Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-10-01.01 - EMILIE ROGER 02/10/2015 18:27:06.1.2 - x86
Lancé depuis: e:\desktop\ComboFix.exe
.
/wow section - STAGE 3
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-09-02 au 2015-10-02 ))))))))))))))))))))))))))))))))))))
.
.
2015-10-02 16:43 . 2015-10-02 16:43 -------- d-----w- c:\users\EMILIE ROGER\AppData\Local\temp
2015-10-02 16:43 . 2015-10-02 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-01 16:49 . 2015-10-02 13:20 -------- d-----w- C:\FRST
2015-10-01 07:45 . 2015-10-01 07:45 -------- d-----w- c:\users\EMILIE ROGER\AppData\Local\Mozilla
2015-10-01 07:41 . 2015-10-01 07:41 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-09-30 20:43 . 2015-09-30 20:44 -------- d-----w- c:\program files\ZHPFix
2015-09-30 10:48 . 2015-10-01 11:45 -------- d-----w- c:\users\EMILIE ROGER\AppData\Roaming\ZHP
2015-09-17 07:12 . 2015-09-15 09:22 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-09-15 09:23 . 2015-09-15 09:22 161472 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-09-15 09:23 . 2015-09-15 09:22 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-09-15 09:22 . 2015-09-15 09:22 43112 ----a-w- c:\windows\avastSS.scr
2015-09-10 06:56 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-09-10 06:56 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-09-10 06:55 . 2015-09-02 21:26 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-09-10 06:55 . 2015-09-02 21:26 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-09-10 06:51 . 2015-07-10 14:21 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-10 06:50 . 2015-08-05 15:58 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-09-10 06:50 . 2015-08-05 15:59 1220608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-09-10 06:50 . 2015-08-05 14:24 1850880 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-09-10 06:50 . 2015-08-05 15:58 985600 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-09-10 06:50 . 2015-08-05 15:58 967680 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-09-10 06:49 . 2015-09-02 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-10 06:49 . 2015-09-02 19:54 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-09-10 06:49 . 2015-09-02 19:55 2067456 ----a-w- c:\windows\system32\win32k.sys
2015-09-10 06:49 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-23 12:33 . 2012-09-14 13:14 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-23 12:33 . 2012-01-02 21:49 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-15 09:22 . 2014-08-05 08:20 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-09-15 09:22 . 2013-05-18 10:06 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-09-15 09:22 . 2013-05-18 10:06 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-09-15 09:22 . 2012-05-09 18:07 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-09-15 09:22 . 2012-05-09 18:06 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-09-15 09:22 . 2012-05-09 18:06 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-09-15 09:22 . 2012-05-09 18:06 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-09-15 09:22 . 2012-05-09 18:06 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-04 22:03 . 2015-08-04 22:03 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 22:03 . 2015-08-04 22:03 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-31 21:46 . 2015-08-18 11:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-07-31 21:46 . 2015-08-18 11:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-07-31 21:46 . 2015-08-18 11:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-07-31 21:46 . 2015-08-18 11:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-07-31 20:41 . 2015-08-18 11:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-31 20:40 . 2015-08-18 11:46 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-07-31 20:35 . 2015-08-18 11:46 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-07-31 20:33 . 2015-08-18 11:46 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-07-31 20:33 . 2015-08-18 11:46 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-07-31 19:27 . 2015-08-18 12:14 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-21 20:55 . 2015-08-18 12:15 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-07-21 16:07 . 2015-08-18 12:15 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-21 16:07 . 2015-08-18 12:15 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-07-21 16:07 . 2015-08-18 12:15 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-21 16:07 . 2015-08-18 12:15 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-07-21 16:03 . 2015-08-18 12:15 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-21 16:03 . 2015-08-18 12:15 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-07-21 16:03 . 2015-08-18 12:15 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-18 16:03 . 2015-08-18 11:47 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-07-10 19:37 . 2015-08-18 12:12 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-07-09 14:25 . 2015-08-18 11:44 151040 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 14:25 . 2015-08-18 11:44 151040 ----a-w- c:\windows\notepad.exe
2002-09-04 07:14 . 2002-09-19 13:13 1206784 ----a-w- c:\program files\AutoEye_PlugIn.8bf
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-15 09:22 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-07-15 726904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-15 6111824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DSLMON.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk.disabled
backup=c:\windows\pss\DSLMON.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^E_SPSU01.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\E_SPSU01.lnk.disabled
backup=c:\windows\pss\E_SPSU01.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.disabled
