Format du document : text/plain
Prévisualisation
ComboFix 15-10-28.01 - GUAZOU 02/11/2015 18:11:00.1.2 - x86
Microsoft Windows 7 Édition Starter 6.1.7600.0.1252.33.1036.18.2013.480 [GMT 1:00]
Lancé depuis: c:\users\GUAZOU\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\1e2b019c-075e-4efb-9a4d-b8fdd03a8e4a\0bf96f10-a892-4a35-86d4-290f5497a273.dll
c:\program files\7-Zip\213ca8c1-bc54-458b-9fd5-b5b06bed4121.dll
c:\program files\CinemaP-1.9cV31.10\6b292d44-b984-4c46-8a91-49ce0473afad.dll
c:\users\GUAZOU\AppData\Roaming\DRPSu
c:\users\GUAZOU\AppData\Roaming\DRPSu\DrvUpdater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-10-02 au 2015-11-02 ))))))))))))))))))))))))))))))))))))
.
.
2015-11-02 17:18 . 2015-11-02 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-11-01 07:59 . 2015-11-02 17:17 -------- d-----w- c:\program files\1e2b019c-075e-4efb-9a4d-b8fdd03a8e4a
2015-11-01 07:59 . 2015-11-01 07:59 -------- d-----w- c:\users\GUAZOU\AppData\Local\globalUpdate
2015-11-01 07:59 . 2015-11-01 07:59 -------- d-----w- c:\program files\globalUpdate
2015-11-01 07:59 . 2015-11-02 17:17 -------- d-----w- c:\program files\CinemaP-1.9cV31.10
2015-11-01 07:52 . 2015-11-01 07:52 -------- d-----w- c:\program files\RayDld
2015-11-01 07:51 . 2015-11-01 07:52 -------- d-----w- c:\users\GUAZOU\AppData\Roaming\oursurfing
2015-10-27 21:59 . 2015-10-27 21:59 -------- d-----w- c:\program files\Common Files\Skype
2015-10-27 21:59 . 2015-10-27 21:59 -------- d-----r- c:\program files\Skype
2015-10-22 08:55 . 2015-10-22 08:55 -------- d-----w- c:\program files\Common Files\Java
2015-10-21 16:07 . 2015-10-11 19:47 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-19 17:06 . 2015-10-19 17:06 -------- d-----w- c:\programdata\GRETECH
2015-10-18 07:44 . 2015-10-22 14:26 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2015-10-17 10:16 . 2015-10-22 08:55 -------- d-----w- c:\users\GUAZOU\.oracle_jre_usage
2015-10-17 08:04 . 2015-10-17 08:31 -------- d-----w- c:\programdata\Oracle
2015-10-16 16:17 . 2015-10-22 08:54 95840 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-10-11 19:47 . 2015-10-11 19:47 26096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-10-11 19:47 . 2015-10-11 19:47 107984 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-10-11 19:47 . 2015-10-11 19:47 43112 ----a-w- c:\windows\avastSS.scr
2015-10-11 19:47 . 2015-10-11 19:47 275856 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-02 17:19 . 2015-07-15 00:26 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CC92ABE-5BBE-4B33-83F7-02CE8127A28D}\offreg.dll
2015-10-21 20:39 . 2014-09-06 15:42 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-10-21 20:39 . 2014-09-06 15:42 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-11 19:47 . 2014-09-06 21:10 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-10-11 19:47 . 2014-09-06 21:10 434184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-10-11 19:47 . 2014-09-06 21:10 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-10-11 19:47 . 2014-09-06 21:10 115640 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-10-11 19:47 . 2014-09-06 21:10 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-10-11 19:47 . 2014-09-06 21:10 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-10-11 19:47 . 2014-09-06 21:10 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-10-11 19:47 . 2014-09-06 21:10 789296 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-09-10 22:39 . 2014-11-22 10:01 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-06 15:18 . 2014-09-06 15:57 6010880 ----a-w- c:\program files\GUT8D51.tmp
2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files\AntiDust.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-11 19:47 696120 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-10-15 3882576]
"uTorrent"="c:\users\GUAZOU\AppData\Roaming\uTorrent\uTorrent.exe" [2015-10-08 1822048]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-01-22 11738184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-17 138808]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-17 172088]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-17 173624]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-10-11 6134544]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-10-06 596528]
.
c:\users\GUAZOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2014-12-20 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R0 tcoifh;tcoifh; [x]
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\globalupdate.exe [2015-11-01 68608]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-09-10 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-03-17 51928]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-12-20 13296]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2015-10-11 275856]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-12-04 16440]
S0 ngvss;ngvss; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-10-11 26096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-10-11 789296]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-10-11 434184]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-10-11 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-10-11 76000]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-10-11 115640]
S2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2015-10-11 109008]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-10-01 115240]
S2 ihpmServer;ihpmServer;c:\program files\RayDld\ihpmServer.exe [2015-10-12 270568]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-10-11 220752]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-10-11 3219136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-03-17 23256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-12-27 614624]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-24 11:32 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16 20:39]
.
2015-11-02 c:\windows\Tasks\f509f073-bc61-4f4e-b140-93c6eeff83cb-1-6.job
- c:\program files\CinemaP-1.9cV31.10\f509f073-bc61-4f4e-b140-93c6eeff83cb-1-6.exe [2015-11-01 08:00]
.
