cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-08-08.01 - toshiba 12/08/2015 14:08:34.1.4 - x86
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2701.1674 [GMT 1:00]
Lancé depuis: c:\users\toshiba\Downloads\Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\toshiba\AppData\Roaming\Wifi Checker Script.vbs
c:\users\toshiba\French_Picture_Dictionary .pdf
c:\users\toshiba\ZHPDiag3.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-07-12 au 2015-08-12 ))))))))))))))))))))))))))))))))))))
.
.
2015-08-12 13:16 . 2015-08-12 13:16 -------- d-----w- c:\users\Invité\AppData\Local\temp
2015-08-12 13:16 . 2015-08-12 13:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-12 12:39 . 2015-08-12 12:41 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2015-08-11 13:02 . 2015-08-11 13:02 -------- d-----r- c:\users\toshiba\Virtual Machines
2015-08-11 12:50 . 2015-08-11 12:51 -------- d-----w- c:\users\toshiba\AppData\Roaming\ZHP
2015-08-11 12:35 . 2009-09-23 01:19 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2015-08-11 12:35 . 2009-09-23 01:18 2169856 ----a-w- c:\windows\system32\VPCWizard.exe
2015-08-11 12:35 . 2009-09-23 01:18 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2015-08-11 12:35 . 2009-09-23 01:18 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2015-08-11 12:35 . 2009-09-23 01:19 294912 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2015-08-11 12:35 . 2009-09-23 01:18 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2015-08-11 12:35 . 2009-09-23 01:18 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2015-08-11 12:35 . 2009-09-23 01:18 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2015-08-11 12:35 . 2009-09-23 01:18 3329536 ----a-w- c:\windows\system32\vpc.exe
2015-08-11 12:35 . 2009-09-23 01:18 1002496 ----a-w- c:\windows\system32\VMWindow.exe
2015-08-11 12:35 . 2009-09-23 01:18 793600 ----a-w- c:\windows\system32\vmsal.exe
2015-08-11 04:08 . 2015-08-11 04:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.2424.dll
2015-08-10 21:33 . 2015-08-10 22:40 -------- d-----w- c:\users\toshiba\AppData\Local\PrivaZer
2015-08-10 21:33 . 2015-08-10 21:33 -------- d-----w- c:\program files\PrivaZer
2015-08-10 21:33 . 2015-08-10 21:33 -------- d-----w- c:\programdata\privazer
2015-08-08 15:47 . 2015-08-08 15:47 -------- d-----w- c:\users\toshiba\AppData\Roaming\xvirus
2015-08-08 15:47 . 2015-08-08 15:51 -------- d-----w- c:\program files\Xvirus Personal Guard
2015-08-07 04:40 . 2015-08-07 04:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4668.dll
2015-08-05 22:54 . 2015-08-05 22:54 -------- d-----w- c:\users\toshiba\AppData\Roaming\TechSmith
2015-08-05 22:24 . 2015-08-05 22:25 -------- d-----w- c:\users\toshiba\AppData\Local\qBittorrent
2015-08-05 22:24 . 2015-08-12 13:04 -------- d-----w- c:\users\toshiba\AppData\Roaming\qBittorrent
2015-08-05 22:23 . 2015-08-05 22:23 -------- d-----w- c:\program files\qBittorrent
2015-08-05 22:14 . 2015-08-05 22:14 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2015-08-05 22:13 . 2015-08-05 22:13 -------- d-----w- c:\programdata\TechSmith
2015-08-05 22:13 . 2015-08-05 22:13 -------- d-----w- c:\program files\TechSmith
2015-08-05 02:45 . 2015-08-05 02:45 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4184.dll
2015-08-04 18:06 . 2015-08-12 12:22 -------- d-----w- c:\program files\CCleaner
2015-08-04 13:58 . 2015-08-04 14:00 -------- d-----w- c:\program files\Half Life
2015-08-03 22:02 . 2015-08-03 22:02 -------- d-----w- c:\program files\MSECache
2015-08-02 02:56 . 2015-08-02 02:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.3656.dll
2015-08-02 00:56 . 2015-08-02 00:56 -------- d-----w- c:\users\toshiba\AppData\Roaming\AVAST Software
2015-08-02 00:53 . 2015-08-02 00:52 113592 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-08-02 00:53 . 2015-08-02 00:52 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-02 00:53 . 2015-08-02 00:52 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-08-02 00:53 . 2015-08-02 00:52 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-02 00:53 . 2015-08-02 00:52 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-02 00:53 . 2015-08-02 00:52 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-02 00:53 . 2015-08-02 00:52 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-08-02 00:53 . 2015-08-02 00:52 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-02 00:53 . 2015-08-02 00:52 26096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-08-02 00:53 . 2015-08-02 00:52 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-08-02 00:53 . 2015-08-02 00:52 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-08-02 00:52 . 2015-08-02 00:52 43112 ----a-w- c:\windows\avastSS.scr
2015-08-02 00:52 . 2015-08-02 00:52 275856 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2015-08-02 00:51 . 2015-08-02 00:51 -------- d-----w- c:\program files\AVAST Software
2015-08-01 23:53 . 2015-08-08 15:47 -------- d-----w- c:\users\toshiba\AppData\Local\Mysecuritywin
