cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 16-04-13.01 - nicolehenri 21/04/2016 18:46:18.2.1 - x64 NETWORK
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3002.2333 [GMT 2:00]
Lancé depuis: c:\users\nicolehenri\Desktop\ComboFix.exe
AV: Panda Free Antivirus *Disabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
FW: Panda Firewall *Enabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
SP: Panda Free Antivirus *Disabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\nicolehenri\AppData\Local\assembly\tmp
c:\users\nicolehenri\AppData\Local\assembly\tmp\C84W1UII\__AssemblyInfo__.ini
c:\users\nicolehenri\AppData\Local\assembly\tmp\C84W1UII\WinZipExpressForOffice.resources.DLL
c:\users\nicolehenri\AppData\Local\assembly\tmp\PCIRX3UH\__AssemblyInfo__.ini
c:\users\nicolehenri\AppData\Local\assembly\tmp\PCIRX3UH\AddinExpress.MSO.2005.DLL
c:\users\nicolehenri\AppData\Local\assembly\tmp\VDJRWPSY\__AssemblyInfo__.ini
c:\users\nicolehenri\AppData\Local\assembly\tmp\VDJRWPSY\Microsoft.Office.Interop.Excel.DLL
c:\users\nicolehenri\AppData\Local\assembly\tmp\Y5VB5E8L\__AssemblyInfo__.ini
c:\users\nicolehenri\AppData\Local\assembly\tmp\Y5VB5E8L\office.DLL
c:\users\nicolehenri\ZHPDiag3.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-03-22 au 2016-04-22 ))))))))))))))))))))))))))))))))))))
.
.
2016-04-22 00:47 . 2016-04-22 00:47 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2016-04-22 00:47 . 2016-04-22 00:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-21 17:06 . 2016-04-21 17:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDFD5675-D630-4543-B4A9-0B962C54E9DB}\offreg.1192.dll
2016-04-21 16:24 . 2016-04-21 16:27 -------- d-----w- c:\users\nicolehenri\AppData\Roaming\FileZilla
2016-04-21 16:24 . 2016-04-21 16:24 -------- d-----w- c:\program files\FileZilla FTP Client
2016-04-21 06:39 . 2016-04-21 06:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDFD5675-D630-4543-B4A9-0B962C54E9DB}\offreg.4836.dll
2016-04-21 05:50 . 2015-05-22 08:45 61712 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2016-04-19 16:09 . 2016-04-19 17:01 -------- d-----w- C:\FRST
2016-04-19 10:02 . 2016-03-17 22:58 243712 ----a-w- c:\windows\system32\wow64.dll
2016-04-19 07:37 . 2016-03-16 18:50 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-04-19 07:37 . 2016-03-16 18:28 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-04-19 07:37 . 2016-03-16 18:28 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-04-19 07:37 . 2016-03-16 18:27 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-04-19 07:28 . 2016-04-19 07:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDFD5675-D630-4543-B4A9-0B962C54E9DB}\offreg.5024.dll
2016-04-18 15:44 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDFD5675-D630-4543-B4A9-0B962C54E9DB}\mpengine.dll
2016-04-18 14:41 . 2016-03-16 00:16 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-04-18 14:41 . 2016-03-16 00:16 106496 ----a-w- c:\windows\system32\samlib.dll
2016-04-18 14:41 . 2016-03-15 23:53 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-04-18 03:50 . 2016-03-29 17:53 3216896 ----a-w- c:\windows\system32\win32k.sys
2016-04-18 03:27 . 2016-03-06 18:53 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-04-18 03:27 . 2016-03-06 18:38 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-04-18 03:27 . 2016-03-06 18:38 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
2016-04-18 03:27 . 2016-03-06 18:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-04-17 22:59 . 2016-02-02 18:57 511488 ----a-w- c:\windows\system32\rpcss.dll
2016-04-17 20:59 . 2016-01-21 00:51 73664 ----a-w- c:\windows\system32\drivers\disk.sys
2016-04-14 20:32 . 2016-03-11 18:57 2048 ----a-w- c:\windows\system32\tzres.dll
2016-04-14 20:32 . 2016-03-11 18:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-21 16:10 . 2015-12-17 18:16 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-19 08:43 . 2014-01-22 11:13 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-08 15:49 . 2014-01-24 18:21 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 15:49 . 2014-01-24 18:21 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-06 08:18 . 2014-01-19 19:21 453280 ------w- c:\windows\system32\MpSigStub.exe
2016-04-04 08:35 . 2016-03-06 10:58 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2016-04-04 08:35 . 2016-03-06 10:58 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2016-04-04 08:35 . 2016-03-06 10:58 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2016-03-23 14:51 . 2016-02-26 11:25 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2016-03-23 14:51 . 2016-02-26 11:25 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2016-03-23 14:51 . 2016-02-26 11:25 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2016-03-17 22:24 . 2016-04-19 10:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-10 12:09 . 2015-12-17 18:15 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-10 12:08 . 2015-12-17 18:15 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-10 12:08 . 2015-12-17 18:15 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-04 12:22 . 2016-03-04 12:22 20160 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2016-02-23 21:50 . 2016-02-23 21:50 144656 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2016-02-19 19:02 . 2016-03-09 08:32 38336 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-02-19 18:54 . 2016-03-09 08:32 1168896 ----a-w- c:\windows\system32\aeinv.dll
2016-02-19 14:07 . 2016-03-09 08:32 1373184 ----a-w- c:\windows\system32\appraiser.dll
2016-02-17 15:39 . 2016-02-17 15:39 177424 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2016-02-17 15:39 . 2016-02-17 15:39 264976 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2016-02-16 22:27 . 2016-02-16 22:27 114960 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2016-02-16 22:26 . 2016-02-16 22:26 131344 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2016-02-16 22:26 . 2016-02-16 22:26 127248 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2016-02-16 22:26 . 2016-02-16 22:26 171792 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2016-02-16 22:25 . 2016-02-16 22:25 205072 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2016-02-12 18:52 . 2016-03-09 11:17 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 11:17 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 11:17 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 11:17 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 11:17 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 11:17 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 11:17 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 11:17 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 11:17 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 11:17 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 11:17 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 11:17 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 11:17 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 11:17 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 11:17 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 11:17 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-11 14:07 . 2016-03-09 08:32 689152 ----a-w- c:\windows\system32\generaltel.dll
