ComboFix 16-06-01.01 - a 13/06/2016 21:24:21.3.1 - x86 Microsoft Windows 7 Édition Starter 6.1.7601.1.1252.33.1036.18.2048.1321 [GMT 2:00] Lancé depuis: c:\users\a\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\DEBUG.log c:\windows\wininit.ini . . ((((((((((((((((((((((((((((( Fichiers créés du 2016-05-13 au 2016-06-13 )))))))))))))))))))))))))))))))))))) . . 2016-06-09 12:15 . 2016-06-09 12:20 -------- d-----w- c:\program files\ZHPFix 2016-06-09 10:07 . 2016-06-09 10:07 -------- d-----w- C:\MGADiagToolOutput 2016-06-09 10:06 . 2016-06-09 10:06 -------- d-----w- c:\programdata\Office Genuine Advantage 2016-06-08 20:41 . 2016-06-09 12:48 -------- d-----w- c:\users\a\AppData\Roaming\ZHP 2016-06-08 10:33 . 2016-06-08 10:33 -------- d-----w- c:\programdata\Malwarebytes 2016-06-08 10:33 . 2016-06-08 10:33 -------- d-----w- c:\users\a\AppData\Local\Programs 2016-05-29 09:48 . 2016-05-16 02:37 108496 ----a-w- c:\windows\system32\BootDefrag.exe 2016-05-29 09:48 . 2015-08-05 06:35 16064 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys 2016-05-29 09:40 . 2016-05-29 09:40 -------- d-----w- c:\users\a\AppData\Local\Macromedia 2016-05-28 21:08 . 2016-05-28 21:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE476DCC-9292-4E51-870E-8E672301F16A}\offreg.3988.dll 2016-05-28 18:43 . 2016-05-28 18:43 -------- d-----w- c:\users\a\AppData\Local\Diagnostics 2016-05-26 09:04 . 2016-05-26 09:00 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2016-05-26 09:03 . 2016-05-26 09:01 334280 ----a-w- c:\windows\system32\aswBoot.exe 2016-05-26 09:01 . 2016-05-26 09:01 52184 ----a-w- c:\windows\avastSS.scr 2016-05-25 09:22 . 2016-05-16 02:37 29648 ----a-w- c:\windows\system32\RegBootDefrag.exe 2016-05-25 08:57 . 2016-05-25 08:57 -------- d-----w- c:\program files\Common Files\Skype 2016-05-25 08:30 . 2016-05-25 08:30 -------- d-----w- c:\programdata\GlarySoft 2016-05-25 08:24 . 2016-05-25 08:24 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys 2016-05-25 08:23 . 2016-05-25 08:23 -------- d-----w- c:\users\a\AppData\Roaming\GlarySoft 2016-05-25 08:21 . 2016-06-13 08:56 -------- d-----w- c:\program files\Glary Utilities 5 . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2016-05-26 09:03 . 2015-02-28 13:38 124808 ----a-w- c:\windows\system32\drivers\aswStm.sys 2016-05-26 09:02 . 2015-02-28 13:38 449640 ----a-w- c:\windows\system32\drivers\aswSP.sys 2016-05-26 09:02 . 2015-02-28 13:38 221368 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2016-05-26 09:02 . 2015-02-28 13:38 58776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2016-05-26 09:02 . 2015-02-28 13:38 91232 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2016-05-26 09:02 . 2015-02-28 13:38 91168 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2016-05-26 09:02 . 2015-02-28 13:38 32792 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2016-05-26 09:00 . 2015-02-28 13:38 815792 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2016-05-14 21:26 . 2016-03-03 21:59 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2016-05-14 21:26 . 2016-03-03 21:59 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2016-05-04 22:11 . 2016-05-04 22:11 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE476DCC-9292-4E51-870E-8E672301F16A}\offreg.2800.dll 2015-09-13 09:20 . 2015-09-13 09:20 6420480 ----a-w- c:\program files\GUT3D00.tmp . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2016-05-26 09:01 785176 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2016-05-16 43984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-06-10 7405752] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] 2006-01-25 03:46 26112 ----a-w- c:\windows\System32\Ati2mdxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2013-05-30 13:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-05-26 124808] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-03-23 327808] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-02-08 102912] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys [2015-08-05 16064] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-05-26 35096] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-05-26 815792] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-05-26 449640] S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-05-25 17472] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-05-26 32792] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-05-26 91168] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc utcsvc REG_MULTI_SZ DiagTrack . Contenu du dossier 'Tâches planifiées' . 2016-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-03 21:26] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\ez4icmye.default\ . - - - - ORPHELINS SUPPRIMES - - - - . MSConfigStartUp-CCleaner Monitoring - c:\program files\CCleaner\CCleaner.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2016-06-14 00:06:17 ComboFix-quarantined-files.txt 2016-06-13 22:06 . Avant-CF: 14 269 820 928 octets libres Après-CF: 14 155 157 504 octets libres . - - End Of File - - ACCC381B078DBE7DBE20C5978FE9F4E9 A36C5E4F47E84449FF07ED3517B43A31