Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-11-06.01 - Alain 08/11/2016 17:13:55.1.1 - x86
Lancé depuis: c:\documents and settings\Alain\Bureau\ComboFix.exe
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alain\Mes documents\~WRD0002.tmp
c:\documents and settings\Alain\WINDOWS
c:\documents and settings\All Users\Application Data\4001812108
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SECSVR
-------\Service_secsvr
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-10-08 au 2016-11-08 ))))))))))))))))))))))))))))))))))))
.
.
2016-11-08 15:19 . 2016-11-08 15:37 -------- d-----w- C:\FRST
2016-11-08 13:05 . 2016-11-08 13:05 -------- d-----w- c:\program files\Fichiers communs\Borland Shared
2016-11-08 13:05 . 1999-11-12 04:11 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL
2016-11-08 13:05 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL
2016-11-08 13:05 . 2016-11-08 13:05 -------- d-----w- c:\program files\ZebHelpProcess
2016-11-08 13:02 . 2016-11-08 13:04 -------- d-----w- c:\program files\ZHPFix
2016-11-08 12:08 . 2016-11-08 15:51 -------- d-----w- c:\documents and settings\Alain\Application Data\ZHP
2016-11-08 11:47 . 2016-11-08 11:47 -------- d-----w- C:\Ad-Remover
2016-11-08 11:12 . 2016-11-08 11:27 -------- d-----w- c:\program files\AdBlock Master
2016-11-07 15:48 . 2016-11-07 15:48 -------- d-----w- c:\program files\Fichiers communs\AV
2016-11-07 15:48 . 2016-11-07 15:48 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
2016-11-07 15:45 . 2016-11-08 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2016-11-07 15:45 . 2016-11-08 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2016-11-07 14:22 . 2016-11-07 14:22 -------- d-----w- c:\program files\CCleaner
2016-11-07 12:35 . 2016-11-07 12:35 -------- d-----w- c:\documents and settings\Alain\Local Settings\Application Data\CEF
2016-11-07 12:30 . 2016-11-07 12:30 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-11-07 12:29 . 2016-11-07 12:29 -------- d-----w- c:\documents and settings\Alain\Application Data\AVAST Software
2016-11-07 12:26 . 2016-11-07 12:26 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-11-07 12:26 . 2016-11-07 12:27 224752 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-11-07 12:26 . 2016-11-07 12:27 433768 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-11-07 12:26 . 2016-11-07 12:26 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-11-07 12:26 . 2016-11-07 12:26 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-11-07 12:26 . 2016-11-07 12:27 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-11-07 12:26 . 2016-11-07 12:26 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-11-07 12:26 . 2016-11-07 12:26 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-11-07 12:26 . 2016-11-07 12:26 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-11-07 12:26 . 2016-11-07 12:26 921280 ----a-w- c:\windows\ucrtbase.dll
2016-11-07 12:26 . 2016-11-07 12:26 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-11-07 12:26 . 2016-11-07 12:26 53208 ----a-w- c:\windows\avastSS.scr
2016-11-07 12:25 . 2016-11-07 12:30 -------- d-----w- c:\program files\AVAST Software
2016-11-07 11:29 . 2016-11-07 11:29 411552 ----a-w- c:\windows\system32\drivers\tfdzhewy.sys
2016-11-04 14:52 . 2016-11-07 14:34 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-04 14:46 . 2016-11-04 14:46 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-11-04 14:46 . 2016-11-04 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2016-11-04 14:46 . 2016-03-10 13:09 123264 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-11-04 14:46 . 2016-03-10 13:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-11-03 12:49 . 2016-11-03 14:13 -------- d-----w- c:\program files\DLL Tool
2016-11-03 12:16 . 2005-10-18 09:35 1136832 ----a-w- C:\MSXML3SP7-KB909363-x86-FRA.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-11-07 12:26 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uklognf]
2006-08-02 10:39 49152 ------w- c:\windows\system32\uklognf.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Key Tools.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Key Tools.lnk
backup=c:\windows\pss\Key Tools.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 14:20 57344 ------w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2016-11-08 10:32 9044392 ----a-w- c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackArmorBackupMonitor.exe]
2012-10-31 19:23 5583976 ----a-w- c:\program files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cabinetLaunch]
2007-08-20 16:31 40960 ------w- c:\program files\Lenovo\Lenovo Insider Key\launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-09-28 17:23 6889176 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:33 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2007-11-01 16:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-21 09:34 166424 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-21 09:34 141848 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2007-04-26 12:33 49152 ------w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-21 09:34 137752 ------w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-06-27 09:23 16875008 ------w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Scheduler2 Seagate]
2012-10-31 19:24 395712 ----a-w- c:\program files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-01-17 16:41 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-05-14 14:42 487424 ------w- c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TVT_UpdateMonitor"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"TVT Backup Service"=2 (0x2)
"TVT Backup Protection Service"=2 (0x2)
"ThinkVantage Registry Monitor Service"=2 (0x2)
"SUService"=2 (0x2)
"SgtSch2Svc"=2 (0x2)
"sfcdpsrv"=2 (0x2)
"secsvr"=2 (0x2)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Quadra\\PGM32\\QMajTCP.exe"=
.