2016-02-09 09:57 . 2016-03-09 08:33 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 08:33 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 08:33 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 08:33 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 08:33 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 08:33 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 08:33 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 08:33 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 08:33 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 08:33 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-09 06:53 . 2016-03-09 11:17 387792 ----a-w- c:\windows\system32\iedkcs32.dll
2016-02-08 20:51 . 2016-03-09 11:17 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-02-08 20:39 . 2016-03-09 11:17 496640 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-02-08 20:39 . 2016-03-09 11:17 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-02-08 20:38 . 2016-03-09 11:17 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-02-08 20:38 . 2016-03-09 11:16 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-02-08 20:37 . 2016-03-09 11:16 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-02-08 20:28 . 2016-03-09 11:16 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-02-08 20:28 . 2016-03-09 11:17 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-02-08 20:16 . 2016-03-09 11:17 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-02-08 20:10 . 2016-03-09 11:16 4611072 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-02-08 20:05 . 2016-03-09 08:35 25816576 ----a-w- c:\windows\system32\mshtml.dll
2016-02-08 20:01 . 2016-03-09 11:17 2050560 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-02-08 20:01 . 2016-03-09 11:16 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-02-08 19:43 . 2016-03-09 11:16 2121216 ----a-w- c:\windows\SysWow64\wininet.dll
2016-02-08 18:41 . 2016-03-09 11:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-02-08 18:41 . 2016-03-09 11:17 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-02-08 18:27 . 2016-03-09 11:16 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-02-08 18:27 . 2016-03-09 11:17 2887680 ----a-w- c:\windows\system32\iertutil.dll
2016-02-08 18:26 . 2016-03-09 11:17 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-02-08 18:26 . 2016-03-09 11:16 417792 ----a-w- c:\windows\system32\html.iec
2016-02-08 18:26 . 2016-03-09 11:16 571904 ----a-w- c:\windows\system32\vbscript.dll
2016-02-08 18:26 . 2016-03-09 11:16 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-02-08 18:19 . 2016-03-09 11:16 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-02-08 18:18 . 2016-03-09 11:17 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-02-08 18:16 . 2016-03-09 11:16 6052352 ----a-w- c:\windows\system32\jscript9.dll
2016-02-08 18:15 . 2016-03-09 11:16 615936 ----a-w- c:\windows\system32\ieui.dll
2016-02-08 18:14 . 2016-03-09 11:17 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-02-08 18:14 . 2016-03-09 11:16 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-02-08 18:13 . 2016-03-09 11:16 817664 ----a-w- c:\windows\system32\jscript.dll
2016-02-08 18:13 . 2016-03-09 11:16 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-02-08 18:06 . 2016-03-09 11:16 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-02-08 18:03 . 2016-03-09 11:16 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-02-08 17:55 . 2016-03-09 11:17 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-08 17:54 . 2016-03-09 11:17 107520 ----a-w- c:\windows\system32\inseng.dll
2016-02-08 17:52 . 2016-03-09 08:35 199680 ----a-w- c:\windows\system32\msrating.dll
2016-02-08 17:51 . 2016-03-09 11:16 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-02-08 17:49 . 2016-03-09 11:16 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-02-08 17:47 . 2016-03-09 11:17 152064 ----a-w- c:\windows\system32\occache.dll
2016-02-08 17:37 . 2016-03-09 11:16 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-02-08 17:35 . 2016-03-09 11:17 718336 ----a-w- c:\windows\system32\ie4uinit.exe
2016-02-08 17:34 . 2016-03-09 11:16 798720 ----a-w- c:\windows\system32\msfeeds.dll
2016-02-08 17:33 . 2016-03-09 11:16 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-02-08 17:33 . 2016-03-09 11:16 14613504 ----a-w- c:\windows\system32\ieframe.dll
2016-02-08 17:33 . 2016-03-09 11:16 2123264 ----a-w- c:\windows\system32\inetcpl.cpl
2016-02-08 17:19 . 2016-03-09 11:16 2597376 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-03-15 07:44 1741104 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-03-15 07:44 1741104 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-03-15 07:44 1741104 ----a-w- c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2016-02-18 43984]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-03-11 8686296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2016-02-14 107616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
R1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
R1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
R1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
R1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
R1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
R1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
R1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
R1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
R1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
R1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
R1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
R1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
R1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]
R2 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
R2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe;c:\program files\OO Software\Defrag\oodag.exe [x]
R2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
R2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
R2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
R2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
R2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
R2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
R2 Unchecky;Unchecky;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe [x]
R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe;c:\program files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2016-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-24 15:49]
.