2015-11-02 c:\windows\Tasks\f509f073-bc61-4f4e-b140-93c6eeff83cb-1-7.job
- c:\program files\CinemaP-1.9cV31.10\f509f073-bc61-4f4e-b140-93c6eeff83cb-1-7.exe [2015-11-01 08:00]
.
2015-11-02 c:\windows\Tasks\f509f073-bc61-4f4e-b140-93c6eeff83cb-10_user.job
- c:\program files\CinemaP-1.9cV31.10\f509f073-bc61-4f4e-b140-93c6eeff83cb-10.exe [2015-11-01 07:59]
.
2015-11-02 c:\windows\Tasks\f509f073-bc61-4f4e-b140-93c6eeff83cb-3.job
- c:\program files\CinemaP-1.9cV31.10\f509f073-bc61-4f4e-b140-93c6eeff83cb-3.exe [2015-11-01 07:59]
.
2015-11-02 c:\windows\Tasks\f509f073-bc61-4f4e-b140-93c6eeff83cb-5.job
- c:\program files\CinemaP-1.9cV31.10\f509f073-bc61-4f4e-b140-93c6eeff83cb-5.exe [2015-11-01 08:00]
.
2015-11-02 c:\windows\Tasks\f509f073-bc61-4f4e-b140-93c6eeff83cb-5_user.job
- c:\program files\CinemaP-1.9cV31.10\f509f073-bc61-4f4e-b140-93c6eeff83cb-5.exe [2015-11-01 08:00]
.
2015-11-02 c:\windows\Tasks\f509f073-bc61-4f4e-b140-93c6eeff83cb-6.job
- c:\program files\CinemaP-1.9cV31.10\f509f073-bc61-4f4e-b140-93c6eeff83cb-6.exe [2015-11-01 07:59]
.
2015-11-02 c:\windows\Tasks\f509f073-bc61-4f4e-b140-93c6eeff83cb-7.job
- c:\program files\CinemaP-1.9cV31.10\f509f073-bc61-4f4e-b140-93c6eeff83cb-7.exe [2015-11-01 07:59]
.
2015-11-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1211305808-845881549-706634446-1000Core.job
- c:\users\GUAZOU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-11 11:36]
.
2015-11-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1211305808-845881549-706634446-1000UA.job
- c:\users\GUAZOU\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-11 11:36]
.
2015-11-02 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files\globalUpdate\Update\globalupdate.exe [2015-11-01 07:59]
.
2015-11-02 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files\globalUpdate\Update\globalupdate.exe [2015-11-01 07:59]
.
2015-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-06 22:54]
.
2015-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-06 22:54]
.
2015-11-02 c:\windows\Tasks\Jk2enZtT7KqCduM.job
- c:\users\GUAZOU\AppData\Roaming\Jk2enZtT7KqCduM.exe [2015-04-20 14:05]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.oursurfing.com/?type=hp&ts=1446364286&z=e360a9d9b790d204eae2a09g6zez1qeccqaz6o1b8q&from=amt&uid=hitachixhds721050cla362_jp5511hc044brp044brpx
mStart Page = hxxp://www.oursurfing.com/?type=hp&ts=1446364286&z=e360a9d9b790d204eae2a09g6zez1qeccqaz6o1b8q&from=amt&uid=hitachixhds721050cla362_jp5511hc044brp044brpx
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 37.48.108.142 8.8.8.8
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FC9D8189-520A-4417-AED7-9EAC810C6FBA} - (no file)
HKCU-Run-DrvUpdater - c:\users\GUAZOU\AppData\Roaming\DRPSu\DrvUpdater.exe
c:\users\GUAZOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C-cleaner.lnk - (no file)
c:\users\GUAZOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VideoLAN.lnk - (no file)
AddRemove-DRPSu Updater - c:\users\GUAZOU\AppData\Roaming\DRPSu\DrvUpdater.exe
AddRemove-Yahoo! Search - c:\users\GUAZOU\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrsetup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1211305808-845881549-706634446-1000_Classes\CLSID\{236ac274-65b3-496b-9f8b-7886e6e83efc}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000115
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,61,31,13,17,f6,24,93,f7,10,c8,62,d0,eb,d7,30,93,d3,2d,d4,d5,62,30,\
.
[HKEY_USERS\S-1-5-21-1211305808-845881549-706634446-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):bd,16,54,98,fa,8f,ee,80,8d,f0,2f,6b,4d,28,f4,93,af,f9,23,5a,73,
56,48,30,b6,57,31,9c,b5,f9,79,bc,20,b4,67,44,96,f2,d7,78,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1211305808-845881549-706634446-1000_Classes\CLSID\{7286db7a-5c62-4f89-94b3-d03d0a7ef5b9}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ab
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-1211305808-845881549-706634446-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):c1,2e,d3,45,f9,e6,25,06,66,68,93,28,1a,93,2f,7a,0c,ac,e3,f2,08,
27,f8,63,1b,f9,e5,1c,d7,35,58,c1,b5,af,95,5b,66,fe,fc,92,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\sppsvc.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Heure de fin: 2015-11-02 18:23:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-11-02 17:23
.
Avant-CF: 148 854 964 224 octets libres
Après-CF: 148 588 363 776 octets libres
.
- - End Of File - - 23069913BFAF12E4ACCA871FAA8ECA40
A36C5E4F47E84449FF07ED3517B43A31