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-12-18 167968]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-11-07 34008]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2016-11-07 184592]
R3 pelps2m;PS/2 Mouse Filter Driver;c:\windows\system32\DRIVERS\pelps2m.sys [2003-01-20 18048]
R3 XLHHardware_1_0;XLHHardware_1_0;c:\program files\DLL Tool\XLHHardware.sys [x]
R4 sfcdpsrv;Service Seagate Nonstop Backup;c:\program files\Fichiers communs\Seagate\CDP\afcdpsrv.exe [2013-12-18 3246040]
R4 SgtSch2Svc;Service Scheduler2 Seagate;c:\program files\Fichiers communs\Seagate\Schedule2\schedul2.exe [2012-10-31 805424]
R4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 253952]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2013-12-18 752128]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-11-07 35096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-11-07 735488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-11-07 433768]
S1 bfdisk;bfdisk; [x]
S1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-05-09 46144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-11-07 92256]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 00:01 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:00]
.
2016-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2016-11-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-07 12:26]
.
2016-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-17 15:39]
.
2016-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-17 15:39]
.
2016-11-08 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
- c:\windows\system32\xp_eos.exe [2014-03-14 23:28]
.
2016-11-08 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\windows\system32\xp_eos.exe [2014-03-14 23:28]
.
2016-11-08 c:\windows\Tasks\SafeZone scheduled Autoupdate 1478521873.job
- c:\program files\AVAST Software\SZBrowser\launcher.exe [2016-11-07 08:42]
.
2016-11-04 c:\windows\Tasks\SAUVE TINTIN.job
- c:\windows\system32\ntbackup.exe [2006-01-26 02:34]
.
2016-11-08 c:\windows\Tasks\User_Feed_Synchronization-{62866D88-9D43-4723-96A7-A6E0FA94FDFF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = https://www.google.com/
mStart Page = https://www.google.com/
mSearch Bar = https://www.google.com/
mSearchMigratedDefaultURL = https://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uCustomizeSearch = https://www.google.com/
TCP: Interfaces\{12574E71-65E7-4582-BAD2-56232B333D82}: NameServer = 208.67.222.222,208.67.220.200
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.1.110:1100/activex/AMC.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-08 17:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\uklognf.dll
c:\windows\system32\mangdrive.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\progra~1\MI6841~1\MSSQL\binn\sqlservr.exe
c:\progra~1\MI6841~1\MSSQL\binn\sqlagent.exe
.
**************************************************************************
.
Heure de fin: 2016-11-08 17:28:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-11-08 16:28
.
Avant-CF: 252 282 638 336 octets libres
Après-CF: 252 733 251 584 octets libres
.