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^EMILIE ROGER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk.disabled]
path=c:\users\EMILIE ROGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk.disabled
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.disabled.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^EMILIE ROGER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk.disabled]
path=c:\users\EMILIE ROGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.disabled.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^EMILIE ROGER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk.disabled]
path=c:\users\EMILIE ROGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk.disabled
backup=c:\windows\pss\TRDCReminder.lnk.disabled.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-08-18 21:22 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"TOSCDSPD"=c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"TranscodeServer"=c:\program files\Realtek\Transcode Server\TranscodeServer.exe
"AdobeBridge"=
"LtMoh"=c:\program files\ltmoh\Ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"KeNotify"=c:\program files\TOSHIBA\Utilities\KeNotify.exe
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Toshiba TEMPO"=c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"HDMICtrlMan"=c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SVPWUTIL"=c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe"
"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" -autorun
"cfFncEnabler.exe"=cfFncEnabler.exe
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe"
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NDSTray.exe"=NDSTray.exe
"RtHDVCpl"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Apoint"=c:\program files\Apoint2K\Apoint.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"CanonQuickMenu"=c:\program files\Canon\Quick Menu\CNQMMAIN.EXE /logon
"FileOpenBroker"=c:\program files\FileOpen\Services\FileOpenBroker32.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2015-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 08:32]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf0ae1692f0be0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 08:32]
.
2015-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 08:32]
.
.
------- Examen supplémentaire -------
.
mStart Page = https://www.google.com/?trackid=sp-006
mSearch bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\EMILIE ROGER\AppData\Roaming\Mozilla\Firefox\Profiles\lxv5h1xs.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-02 18:43
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2015-10-02 18:48:40
ComboFix-quarantined-files.txt 2015-10-02 16:48
.
Avant-CF: 70 009 696 256 octets libres
Après-CF: 70 008 541 184 octets libres
.
- - End Of File - - AC260BB3E642AF6AA8797D78B41E8915
5C616939100B85E558DA92B899A0FC36
Lancé depuis: e:\desktop\ComboFix.exe
.
/wow section - STAGE 3
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-09-02 au 2015-10-02 ))))))))))))))))))))))))))))))))))))
.
.
2015-10-02 16:43 . 2015-10-02 16:43 -------- d-----w- c:\users\EMILIE ROGER\AppData\Local\temp
2015-10-02 16:43 . 2015-10-02 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-01 16:49 . 2015-10-02 13:20 -------- d-----w- C:\FRST
2015-10-01 07:45 . 2015-10-01 07:45 -------- d-----w- c:\users\EMILIE ROGER\AppData\Local\Mozilla
2015-10-01 07:41 . 2015-10-01 07:41 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-09-30 20:43 . 2015-09-30 20:44 -------- d-----w- c:\program files\ZHPFix
2015-09-30 10:48 . 2015-10-01 11:45 -------- d-----w- c:\users\EMILIE ROGER\AppData\Roaming\ZHP
2015-09-17 07:12 . 2015-09-15 09:22 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-09-15 09:23 . 2015-09-15 09:22 161472 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-09-15 09:23 . 2015-09-15 09:22 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-09-15 09:22 . 2015-09-15 09:22 43112 ----a-w- c:\windows\avastSS.scr
2015-09-10 06:56 . 2015-08-13 14:15 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-09-10 06:56 . 2015-08-13 14:15 102912 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-09-10 06:55 . 2015-09-02 21:26 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-09-10 06:55 . 2015-09-02 21:26 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-09-10 06:51 . 2015-07-10 14:21 2048 ----a-w- c:\windows\system32\tzres.dll
2015-09-10 06:50 . 2015-08-05 15:58 940032 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-09-10 06:50 . 2015-08-05 15:59 1220608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-09-10 06:50 . 2015-08-05 14:24 1850880 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-09-10 06:50 . 2015-08-05 15:58 985600 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-09-10 06:50 . 2015-08-05 15:58 967680 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-09-10 06:49 . 2015-09-02 21:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-09-10 06:49 . 2015-09-02 19:54 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-09-10 06:49 . 2015-09-02 19:55 2067456 ----a-w- c:\windows\system32\win32k.sys