.
--------- X64 Entries -----------
.
.
------- Examen supplémentaire -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: &Envoyer à OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\nicolehenri\AppData\Roaming\Mozilla\Firefox\Profiles\bv4cduib.default-1448098194621\
FF - prefs.js: browser.search.selectedEngine - Bing®
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-OODefragTray - c:\program files\OO Software\Defrag\oodtray.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-OODefragTray - c:\program files\OO Software\Defrag\oodtray.exe
AddRemove-SafeZone 1.48.2066.44 - c:\program files\AVAST Software\SZBrowser\Launcher.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG19.00.00.01PROFESSIONAL"="3BF5BD6501F29A0E8F6D98D66384BDB1E2931ABEEC071CF1B25E487078F9A9CB27FD7921C962C1BFE5810154C7B88ACB2F7BB6DCFC5397F147BDC0E8F0E9E24F352638A3C3AB173F4D759761AD5EA794903B7DDD3B943962D552B80CE4EA58CBC8E82E7674DE8371349A85A6B62F046323202BAC834F95A9C600A2A7106AE15B37622065127342C1FEE90413394B5F92F7189079EA6D93B5774E024AE23B2C19CAD6E9840CC5E59B827C63D93C354F00123912B537B9ED73B96CF1490010B527C12BF825029052F30B12076F81D43F8FE9B9269AE2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CC038D530D6EB3452BA7FD869164D6794A9C6AECB7A5D14075D575E7D6A3B98081F2810FC7494A6BFDA989D60C83B5AF6638132986603BA4175D2953198C0C2D094371A96D938E6F92B365DEFC9615479BF9507491D783F05B294A6162FDBBE3418F49379983C42B4915167DFDDA207CBC8C981F4A23AAC2CEAF82157FCF4521AC03B09A6487C45644FC937E395EB3F2087262C99A16C32460E4BBF5D63082D1009BA06952266C3B285D6CB1CA4C4915EE88497A666484696F1AB4207E8A3C4554FFA1D3206FED27CBD80A623E2425520BB14D682E21B1F96508EEEA537E652DE5552E25AF7DC4C54E0264F83CC1224B336578184AA47396F45BA0E009C8BD2D4416FF0E19C2C4F7FC0774FBD81755E1CEFA5B4FAF741D403D34CEB500BDA08159E516710C02B3DF60FFCB6C646BEA61064280EA6A692F6E26033594317B1F62F5BCDE51F522E3CE8648E180601D865F8755FB2BC37576657B533AAFC7B83E7E74A8C913EE39AB636BB5A8856BF3DC377671EC8665042305BFE64399117D6E7B6A00C1511ADEC5B7574E2230A30FDB2DBE10A7DBF3918A39FCE31E08BEAC549C9F89B9EAD89B41C6FD1FC0963283E65AD711FFEDADFB2D5869BDA036A1CFE2181D3E05E9F76952E217BD3D89A9EB751A686AB823C54FE1EA7BC74841EF543C7F090548AE518C58CBC7CE23DDCAEB4B1B67551BE5C4C7E99CF7166CC8DE5E95BE1F7435EF33490F4A8447DDDC81A970700F6886F292045A87D596CC893FC5DBC51B3CD94AFB6556AFCA6496AF2C35394D8271B55834C7DEDE3FB946BFC729B106DD06871F5AD08B108DA4095E3B3F060CA07A83240F264D1EB41C4258B9F37BE1DC35C3993CC30D54AFB309516958C3695F9234F29D7CB01AEF6B3F2F582D5F6F762C6B54EEAE7A5FB8A39277BB955A52C4A51F6796597ECFE4EEDCE67BC32A94B6618B45A02DE3203E75485F793900134A14EF9E3A6C2485D5CD2B9FB159B0B966E158864B159D07FDD48F6623B96DE0813882B8D4D590A031B953947F371958E7DD5858ABD2D9DC19534BE076CD31CB511C3E28D2FFC715B693FD5"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2016-04-22 02:54:01
ComboFix-quarantined-files.txt 2016-04-22 00:54
.
Avant-CF: 40 158 048 256 octets libres
Après-CF: 39 957 114 880 octets libres
.
- - End Of File - - 60AF43A8C0108FE8E9E2F35797ED6F24

Publicité


Signaler le contenu de ce document

Publicité