- - End Of File - - 7483FB802285A5BAB72E6E63FC591E66
EC5A5317BF3569B547F8CFD38D17D3CF
Lancé depuis: c:\documents and settings\Alain\Bureau\ComboFix.exe
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alain\Mes documents\~WRD0002.tmp
c:\documents and settings\Alain\WINDOWS
c:\documents and settings\All Users\Application Data\4001812108
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SECSVR
-------\Service_secsvr
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-10-08 au 2016-11-08 ))))))))))))))))))))))))))))))))))))
.
.
2016-11-08 15:19 . 2016-11-08 15:37 -------- d-----w- C:\FRST
2016-11-08 13:05 . 2016-11-08 13:05 -------- d-----w- c:\program files\Fichiers communs\Borland Shared
2016-11-08 13:05 . 1999-11-12 04:11 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL
2016-11-08 13:05 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL
2016-11-08 13:05 . 2016-11-08 13:05 -------- d-----w- c:\program files\ZebHelpProcess
2016-11-08 13:02 . 2016-11-08 13:04 -------- d-----w- c:\program files\ZHPFix
2016-11-08 12:08 . 2016-11-08 15:51 -------- d-----w- c:\documents and settings\Alain\Application Data\ZHP
2016-11-08 11:47 . 2016-11-08 11:47 -------- d-----w- C:\Ad-Remover
2016-11-08 11:12 . 2016-11-08 11:27 -------- d-----w- c:\program files\AdBlock Master
2016-11-07 15:48 . 2016-11-07 15:48 -------- d-----w- c:\program files\Fichiers communs\AV
2016-11-07 15:48 . 2016-11-07 15:48 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
2016-11-07 15:45 . 2016-11-08 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2016-11-07 15:45 . 2016-11-08 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2016-11-07 14:22 . 2016-11-07 14:22 -------- d-----w- c:\program files\CCleaner
2016-11-07 12:35 . 2016-11-07 12:35 -------- d-----w- c:\documents and settings\Alain\Local Settings\Application Data\CEF
2016-11-07 12:30 . 2016-11-07 12:30 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-11-07 12:29 . 2016-11-07 12:29 -------- d-----w- c:\documents and settings\Alain\Application Data\AVAST Software
2016-11-07 12:26 . 2016-11-07 12:26 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-11-07 12:26 . 2016-11-07 12:27 224752 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-11-07 12:26 . 2016-11-07 12:27 433768 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-11-07 12:26 . 2016-11-07 12:26 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-11-07 12:26 . 2016-11-07 12:26 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-11-07 12:26 . 2016-11-07 12:27 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-11-07 12:26 . 2016-11-07 12:26 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-11-07 12:26 . 2016-11-07 12:26 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-11-07 12:26 . 2016-11-07 12:26 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-11-07 12:26 . 2016-11-07 12:26 921280 ----a-w- c:\windows\ucrtbase.dll
2016-11-07 12:26 . 2016-11-07 12:26 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-11-07 12:26 . 2016-11-07 12:26 53208 ----a-w- c:\windows\avastSS.scr
2016-11-07 12:25 . 2016-11-07 12:30 -------- d-----w- c:\program files\AVAST Software
2016-11-07 11:29 . 2016-11-07 11:29 411552 ----a-w- c:\windows\system32\drivers\tfdzhewy.sys
2016-11-04 14:52 . 2016-11-07 14:34 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-04 14:46 . 2016-11-04 14:46 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-11-04 14:46 . 2016-11-04 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2016-11-04 14:46 . 2016-03-10 13:09 123264 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-11-04 14:46 . 2016-03-10 13:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-11-03 12:49 . 2016-11-03 14:13 -------- d-----w- c:\program files\DLL Tool
2016-11-03 12:16 . 2005-10-18 09:35 1136832 ----a-w- C:\MSXML3SP7-KB909363-x86-FRA.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-11-07 12:26 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uklognf]
2006-08-02 10:39 49152 ------w- c:\windows\system32\uklognf.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Key Tools.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Key Tools.lnk
backup=c:\windows\pss\Key Tools.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 14:20 57344 ------w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56 59280 ----a-w- c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2016-11-08 10:32 9044392 ----a-w- c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackArmorBackupMonitor.exe]
2012-10-31 19:23 5583976 ----a-w- c:\program files\Seagate\BlackArmorBackup\BlackArmorBackupMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cabinetLaunch]
2007-08-20 16:31 40960 ------w- c:\program files\Lenovo\Lenovo Insider Key\launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-09-28 17:23 6889176 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:33 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2007-11-01 16:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-03-21 09:34 166424 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-03-21 09:34 141848 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2007-04-26 12:33 49152 ------w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-03-21 09:34 137752 ------w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-06-27 09:23 16875008 ------w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Scheduler2 Seagate]
2012-10-31 19:24 395712 ----a-w- c:\program files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-01-17 16:41 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2008-05-14 14:42 487424 ------w- c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TVT_UpdateMonitor"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"TVT Backup Service"=2 (0x2)
"TVT Backup Protection Service"=2 (0x2)
"ThinkVantage Registry Monitor Service"=2 (0x2)
"SUService"=2 (0x2)
"SgtSch2Svc"=2 (0x2)
"sfcdpsrv"=2 (0x2)
"secsvr"=2 (0x2)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"avast! Antivirus"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Quadra\\PGM32\\QMajTCP.exe"=
.