2015-08-01 23:39 . 2015-08-01 23:39 -------- d-----w- c:\programdata\Ultra Adware Killer
2015-08-01 22:54 . 2015-07-11 12:26 136635 --sha-w- c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wifi Checker Script.vbs
2015-08-01 22:53 . 2015-08-08 17:42 -------- d-----w- C:\Program Files (x86)
2015-08-01 22:22 . 2015-08-09 20:37 -------- d-----w- c:\users\toshiba\AppData\Roaming\MPC-HC
2015-08-01 22:03 . 2015-08-01 22:03 -------- d-----w- c:\program files\MPC-HC
2015-08-01 21:32 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2015-08-01 21:32 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2015-08-01 21:32 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2015-08-01 21:32 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2015-08-01 21:31 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2015-08-01 21:31 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2015-08-01 21:31 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2015-08-01 21:31 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2015-08-01 21:31 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-08-01 21:20 . 2015-08-01 21:20 -------- d-----w- c:\programdata\GridinSoft
2015-08-01 18:38 . 2015-08-01 18:38 -------- d-----w- c:\programdata\Loaris
2015-08-01 18:38 . 2015-08-01 18:38 -------- d-----w- c:\program files\Loaris
2015-08-01 13:17 . 2012-11-01 14:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2015-08-01 13:17 . 2015-08-01 14:45 -------- d-----w- c:\program files\PC Tools
2015-08-01 12:58 . 2015-08-01 15:45 -------- d-----w- c:\programdata\PC Tools
2015-08-01 12:58 . 2015-08-01 12:58 -------- d-----w- c:\users\toshiba\AppData\Roaming\TestApp
2015-07-31 15:53 . 2015-07-31 15:53 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2015-07-31 10:26 . 2015-07-31 10:26 -------- d-----w- c:\programdata\Vitalwerks
2015-07-30 22:20 . 2015-07-30 22:28 -------- d-----w- C:\Counter-Strike 2D
2015-07-30 17:51 . 2015-07-30 17:51 -------- d-----w- c:\program files\Sierra On-Line
2015-07-30 17:50 . 2015-07-30 17:50 -------- d-----w- c:\program files\real
2015-07-29 23:08 . 2015-07-29 23:08 -------- d-----w- c:\users\toshiba\.eclipse
2015-07-29 13:39 . 2015-07-29 14:31 -------- d-----w- c:\users\toshiba\AppData\Roaming\IVONA Reader
2015-07-29 13:39 . 2015-07-29 13:41 -------- d-----w- c:\program files\IVONA
2015-07-28 14:10 . 2015-07-28 14:10 -------- d-----w- c:\users\toshiba\AppData\Local\Vitalwerks
2015-07-24 12:09 . 2015-08-11 13:29 -------- d-----w- c:\users\toshiba\AppData\Local\CrashDumps
2015-07-23 20:32 . 2015-07-23 20:32 -------- d-----w- c:\users\toshiba\AppData\Local\CEF
2015-07-23 14:09 . 2015-07-23 14:09 -------- d-----w- c:\users\toshiba\AppData\Local\Activision
2015-07-23 14:01 . 2015-07-23 14:40 -------- d-----w- c:\program files\Activision
2015-07-21 16:10 . 2015-07-21 16:15 -------- d-----w- c:\programdata\Informer Technologies, Inc
2015-07-18 15:54 . 2015-07-18 15:54 -------- d-----w- c:\users\toshiba\AppData\Roaming\Project Reality
2015-07-18 15:08 . 2015-07-18 15:08 -------- d-----w- c:\users\toshiba\AppData\Local\Project Reality
2015-07-18 05:07 . 2015-07-18 05:07 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4864.dll
2015-07-17 18:17 . 2015-07-17 18:17 -------- d-----w- c:\program files\RagnoTech Softworks
2015-07-16 19:54 . 2015-07-16 19:54 -------- d-----w- c:\programdata\Package Cache
2015-07-16 19:53 . 2015-07-16 19:53 110280 ----a-w- c:\windows\system32\drivers\L1C62x86.sys
2015-07-16 19:48 . 2015-07-16 19:48 48504 ----a-w- c:\windows\system32\drivers\tosrfec.sys
2015-07-16 19:48 . 2015-07-16 19:48 3310592 ----a-w- c:\windows\system32\drivers\athr.sys
2015-07-16 19:47 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2015-07-16 19:47 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2015-07-16 19:47 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2015-07-16 19:47 . 2015-07-16 19:47 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2015-07-16 19:47 . 2015-07-16 19:47 150816 ----a-w- c:\windows\system32\drivers\TeeDriver.sys
2015-07-16 19:22 . 2015-07-16 19:22 942080 ----a-w- c:\windows\system32\AmRdrIco.icl
2015-07-16 19:22 . 2015-07-16 19:22 61440 ----a-w- c:\windows\system32\drivers\AmUStor.sys
2015-07-16 07:28 . 2015-07-16 07:28 -------- d-----w- c:\users\toshiba\s
2015-07-16 07:28 . 2015-07-16 07:28 -------- d-----w- c:\users\toshiba\AppData\Local\Temporary Internet Files
2015-07-16 07:28 . 2015-07-16 07:28 -------- d-----w- c:\users\toshiba\AppData\Local\History
2015-07-16 07:28 . 2015-07-16 07:28 -------- d-----w- c:\windows\system32\dllcache
2015-07-16 07:28 . 2015-07-16 07:28 -------- d-----w- C:\Temp
2015-07-16 04:24 . 2015-08-01 08:41 -------- d-----w- c:\programdata\ProductData
2015-07-16 04:24 . 2015-07-16 04:24 -------- d-----w- c:\programdata\IObit
2015-07-16 04:24 . 2015-07-16 04:24 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2015-07-16 04:24 . 2015-07-16 04:24 -------- d-----w- c:\program files\IObit
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-12 12:20 . 2015-02-26 19:30 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-18 15:05 . 2015-07-02 13:39 138576 ----a-w- c:\users\toshiba\AppData\Roaming\PnkBstrK.sys