2015-09-10 06:49 . 2015-08-05 15:59 602112 ----a-w- c:\windows\system32\schedsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-23 12:33 . 2012-09-14 13:14 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-09-23 12:33 . 2012-01-02 21:49 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-09-15 09:22 . 2014-08-05 08:20 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-09-15 09:22 . 2013-05-18 10:06 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-09-15 09:22 . 2013-05-18 10:06 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-09-15 09:22 . 2012-05-09 18:07 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-09-15 09:22 . 2012-05-09 18:06 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-09-15 09:22 . 2012-05-09 18:06 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-09-15 09:22 . 2012-05-09 18:06 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-09-15 09:22 . 2012-05-09 18:06 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-04 22:03 . 2015-08-04 22:03 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 22:03 . 2015-08-04 22:03 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-31 21:46 . 2015-08-18 11:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-07-31 21:46 . 2015-08-18 11:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-07-31 21:46 . 2015-08-18 11:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-07-31 21:46 . 2015-08-18 11:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-07-31 20:41 . 2015-08-18 11:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-31 20:40 . 2015-08-18 11:46 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-07-31 20:35 . 2015-08-18 11:46 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-07-31 20:33 . 2015-08-18 11:46 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-07-31 20:33 . 2015-08-18 11:46 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-07-31 19:27 . 2015-08-18 12:14 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-21 20:55 . 2015-08-18 12:15 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-07-21 16:07 . 2015-08-18 12:15 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-21 16:07 . 2015-08-18 12:15 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-07-21 16:07 . 2015-08-18 12:15 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-21 16:07 . 2015-08-18 12:15 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-07-21 16:03 . 2015-08-18 12:15 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-21 16:03 . 2015-08-18 12:15 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-07-21 16:03 . 2015-08-18 12:15 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-18 16:03 . 2015-08-18 11:47 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-07-10 19:37 . 2015-08-18 12:12 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-07-09 14:25 . 2015-08-18 11:44 151040 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 14:25 . 2015-08-18 11:44 151040 ----a-w- c:\windows\notepad.exe
2002-09-04 07:14 . 2002-09-19 13:13 1206784 ----a-w- c:\program files\AutoEye_PlugIn.8bf
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-15 09:22 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-07-15 726904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-15 6111824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DSLMON.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DSLMON.lnk.disabled
backup=c:\windows\pss\DSLMON.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^E_SPSU01.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\E_SPSU01.lnk.disabled
backup=c:\windows\pss\E_SPSU01.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.disabled
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^EMILIE ROGER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk.disabled]
path=c:\users\EMILIE ROGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk.disabled
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.disabled.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^EMILIE ROGER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk.disabled]
path=c:\users\EMILIE ROGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.disabled.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^EMILIE ROGER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk.disabled]
path=c:\users\EMILIE ROGER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk.disabled
backup=c:\windows\pss\TRDCReminder.lnk.disabled.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-08-18 21:22 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"TOSCDSPD"=c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"TranscodeServer"=c:\program files\Realtek\Transcode Server\TranscodeServer.exe
"AdobeBridge"=
"LtMoh"=c:\program files\ltmoh\Ltmoh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" /start
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"KeNotify"=c:\program files\TOSHIBA\Utilities\KeNotify.exe
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Toshiba TEMPO"=c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"HDMICtrlMan"=c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SVPWUTIL"=c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe"
"HSON"=%ProgramFiles%\TOSHIBA\TBS\HSON.exe
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" -autorun
"cfFncEnabler.exe"=cfFncEnabler.exe
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe"
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NDSTray.exe"=NDSTray.exe
"RtHDVCpl"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Apoint"=c:\program files\Apoint2K\Apoint.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"CanonQuickMenu"=c:\program files\Canon\Quick Menu\CNQMMAIN.EXE /logon
"FileOpenBroker"=c:\program files\FileOpen\Services\FileOpenBroker32.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2015-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 08:32]
.
2014-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf0ae1692f0be0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 08:32]
.
2015-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-03 08:32]
.
.
------- Examen supplémentaire -------
.
mStart Page = https://www.google.com/?trackid=sp-006
mSearch bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\EMILIE ROGER\AppData\Roaming\Mozilla\Firefox\Profiles\lxv5h1xs.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-10-02 18:43
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2015-10-02 18:48:40
ComboFix-quarantined-files.txt 2015-10-02 16:48
.
Avant-CF: 70 009 696 256 octets libres
Après-CF: 70 008 541 184 octets libres
.
- - End Of File - - AC260BB3E642AF6AA8797D78B41E8915
5C616939100B85E558DA92B899A0FC36