aswStmXP.sys 2015-09-15 09:23 . 2015-09-15 09:22 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys 2015-09-15 09:22 . 2015-09-15 09:22 43112 ----a-w- c:\windows\avastSS.scr 2015-09-10 06:56 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys 2015-09-10 06:56 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys 2015-09-10 06:55 . 2015-09-02 21:26 1402368 ----a-w- c:\windows\system32\msxml6.dll 2015-09-10 06:55 . 2015-09-02 21:26 1253376 ----a-w- c:\windows\system32\msxml3.dll 2015-09-10 06:51 . 2015-07-10 14:21 2048 ----a-w- c:\windows\system32\tzres.dll 2015-09-10 06:50 . 2015-08-05 15:58 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2015-09-10 06:50 . 2015-08-05 15:59 1220608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2015-09-10 06:50 . 2015-08-05 14:24 1850880 ----a-w- c:\program files\Windows Journal\Journal.exe 2015-09-10 06:50 . 2015-08-05 15:58 985600 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2015-09-10 06:50 . 2015-08-05 15:58 967680 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2015-09-10 06:49 . 2015-09-02 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll 2015-09-10 06:49 . 2015-09-02 19:54 297472 ----a-w- c:\windows\system32\atmfd.dll 2015-09-10 06:49 . 2015-09-02 19:55 2067456 ----a-w- c:\windows\system32\win32k.sys 2015-09-10 06:49 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2015-09-23 12:33 . 2012-09-14 13:14 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-09-23 12:33 . 2012-01-02 21:49 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-09-15 09:22 . 2014-08-05 08:20 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-09-15 09:22 . 2013-05-18 10:06 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-09-15 09:22 . 2013-05-18 10:06 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-09-15 09:22 . 2012-05-09 18:07 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-09-15 09:22 . 2012-05-09 18:06 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2015-09-15 09:22 . 2012-05-09 18:06 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2015-09-15 09:22 . 2012-05-09 18:06 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-09-15 09:22 . 2012-05-09 18:06 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-08-04 22:03 . 2015-08-04 22:03 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-08-04 22:03 . 2015-08-04 22:03 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll 2015-07-31 21:46 . 2015-08-18 11:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2015-07-31 21:46 . 2015-08-18 11:46 189952 ----a-w- c:\windows\system32\d3d10core.dll 2015-07-31 21:46 . 2015-08-18 11:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2015-07-31 21:46 . 2015-08-18 11:46 1029120 ----a-w- c:\windows\system32\d3d10.dll 2015-07-31 20:41 . 2015-08-18 11:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2015-07-31 20:40 . 2015-08-18 11:46 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2015-07-31 20:35 . 2015-08-18 11:46 682496 ----a-w- c:\windows\system32\d2d1.dll 2015-07-31 20:33 . 2015-08-18 11:46 1072640 ----a-w- c:\windows\system32\DWrite.dll 2015-07-31 20:33 . 2015-08-18 11:46 802304 ----a-w- c:\windows\system32\FntCache.dll 2015-07-31 19:27 . 2015-08-18 12:14 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-07-21 20:55 . 2015-08-18 12:15 1206192 ----a-w- c:\windows\system32\ntdll.dll 2015-07-21 16:07 . 2015-08-18 12:15 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-07-21 16:07 . 2015-08-18 12:15 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe 2015-07-21 16:07 . 2015-08-18 12:15 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-07-21 16:07 . 2015-08-18 12:15 140224 ----a-w- c:\windows\system32\drivers\ecache.sys 2015-07-21 16:03 . 2015-08-18 12:15 10752 ----a-w- c:\windows\system32\msmmsp.dll 2015-07-21 16:03 . 2015-08-18 12:15 564224 ----a-w- c:\windows\system32\emdmgmt.dll 2015-07-21 16:03 . 2015-08-18 12:15 49664 ----a-w- c:\windows\system32\csrsrv.dll 2015-07-18 16:03 . 2015-08-18 11:47 68608 ----a-w- c:\windows\system32\basesrv.dll 2015-07-10 19:37 . 2015-08-18 12:12 2067968 ----a-w- c:\windows\system32\mstscax.dll 2015-07-09 14:25 . 2015-08-18 11:44 151040 ----a-w- c:\windows\system32\notepad.exe 2015-07-09 14:25 . 2015-08-18 11:44 151040 ----a-w- c:\windows\notepad.exe 2002-09-04 07:14 . 2002-09-19 13:13 1206784 ----a-w- c:\program files\AutoEye_PlugIn.8bf . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-09-15 09:22 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-07-15 726904] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-15 6111824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DSLMON.lnk.disabled] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk.disabled backup=c:\windows\pss\DSLMON.lnk.disabled.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^E_SPSU01.lnk.disabled] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\E_SPSU01.lnk.disabled backup=c:\windows\pss\E_SPSU01.lnk.disabled.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk.disabled] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.disabled backup=c:\windows\pss\McAfee Security Scan Plus.lnk.disabled.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^EMILIE ROGER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk.disabled] path=c:\users\EMILIE ROGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk.disabled backup=c:\windows\pss\OpenOffice.org 3.0.lnk.disabled.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^EMILIE ROGER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk.disabled] path=c:\users\EMILIE ROGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled backup=c:\windows\pss\OpenOffice.org 3.3.lnk.disabled.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^EMILIE ROGER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk.disabled] path=c:\users\EMILIE ROGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk.disabled backup=c:\windows\pss\TRDCReminder.lnk.disabled.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain] 2008-08-18 21:22 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" "TOSCDSPD"=c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet "ehTray.exe"=c:\windows\ehome\ehTray.exe "TranscodeServer"=c:\program files\Realtek\Transcode Server\TranscodeServer.exe "AdobeBridge"= "LtMoh"=c:\program files\ltmoh\Ltmoh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start "Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA "KeNotify"=c:\program files\TOSHIBA\Utilities\KeNotify.exe "Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe "Toshiba TEMPO"=c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe "WinampAgent"="c:\program files\Winamp\winampa.exe" "HDMICtrlMan"=c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "SVPWUTIL"=c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL "topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" "HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" -autorun "cfFncEnabler.exe"=cfFncEnabler.exe "BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NDSTray.exe"=NDSTray.exe "RtHDVCpl"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s "SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "Apoint"=c:\program files\Apoint2K\Apoint.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "CanonQuickMenu"=c:\program files\Canon\Quick Menu\CNQMMAIN.EXE /logon "FileOpenBroker"=c:\program files\FileOpen\Services\FileOpenBroker32.exe "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contenu du dossier 'Tâches planifiées' . 2015-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 08:32] . 2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf0ae1692f0be0.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 08:32] . 2015-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 08:32] . . ------- Examen supplémentaire ------- . mStart Page = https://www.google.com/?trackid=sp-006 mSearch bar = https://www.google.com/?trackid=sp-006 uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\EMILIE ROGER\AppData\Roaming\Mozilla\Firefox\Profiles\lxv5h1xs.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-10-02 18:43 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2015-10-02 18:48:40 ComboFix-quarantined-files.txt 2015-10-02 16:48 . Avant-CF: 70 009 696 256 octets libres Après-CF: 70 008 541 184 octets libres . - - End Of File - - AC260BB3E642AF6AA8797D78B41E8915 5C616939100B85E558DA92B899A0FC36