2015-07-18 15:04 . 2015-07-02 13:39 291496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2015-07-16 19:49 . 2014-07-13 15:04 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2015-07-16 19:49 . 2014-07-13 15:04 9074176 ----a-w- c:\windows\system32\igfxress.dll
2015-07-16 19:49 . 2014-07-13 15:04 492032 ----a-w- c:\windows\system32\igfxdev.dll
2015-07-16 19:49 . 2014-07-13 15:04 451584 ----a-w- c:\windows\system32\igfxpph.dll
2015-07-16 19:49 . 2014-07-13 15:04 3528704 ----a-w- c:\windows\system32\igdusc32.dll
2015-07-16 19:49 . 2014-07-13 15:04 11434496 ----a-w- c:\windows\system32\igdumdim32.dll
2015-07-16 19:49 . 2014-07-13 15:04 185344 ----a-w- c:\windows\system32\hccutils.dll
2015-07-15 14:19 . 2014-10-02 23:17 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-15 14:19 . 2014-07-13 14:55 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-09 11:16 . 2015-07-09 11:16 98704 ----a-w- c:\windows\system32\drivers\VBoxNetAdp6.sys
2015-07-09 11:16 . 2015-07-09 11:16 119304 ----a-w- c:\windows\system32\drivers\VBoxNetLwf.sys
2015-07-08 04:16 . 2015-07-08 04:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.5648.dll
2015-07-03 05:20 . 2015-07-03 05:20 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.5056.dll
2015-07-02 03:56 . 2015-07-02 03:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4584.dll
2015-06-27 04:32 . 2015-06-27 04:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.1792.dll
2015-06-23 03:27 . 2015-06-23 03:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4104.dll
2015-06-22 16:57 . 2015-06-22 16:57 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2015-06-22 16:57 . 2015-06-22 16:57 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2015-06-18 07:41 . 2015-02-26 19:29 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41 . 2015-02-26 19:29 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41 . 2015-02-26 19:29 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-18 01:06 . 2015-06-18 01:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.1024.dll
2015-06-16 23:23 . 2015-06-16 23:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2015-06-16 23:23 . 2015-06-16 23:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2015-06-11 04:27 . 2015-06-11 04:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.3672.dll
2015-06-10 04:09 . 2015-06-10 04:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.5640.dll
2015-06-04 04:07 . 2015-06-04 04:07 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4432.dll
2015-06-03 02:37 . 2015-06-03 02:37 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.6068.dll
2015-05-30 03:31 . 2015-05-30 03:31 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.5192.dll
2015-05-28 23:26 . 2015-05-28 23:26 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\offreg.4544.dll
2015-05-20 22:23 . 2015-05-20 22:24 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-05-20 12:55 . 2015-05-20 13:57 123968 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-05-18 03:57 . 2015-05-28 23:19 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D8CBD1E-128F-44D1-9F0F-E0A21146A10E}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-02 00:52 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wifi Checker Script"="wscript.exe" [2009-07-14 141824]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-21 3903056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-02 6109776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Wifi Checker Script.vbs [2015-7-11 136635]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AntiUsbWormUpdate.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AntiUsbWormUpdate.lnk
backup=c:\windows\pss\AntiUsbWormUpdate.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AntiWormUpdate.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AntiWormUpdate.lnk
backup=c:\windows\pss\AntiWormUpdate.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^boottimer.lnk]
path=c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\boottimer.lnk
backup=c:\windows\pss\boottimer.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^toshiba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-11-20 18:13 1021128 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 15:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiWormUpdate]
2012-01-29 22:34 750320 ----a-w- c:\google\AutoIt3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2015-08-02 00:52 6109776 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2015-05-26 20:47 107848 ----atw- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2015-07-16 19:49 318960 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSPALauncher]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2015-05-21 16:12 3903056 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2015-07-16 19:49 308720 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2015-07-16 19:49 315376 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2015-06-16 23:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-04-30 12:45 334896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Security]