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-12-18 167968]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-11-07 34008]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2016-11-07 184592]
R3 pelps2m;PS/2 Mouse Filter Driver;c:\windows\system32\DRIVERS\pelps2m.sys [2003-01-20 18048]
R3 XLHHardware_1_0;XLHHardware_1_0;c:\program files\DLL Tool\XLHHardware.sys [x]
R4 sfcdpsrv;Service Seagate Nonstop Backup;c:\program files\Fichiers communs\Seagate\CDP\afcdpsrv.exe [2013-12-18 3246040]
R4 SgtSch2Svc;Service Scheduler2 Seagate;c:\program files\Fichiers communs\Seagate\Schedule2\schedul2.exe [2012-10-31 805424]
R4 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R4 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 253952]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2013-12-18 752128]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-11-07 35096]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-11-07 735488]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-11-07 433768]
S1 bfdisk;bfdisk; [x]
S1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-05-09 46144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-11-07 92256]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2008-02-22 37312]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 00:01 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:00]
.
2016-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2016-11-08 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-07 12:26]
.
2016-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-17 15:39]
.
2016-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-17 15:39]
.
2016-11-08 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
- c:\windows\system32\xp_eos.exe [2014-03-14 23:28]
.
2016-11-08 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\windows\system32\xp_eos.exe [2014-03-14 23:28]
.
2016-11-08 c:\windows\Tasks\SafeZone scheduled Autoupdate 1478521873.job
- c:\program files\AVAST Software\SZBrowser\launcher.exe [2016-11-07 08:42]
.
2016-11-04 c:\windows\Tasks\SAUVE TINTIN.job
- c:\windows\system32\ntbackup.exe [2006-01-26 02:34]
.
2016-11-08 c:\windows\Tasks\User_Feed_Synchronization-{62866D88-9D43-4723-96A7-A6E0FA94FDFF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = https://www.google.com/
mStart Page = https://www.google.com/
mSearch Bar = https://www.google.com/
mSearchMigratedDefaultURL = https://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uCustomizeSearch = https://www.google.com/
TCP: Interfaces\{12574E71-65E7-4582-BAD2-56232B333D82}: NameServer = 208.67.222.222,208.67.220.200
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.1.110:1100/activex/AMC.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-11-08 17:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\uklognf.dll
c:\windows\system32\mangdrive.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\progra~1\MI6841~1\MSSQL\binn\sqlservr.exe
c:\progra~1\MI6841~1\MSSQL\binn\sqlagent.exe
.
**************************************************************************
.
Heure de fin: 2016-11-08 17:28:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-11-08 16:28
.
Avant-CF: 252 282 638 336 octets libres
Après-CF: 252 733 251 584 octets libres
.
- - End Of File - - 7483FB802285A5BAB72E6E63FC591E66
EC5A5317BF3569B547F8CFD38D17D3CF