Lecture rapport combifix

Résolu/Fermé
sylvain - 20 févr. 2016 à 13:03
 sylvain - 20 févr. 2016 à 16:36
Bonjour,



Quelqu'un peut il me faire une lecture du rapport de combofix, avec mes remerciement.
ComboFix 16-02-19.01 - sylvain 20/02/2016 12:33:33.1.8 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.16256.14445 [GMT 1:00]
Lancé depuis: c:\users\sylvain\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
FW: AVG Internet Security *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  • Un nouveau point de restauration a été créé

.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-01-20 au 2016-02-20 ))))))))))))))))))))))))))))))))))))
.
.
2016-02-20 11:35 . 2016-02-20 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-19 12:14 . 2016-02-19 12:15 -------- d-----w- c:\program files (x86)\Google
2016-02-19 07:41 . 2016-02-19 07:41 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-02-19 07:41 . 2016-02-19 07:41 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-19 07:41 . 2016-02-19 07:41 -------- d-----w- c:\windows\SysWow64\Macromed
2016-02-19 07:41 . 2016-02-19 07:41 -------- d-----w- c:\windows\system32\Macromed
2016-02-18 12:33 . 2016-02-18 12:33 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2016-02-17 17:27 . 2016-02-18 18:16 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2016-02-17 16:28 . 2016-02-18 18:16 -------- d-----w- c:\program files (x86)\Ask.com
2016-02-17 16:28 . 2016-02-18 18:16 -------- d-----w- c:\program files (x86)\BitTorrent
2016-02-17 16:05 . 2015-07-03 22:02 20120 ----a-w- c:\windows\system32\nitrolocalui10.dll
2016-02-17 16:05 . 2015-07-03 22:02 31896 ----a-w- c:\windows\system32\nitrolocalmon10.dll
2016-02-17 16:05 . 2016-02-17 16:05 -------- d-----w- c:\program files (x86)\Nitro
2016-02-17 16:05 . 2016-02-17 16:05 -------- d-----w- c:\program files (x86)\Common Files\Nitro
2016-02-17 16:05 . 2016-02-17 16:05 -------- d-----w- c:\programdata\Nitro
2016-02-17 16:05 . 2016-02-17 16:05 -------- d-----w- c:\program files\Nitro
2016-02-17 16:05 . 2016-02-17 16:05 -------- d-----w- c:\program files\Common Files\Nitro
2016-02-17 15:49 . 2016-02-17 15:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2016-02-17 15:45 . 2016-02-18 18:16 -------- d-----w- c:\programdata\QFX Software
2016-02-17 15:45 . 2015-08-18 16:25 224720 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2016-02-17 15:45 . 2016-02-17 15:45 -------- d-----w- c:\program files (x86)\KeyScrambler
2016-02-17 15:23 . 2016-02-17 15:23 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2016-02-17 15:23 . 2016-02-17 15:23 -------- d-----w- c:\windows\PCHEALTH
2016-02-17 15:23 . 2016-02-17 15:23 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2016-02-17 15:23 . 2016-02-17 15:23 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2016-02-17 15:21 . 2016-02-17 15:21 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2016-02-17 15:20 . 2016-02-17 15:20 -------- d-----w- c:\program files\Microsoft Office
2016-02-17 15:20 . 2016-02-17 15:20 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2016-02-17 15:20 . 2016-02-18 18:16 -------- d-----w- c:\programdata\Microsoft Help
2016-02-17 15:20 . 2016-02-17 15:20 -------- d-----r- C:\MSOCache
2016-02-17 15:16 . 2016-02-17 15:16 -------- d-----w- c:\program files (x86)\7-Zip
2016-02-17 11:51 . 2016-02-17 11:51 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2016-02-17 11:48 . 2016-02-17 15:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-02-17 11:45 . 2016-02-17 11:45 -------- d-----w- c:\program files (x86)\MozBackup
2016-02-17 11:40 . 2016-02-17 11:40 -------- d-----w- c:\program files\Common Files\AV
2016-02-17 11:40 . 2016-02-17 11:40 -------- d-----w- C:\$AVG
2016-02-17 11:39 . 2016-02-20 10:29 -------- d-----w- c:\programdata\MFAData
2016-02-17 11:38 . 2016-02-17 11:40 -------- d-----w- c:\programdata\Avg
2016-02-17 11:38 . 2016-02-17 11:40 -------- d-----w- c:\program files (x86)\AVG
2016-02-17 11:38 . 2016-02-17 11:38 -------- d--h--w- c:\programdata\Common Files
2016-02-17 11:29 . 2016-02-17 11:29 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2016-02-17 11:26 . 2016-02-17 11:26 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Intel
2016-02-17 11:24 . 2013-04-26 02:24 20464 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2016-02-17 11:23 . 2013-04-26 02:24 786416 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2016-02-17 11:23 . 2013-04-26 02:24 368112 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2016-02-17 11:22 . 2013-08-08 18:04 553784 ----a-r- c:\windows\system32\PROUnstl.exe
2016-02-17 11:22 . 2013-08-29 09:49 494864 ----a-w- c:\windows\system32\drivers\e1d62x64.sys
2016-02-17 11:22 . 2013-07-24 19:36 73480 ----a-w- c:\windows\system32\e1dmsg.dll
2016-02-17 11:22 . 2009-05-26 02:05 36472 ----a-w- c:\windows\system32\NicCo36.dll
2016-02-17 11:22 . 2013-07-10 23:36 89888 ----a-w- c:\windows\system32\NicInstD.dll
2016-02-17 11:19 . 2013-09-16 11:17 16344 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2016-02-17 11:19 . 2016-02-17 11:26 -------- d-----w- c:\programdata\Intel
2016-02-17 11:19 . 2016-02-17 11:19 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2016-02-17 11:19 . 2013-09-16 11:17 99288 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2016-02-17 11:19 . 2013-09-16 11:17 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2016-02-17 11:11 . 2014-01-22 06:57 450520 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2016-02-17 11:06 . 2016-02-17 11:23 -------- d-----w- c:\program files (x86)\Intel
2016-02-17 11:06 . 2013-08-05 03:50 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2016-02-17 11:06 . 2016-02-17 11:11 -------- d-----w- C:\Intel
2016-02-17 11:03 . 2016-02-17 15:23 -------- d-----w- c:\program files (x86)\Microsoft.NET
2016-02-17 11:03 . 2016-02-19 12:19 -------- d-sh--w- c:\windows\Installer
2016-02-17 11:02 . 2016-02-17 11:03 -------- d-----w- c:\windows\Chipset
2016-02-17 11:02 . 2016-02-17 11:02 16896 ----a-w- c:\windows\AsTaskSched.dll
2016-02-17 10:35 . 2016-02-17 10:40 -------- d-----w- c:\windows\Panther
2016-02-17 10:35 . 2016-02-18 13:42 -------- d-----w- C:\Boot
2016-01-22 14:15 . 2016-01-22 14:15 260528 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-08 09:46 . 2016-01-08 09:46 272304 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2016-01-08 09:46 . 2016-01-08 09:46 23472 ----a-w- c:\windows\system32\drivers\avguniva.sys
2016-01-05 15:02 . 2016-01-05 15:02 315312 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-12-04 13:27 . 2015-12-04 13:27 42416 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
  • Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirnx.exe" [2016-01-12 179624]
"AVG_UI"="c:\program files (x86)\AVG\Av\avuirunnerx.exe" [2016-02-01 25512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2015-10-12 509216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\Av\avgfws.exe;c:\program files (x86)\AVG\Av\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\Av\avgidsagent.exe;c:\program files (x86)\AVG\Av\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AvgAMPS;AvgAMPS;c:\program files (x86)\AVG\Av\avgamps.exe;c:\program files (x86)\AVG\Av\avgamps.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 workfolderssvc;Dossiers de travail;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 Avguniva;AVG Universal Driver;c:\windows\system32\DRIVERS\avguniva.sys;c:\windows\SYSNATIVE\DRIVERS\avguniva.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\Av\avgwdsvcx.exe;c:\program files (x86)\AVG\Av\avgwdsvcx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroDriverReadSpool10;NitroPDFDriverCreatorReadSpool10;c:\program files\Nitro\Pro 10\NitroPDFDriverService10x64.exe;c:\program files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [x]
S2 NitroUpdateService;NitroUpdateService;c:\program files\Nitro\Pro 10\Nitro_UpdateService.exe;c:\program files\Nitro\Pro 10\Nitro_UpdateService.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2016-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-02-19 12:14]
.
2016-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-02-19 12:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-02-18 7541464]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 771568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 770544]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer à OneNote - c:\program files (x86)\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\program files (x86)\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\sylvain\AppData\Roaming\Mozilla\Firefox\Profiles\cjcvvg0v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sfr.fr/sfr-et-moi.html
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2016-02-20 12:36:19
ComboFix-quarantined-files.txt 2016-02-20 11:36
.
Avant-CF: 431 262 470 144 octets libres
Après-CF: 431 254 446 080 octets libres
.
- - End Of File - - 49348242441D670DD8A2810ACC0EE541
A36C5E4F47E84449FF07ED3517B43A31
A voir également:

1 réponse

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
20 févr. 2016 à 13:05
Salut,

Rapport correct.
0
Merci pour cette réponse rapide.
0