ComboFix 14-08-12.01 - Audrey 13/08/2014 10:49:59.1.2 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4025.2403 [GMT 2:00] Lancé depuis: c:\users\Audrey\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\packardbell.ico c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fediheciachmpdophdiejahcjjjgkbif c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fediheciachmpdophdiejahcjjjgkbif\8.1\background.html c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fediheciachmpdophdiejahcjjjgkbif\8.1\content.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fediheciachmpdophdiejahcjjjgkbif\8.1\lsdb.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fediheciachmpdophdiejahcjjjgkbif\8.1\manifest.json c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fediheciachmpdophdiejahcjjjgkbif\8.1\Qqmk8n_1.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgeaegabficmaccmdbfffoennakbiha c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgeaegabficmaccmdbfffoennakbiha\2.5\background.html c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgeaegabficmaccmdbfffoennakbiha\2.5\content.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgeaegabficmaccmdbfffoennakbiha\2.5\lsdb.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgeaegabficmaccmdbfffoennakbiha\2.5\manifest.json c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljgeaegabficmaccmdbfffoennakbiha\2.5\uQHqI.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnofjfijelilpjdibjjmldcpdenmbfh c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnofjfijelilpjdibjjmldcpdenmbfh\164\background.html c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnofjfijelilpjdibjjmldcpdenmbfh\164\content.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnofjfijelilpjdibjjmldcpdenmbfh\164\LgsTew.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnofjfijelilpjdibjjmldcpdenmbfh\164\lsdb.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\llnofjfijelilpjdibjjmldcpdenmbfh\164\manifest.json c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinnimcikdbhhfcgdmcdcbingagfgelm c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinnimcikdbhhfcgdmcdcbingagfgelm\1.0\background.html c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinnimcikdbhhfcgdmcdcbingagfgelm\1.0\content.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinnimcikdbhhfcgdmcdcbingagfgelm\1.0\dmYPG1a.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinnimcikdbhhfcgdmcdcbingagfgelm\1.0\lsdb.js c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinnimcikdbhhfcgdmcdcbingagfgelm\1.0\manifest.json c:\users\Audrey\AppData\Local\Google\Chrome\User Data\Default\preferences c:\users\Audrey\AppData\Local\Temp\jna5194815183433189530.dll c:\users\Audrey\AppData\Roaming\.# . . ((((((((((((((((((((((((((((( Fichiers créés du 2014-07-13 au 2014-08-13 )))))))))))))))))))))))))))))))))))) . . 2014-08-13 08:57 . 2014-08-13 08:57 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{235BF597-D558-41A8-BB9E-B7E45214381B}\offreg.dll 2014-08-11 19:43 . 2014-08-12 14:59 -------- d-----w- C:\FRST 2014-08-10 08:10 . 2014-08-12 14:17 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-10 08:09 . 2014-08-10 08:09 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-08-10 08:09 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-10 08:09 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-10 08:09 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-10 07:46 . 2014-08-10 07:46 -------- d-----w- c:\windows\ERUNT 2014-08-10 07:10 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-08-10 07:08 . 2014-08-12 14:10 -------- d-----w- C:\AdwCleaner 2014-08-07 21:36 . 2014-08-11 07:38 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2014-08-07 21:30 . 2014-08-11 07:37 -------- d-----w- c:\users\Audrey\AppData\Roaming\ZHP 2014-08-07 21:30 . 2014-08-07 21:30 -------- d-----w- c:\program files (x86)\ZHPDiag 2014-07-24 19:02 . 2014-07-24 19:02 -------- d-----w- c:\users\Audrey\AppData\Local\ArchiveSoftwareWinsock . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-22 13:01 . 2013-11-20 18:00 829264 ----a-w- c:\windows\system32\msvcr100.dll 2014-07-22 13:01 . 2013-11-20 18:00 608080 ----a-w- c:\windows\system32\msvcp100.dll 2014-06-07 13:39 . 2012-06-19 16:54 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-06-07 13:39 . 2011-05-13 09:28 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912] "Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2008-12-10 630784] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "CANAL+ CANALSAT A LA DEMANDE"="c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2014-08-13 163536] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "CanalPlayer"="c:\program files (x86)\Lecteur CANALPLAY\CanalPlayer.exe" [2012-03-06 2259344] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720] . c:\users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe -startup [2010-9-30 503808] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Remote Mouse Server.lnk - c:\program files (x86)\Remote Mouse Server\RemoteMouse.exe hide [2011-9-3 7647203] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RgFltX64;RgFltX64;c:\users\Audrey\AppData\Local\ArchiveSoftwareWinsock\RgFltX64.sys;c:\users\Audrey\AppData\Local\ArchiveSoftwareWinsock\RgFltX64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x] R3 Service CANALPLAY;Service CANALPLAY;c:\program files (x86)\Lecteur CANALPLAY\CanalPlayService.exe;c:\program files (x86)\Lecteur CANALPLAY\CanalPlayService.exe [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x] S2 ArchiveSoftwareWinsock.exe;ArchiveSoftwareWinsock.exe;c:\users\Audrey\AppData\Local\ArchiveSoftwareWinsock\ArchiveSoftwareWinsock.exe;c:\users\Audrey\AppData\Local\ArchiveSoftwareWinsock\ArchiveSoftwareWinsock.exe [x] S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe;c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x] S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x] S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x] S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x] S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-05-23 18:09 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe . Contenu du dossier 'Tâches planifiées' . 2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce16eddf1d961.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 09:08] . 2014-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf6e0dc87a746d.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 09:08] . 2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-05 09:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936] "Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-08-05 828960] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912] . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com uInternet Settings,ProxyOverride = ;*origin.com;*ea.com;*akamaihd.net uInternet Settings,ProxyServer = http=127.0.0.1:38874 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - Trusted Zone: canalplay.com TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - c:\users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\Audrey\ . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-!{A29B2641-9931-448A-8DE7-B2D63BDC1812} - (no file) Toolbar-!{CDB982ED-F9D6-4E3B-B94B-96F705D35AD1} - (no file) Toolbar-!{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - (no file) Wow6432Node-HKLM-Run- - (no file) c:\users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\genesis.lnk - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-!{A29B2641-9931-448A-8DE7-B2D63BDC1812} - (no file) AddRemove-eDealsPop_is1 - c:\program files (x86)\eDealsPop\unins000.exe AddRemove-Grasvue - c:\windows\system32\SpoonUninstall.exe AddRemove-WatermarkSoftware - c:\users\Audrey\Documents\Watermark\WatermarkSoftware\unin00000.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\canalplay.com] @DACL=(02 0000) "*"=dword:00000002 . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\canalplusactive.com] @DACL=(02 0000) "*"=dword:00000002 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\users\Audrey\AppData\Local\ArchiveSoftwareWinsock\FinderMacroSnapshot.exe . ************************************************************************** . Heure de fin: 2014-08-13 11:04:00 - La machine a redémarré ComboFix-quarantined-files.txt 2014-08-13 09:04 . Avant-CF: 506 493 763 584 octets libres Après-CF: 506 189 729 792 octets libres . - - End Of File - - 729BD2A85902A8FD0AB5A1AAE5042AEC 5C616939100B85E558DA92B899A0FC36