ComboFix 17-05-24.14 - mohamed 28/06/2017  22:16:01.2.2 - x86
Microsoft WindowsÂ 7 Ãdition Familiale Basique   6.1.7601.1.1252.33.1036.18.3053.1201 [GMT 2:00]
LancÃ© depuis: c:\users\mohamed\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((   Fichiers crÃ©Ã©s du 2017-05-28 au 2017-06-28  ))))))))))))))))))))))))))))))))))))
.
.
2017-06-28 20:27 . 2017-06-28 20:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2017-06-28 09:53 . 2017-06-28 09:53	--------	d-----r-	C:\MSOCache
2017-06-28 06:34 . 2017-06-28 06:34	--------	d-----w-	c:\programdata\SWCUTemp
2017-06-20 09:36 . 2017-06-28 12:30	--------	d-----w-	c:\programdata\boost_interprocess
2017-06-19 20:02 . 2017-06-19 20:02	--------	d-----w-	c:\program files\Supercopier
2017-06-19 09:58 . 2017-06-28 11:09	--------	d-----w-	c:\programdata\Apple Computer
2017-06-19 09:57 . 2017-06-19 09:58	--------	d-----w-	c:\program files\MpcStar
2017-06-18 16:01 . 2017-06-28 09:57	--------	d-----w-	c:\program files\Microsoft Works
2017-06-18 16:01 . 2017-06-18 16:01	--------	d-----w-	c:\windows\PCHEALTH
2017-06-18 15:59 . 2017-06-18 15:59	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2017-06-18 15:59 . 2017-06-18 16:01	--------	d-----w-	c:\windows\SHELLNEW
2017-06-18 15:59 . 2017-06-28 09:59	--------	d-----w-	c:\programdata\Microsoft Help
2017-06-18 09:46 . 2017-06-18 09:45	391048	----a-w-	c:\windows\system32\drivers\aswNetSec.sys
2017-06-18 09:45 . 2017-06-17 22:32	330768	----a-w-	c:\windows\system32\aswBoot.exe
2017-06-18 09:45 . 2017-06-18 09:45	27896	----a-w-	c:\windows\system32\drivers\aswNetNd6.sys
2017-06-18 07:25 . 2017-06-18 07:25	31064	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2017-06-18 03:12 . 2017-06-17 17:19	--------	d-----w-	c:\windows\Panther
2017-06-18 03:12 . 2017-06-18 03:12	--------	d-----w-	C:\Boot
2017-06-17 22:27 . 2017-06-18 07:25	--------	d-----w-	c:\program files\AVAST Software
2017-06-17 22:26 . 2017-06-18 09:22	--------	d-----w-	c:\programdata\AVAST Software
2017-06-17 19:58 . 2017-06-17 19:58	--------	d-----w-	c:\program files\PlayReady
2017-06-17 19:57 . 2017-06-17 19:57	--------	d-----w-	c:\program files\Microsoft Silverlight
2017-06-17 19:56 . 2017-06-17 19:56	--------	d-----w-	c:\programdata\Package Cache
2017-06-17 19:14 . 2017-06-17 19:14	--------	d-----w-	c:\programdata\IDM
2017-06-17 19:14 . 2017-06-18 07:22	--------	d-----w-	c:\program files\Internet Download Manager
2017-06-17 19:12 . 2017-06-18 16:01	--------	d-----w-	c:\program files\Microsoft.NET
2017-06-17 19:12 . 2017-06-17 19:12	--------	d-----w-	c:\windows\Migration
2017-06-17 19:11 . 2017-04-27 22:50	3550208	----a-w-	c:\windows\system32\D3DCompiler_47.dll
2017-06-17 19:05 . 2017-06-17 19:05	--------	d-----w-	c:\program files\Common Files\Java
2017-06-17 19:05 . 2017-06-17 19:05	95808	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2017-06-17 19:05 . 2017-06-17 19:05	--------	d-----w-	c:\program files\Java
2017-06-17 19:05 . 2017-06-17 19:05	--------	d-----w-	c:\programdata\Oracle
2017-06-17 18:58 . 2017-06-17 18:59	--------	d-----w-	c:\program files\Google
2017-06-17 18:58 . 2017-06-28 11:08	--------	d-----w-	c:\program files\Opera
2017-06-17 18:57 . 2017-06-18 13:29	803328	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2017-06-17 18:57 . 2017-06-18 13:29	144896	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2017-06-17 18:57 . 2017-06-18 13:29	--------	d-----w-	c:\windows\system32\Macromed
2017-06-17 18:57 . 2017-06-17 18:57	--------	d-----w-	c:\program files\DAUM
2017-06-17 18:56 . 2017-06-28 11:09	--------	d-sh--w-	c:\windows\Installer
2017-06-17 18:52 . 2017-06-17 18:51	10555024	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BEDBF91-70E0-4377-9910-A33108013E45}\mpengine.dll
2017-06-17 17:27 . 2017-06-17 17:27	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2017-06-08 16:59 . 2017-06-08 16:15	148104	----a-w-	c:\windows\system32\drivers\idmwfp.sys
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-04 11:18 . 2017-05-04 11:18	52680	----a-w-	c:\windows\system32\drivers\EpfwLWF.sys
2017-04-21 12:53 . 2017-04-21 12:53	29376	----a-w-	c:\windows\system32\aspnet_counters.dll
2017-04-21 12:53 . 2017-04-21 12:53	18600	----a-w-	c:\windows\system32\msvcr110_clr0400.dll
2017-04-21 12:53 . 2017-04-21 12:53	18600	----a-w-	c:\windows\system32\msvcr100_clr0400.dll
2017-04-21 12:53 . 2017-04-21 12:53	18600	----a-w-	c:\windows\system32\msvcp110_clr0400.dll
2017-04-20 18:09 . 2017-04-20 18:09	987840	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2017-04-20 18:09 . 2017-04-20 18:09	485576	----a-w-	c:\windows\system32\msvcp120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les Ã©lÃ©ments vides & les Ã©lÃ©ments initiaux lÃ©gitimes ne sont pas listÃ©s 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52	23520	----a-w-	c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-06-17 22:32	1192144	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysinfY2X"="start wscript" [X]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2017-06-08 4015216]
"uTorrent"="c:\users\mohamed\AppData\Roaming\uTorrent\uTorrent.exe" [2017-06-18 1984448]
"ultracopier"="c:\program files\Supercopier\supercopier.exe" [2016-01-01 1160192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-06-17 213824]
.
c:\users\mohamed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyCashBar.appref-ms [2017-6-18 306]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-06-17 115152]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [2017-06-17 5732136]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-06-17 34136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidshx.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswblogx.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbunivx.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-06-17 258288]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2017-06-18 31064]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys [2017-06-18 391048]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-06-17 764576]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-06-17 482608]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-06-17 107928]
S2 avast! Firewall;Avast Firewall Service;c:\program files\AVAST Software\Avast\afwServ.exe [2017-06-18 310496]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2017-06-08 148104]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys [2017-06-18 27896]
.
.
--- Autres Services/Pilotes en mÃ©moire ---
.
*NewlyCreated* - 28972376
*Deregistered* - 28972376
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-06-17 18:59	1394008	----a-w-	c:\program files\Google\Chrome\Application\59.0.3071.104\Installer\chrmstp.exe
.
.
------- Examen supplÃ©mentaire -------
.
uInternet Settings,ProxyServer = 91.121.162.173:80
IE: TÃ©lÃ©charger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: TÃ©lÃ©charger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\mohamed\AppData\Roaming\Mozilla\Firefox\Profiles\10rbrwz2.default\
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3225286026-1542302421-2383450491-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):1f,9a,51,66,48,f8,af,ee,85,e8,75,1c,b5,9b,53,51,64,d5,73,62,14,
   dc,be,29,2a,52,08,2d,c5,ee,5c,8c,63,e9,50,07,da,17,5b,63,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3225286026-1542302421-2383450491-1000_Classes\CLSID\{74b7af2b-9c9e-489c-929c-fc622bcfe11e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b2
"Therad"=dword:0000000c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-06-28  22:36:32
ComboFix-quarantined-files.txt  2017-06-28 20:36
.
Avant-CF: 53Â 962Â 342Â 400 octets libres
AprÃ¨s-CF: 53Â 963Â 264Â 000 octets libres
.
- - End Of File - - 324E93BB7A05BE63501D041E3CE02C2C
A36C5E4F47E84449FF07ED3517B43A31