2015-02-03 18:59 695528 ----a-w- c:\program files\USB Disk Security\USBGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wifi Checker Script]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvirusstart]
2015-08-08 15:47 82944 ----a-w- c:\program files\Xvirus Personal Guard\xvirusstart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirage]
2011-02-25 11:52 136488 ----a-w- c:\program files\CyberLink\YouCam\YCMMirage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
2011-02-25 11:52 162912 ----a-w- c:\program files\CyberLink\YouCam\YouCamTray.exe
.
R0 rfljf;rfljf;c:\windows\System32\drivers\nbfrahay.sys [x]
R1 VBoxNetAdp;VBoxNetAdp;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys [2015-07-09 98704]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-08-02 113592]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-08-02 3218624]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2008-08-29 103552]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-12-04 351288]
R3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-12-04 796216]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2012-09-10 18432]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2015-07-31 16128]
R3 VBoxNetFlt;VBoxNetFlt;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2015-08-02 275856]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ngvss;ngvss; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-08-02 26096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-08-02 788784]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-08-02 433264]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-07-16 23840]
S2 AIPS;Arp Intelligent Protection Service;c:\program files\NetCutDefender\services\AIPS.exe [2011-07-28 262144]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-08-02 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-08-02 76000]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2015-08-02 109008]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-05-20 123968]
S2 IntelHaxm;Intel HAXM Service;c:\windows\system32\DRIVERS\IntelHaxm.sys [2015-01-30 78848]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-08-02 220752]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2015-07-16 61440]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 27632]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2015-07-16 110280]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2015-07-16 150816]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - TROJANKILLERDRIVER
.
Contenu du dossier 'Tâches planifiées'
.
2015-08-09 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-15 14:19]
.
2015-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-02 14:19]
.
2015-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55693033-2967138888-3080695052-1000Core.job
- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-26 20:47]
.
2015-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-55693033-2967138888-3080695052-1000UA.job
- c:\users\toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-26 20:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.guard-search.com/?gd=GB1000094&ctid=&octid=EB_ORIGINAL_CTID&ISID=116D1CDF-DC3C-42BE-BEB4-3C1F9AAEE043&SearchSource=55&CUI=SB_CUI&UM=8&UP=6588E404-1E2C-47C8-9F27-D6639FF2946F&D=IN_DA&SSPV=GB10A
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyServer = 4everproxy.com:80
uInternet Settings,ProxyOverride = ;*.local
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - c:\users\toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\bvdaaffl.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: network.proxy.http - 200.62.59.184
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-AntiUsbWorm - start c:\google\AutoIt3.exe
MSConfigStartUp-CCleaner Monitoring - c:\program files\CCleaner\CCleaner.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,d2,3a,1e,a3,c3,91,48,99,39,97,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ac,d2,3a,1e,a3,c3,91,48,99,39,97,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nex\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-55693033-2967138888-3080695052-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):00,de,8a,3e,ac,b8,cf,5d,2a,d6,55,20,93,7e,20,0d,d9,fb,f4,1e,2e,
48,88,a5,11,8d,8b,4c,40,7c,99,cb,c6,3a,7c,d6,5b,31,5a,87,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-55693033-2967138888-3080695052-1000_Classes\CLSID\{9d7e3145-9cf7-4d44-be79-3845875553ba}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000155
"Therad"=dword:00000015
"SpecVersion"=dword:00000155
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-08-12 14:17:31
ComboFix-quarantined-files.txt 2015-08-12 13:17
.
Avant-CF: 112 536 244 224 octets libres
Après-CF: 112 443 592 704 octets libres
.
- - End Of File - - 7592DADA154259D7C07AC20CAF45EB11
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité