Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 15-11-17.01 - candido 19/11/2015 19:24:12.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.409?5.2580 [GMT 1:00]
Lancé depuis: c:\users\candido\Desktop\combo?fixe.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50?FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-91977?42422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132?C1ACF46}
.
.
((((((((((((((((((((((((((((((?(((((( Autres suppressions ))))))))))))))))))))))))))))))?))))))))))))))))))
.
.
c:\users\candido\AppData\Local?\Temp\avgnt.exe\Avira.OE.ExtAp?i.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-10-19 au 2015-11-19 ))))))))))))))))))))))))))))))?))))))
.
.
2015-11-19 18:36 . 2015-11-19 18:36 -------- d-----w- c:\users\UpdatusUser\AppData\L?ocal\temp
2015-11-12 17:35 . 2015-11-12 18:46 -------- d-----w- C:\Pre_Scan
2015-11-12 05:38 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys?
2015-11-11 22:22 . 2015-11-12 16:11 -------- d-----w- c:\users\candido\Doctor Web
2015-11-11 11:00 . 2015-10-29 17:50 6656 ----a-w- c:\windows\system32\shimeng.dl?l
2015-11-11 10:44 . 2015-10-20 18:42 98816 ----a-w- c:\windows\system32\wudriver.d?ll
2015-11-11 10:36 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\nd?is.sys
2015-11-10 19:30 . 2015-11-11 09:50 -------- d-----w- C:\AdsFix
2015-11-10 09:48 . 2015-11-10 12:16 -------- d-----w- C:\FRST
2015-11-10 08:25 . 2015-11-10 08:25 -------- d-----w- c:\program files (x86)\ESET
2015-11-10 08:10 . 2015-11-10 08:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-11-10 08:06 . 2015-11-10 08:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-11-10 08:00 . 2015-11-10 08:00 -------- d-----w- c:\users\candido\AppData\Roami?ng\QuickScan
2015-11-04 19:33 . 2015-09-14 12:03 39672 ----a-w- c:\windows\system32\drivers\Da?sPtct.SYS
2015-10-28 17:29 . 2015-10-28 17:29 -------- d-----w- c:\program files\Bonjour
2015-10-28 17:29 . 2015-10-28 17:29 -------- d-----w- c:\program files (x86)\Bonjour
2015-10-28 17:27 . 2015-10-28 17:27 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-10-25 13:26 . 2015-10-25 13:42 -------- d-----w- c:\users\candido\AppData\Local?\AviraSpeedup
2015-10-24 18:54 . 2015-11-05 03:16 -------- d-----w- c:\users\Public\Speedup Sessions
.
.
.
((((((((((((((((((((((((((((((?(((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))?))))))))))))))))))
.
2015-11-12 02:13 . 2010-01-13 22:20 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-11-11 10:12 . 2013-05-16 13:49 780488 ----a-w- c:\windows\SysWow64\FlashPlaye?rApp.exe
2015-11-11 10:12 . 2011-10-05 21:18 142536 ----a-w- c:\windows\SysWow64\FlashPlaye?rCPLApp.cpl
2015-10-29 17:50 . 2015-11-11 11:00 350208 ----a-w- c:\windows\apppatch\AppPatch64?\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 11:00 309248 ----a-w- c:\windows\apppatch\AppPatch64?\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 11:00 135168 ----a-w- c:\windows\apppatch\AppPatch64?\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 11:00 103424 ----a-w- c:\windows\apppatch\AppPatch64?\acspecfc.dll
2015-10-29 17:49 . 2015-11-11 11:00 562176 ----a-w- c:\windows\apppatch\AcLayers.d?ll
2015-10-29 17:49 . 2015-11-11 11:00 470528 ----a-w- c:\windows\apppatch\AcSpecfc.d?ll
2015-10-29 17:49 . 2015-11-11 11:00 2178560 ----a-w- c:\windows\apppatch\AcGenral.d?ll
2015-10-29 17:49 . 2015-11-11 11:00 211968 ----a-w- c:\windows\apppatch\AcXtrnal.d?ll
2015-10-29 17:39 . 2015-11-11 11:00 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-27 09:42 . 2013-08-01 18:40 74952 ----a-w- c:\windows\system32\drivers\av?netflt.sys
2015-10-27 09:42 . 2013-08-01 18:40 163544 ----a-w- c:\windows\system32\drivers\av?gntflt.sys
2015-10-20 00:45 . 2015-11-11 11:01 44032 ----a-w- c:\windows\apppatch\acwow64.dl?l
2015-10-13 09:47 . 2015-11-18 02:49 11140960 ----a-w- c:\programdata\Microsoft\Windo?ws Defender\Definition Updates\{E371C090-4423-44C0-B9?ED-D28B84D30190}\mpengine.dll
2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_c?lr0400.dll
2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_c?lr0400.dll
2015-10-01 18:06 . 2015-10-14 08:13 692672 ----a-w- c:\windows\system32\winload.ef?i
2015-10-01 18:04 . 2015-10-14 08:13 616360 ----a-w- c:\windows\system32\winresume.?efi
2015-10-01 18:00 . 2015-10-14 08:13 63488 ----a-w- c:\windows\system32\setbcdloca?le.dll
2015-10-01 18:00 . 2015-10-14 08:13 59392 ----a-w- c:\windows\system32\appidapi.d?ll
2015-10-01 18:00 . 2015-10-14 08:13 32768 ----a-w- c:\windows\system32\appidsvc.d?ll
2015-10-01 18:00 . 2015-10-14 08:13 147456 ----a-w- c:\windows\system32\appidpolic?yconverter.exe
2015-10-01 18:00 . 2015-10-14 08:13 17920 ----a-w- c:\windows\system32\appidcerts?torecheck.exe
2015-10-01 17:50 . 2015-10-14 08:13 50688 ----a-w- c:\windows\SysWow64\appidapi.d?ll
2015-10-01 17:00 . 2015-10-14 08:13 61440 ----a-w- c:\windows\system32\drivers\ap?pid.sys
2015-09-18 19:22 . 2015-10-19 16:21 25432 ----a-w- c:\windows\system32\CompatTelR?unner.exe
2015-09-18 19:19 . 2015-10-15 04:01 700416 ----a-w- c:\windows\system32\invagent.d?ll
2015-09-18 19:19 . 2015-10-19 16:21 766464 ----a-w- c:\windows\system32\generaltel?.dll
2015-09-18 19:19 . 2015-10-19 16:21 503808 ----a-w- c:\windows\system32\devinv.dll?
2015-09-18 19:19 . 2015-10-19 16:21 73216 ----a-w- c:\windows\system32\acmigratio?n.dll
2015-09-18 19:19 . 2015-10-19 16:21 1291264 ----a-w- c:\windows\system32\appraiser.?dll
2015-09-18 19:09 . 2015-10-15 04:01 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 03:04 . 2015-09-13 13:33 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-13 13:33 100864 ----a-w- c:\windows\system32\fontsub.dl?l
2015-09-02 03:04 . 2015-09-13 13:33 14336 ----a-w- c:\windows\system32\dciman32.d?ll
2015-09-02 03:04 . 2015-09-13 13:33 46080 ----a-w- c:\windows\system32\atmlib.dll?
2015-09-02 02:48 . 2015-09-13 13:33 70656 ----a-w- c:\windows\SysWow64\fontsub.dl?l
2015-09-02 02:48 . 2015-09-13 13:33 10240 ----a-w- c:\windows\SysWow64\dciman32.d?ll
2015-09-02 02:48 . 2015-09-13 13:33 34304 ----a-w- c:\windows\SysWow64\atmlib.dll?
2015-09-02 02:47 . 2015-09-13 13:33 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:47 . 2015-09-13 13:33 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-13 13:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-09-01 13:56 . 2013-08-01 18:40 141416 ----a-w- c:\windows\system32\drivers\av?ipbb.sys
2015-08-27 18:18 . 2015-09-13 13:41 2004480 ----a-w- c:\windows\system32\msxml6.dll?
2015-08-27 18:18 . 2015-09-13 13:41 1887232 ----a-w- c:\windows\system32\msxml3.dll?
2015-08-27 18:13 . 2015-09-13 13:40 2048 ----a-w- c:\windows\system32\msxml6r.dl?l
2015-08-27 18:13 . 2015-09-13 13:40 2048 ----a-w- c:\windows\system32\msxml3r.dl?l
2015-08-27 17:58 . 2015-09-13 13:40 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll?
2015-08-27 17:58 . 2015-09-13 13:40 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll?
2015-08-27 17:51 . 2015-09-13 13:40 2048 ----a-w- c:\windows\SysWow64\msxml6r.dl?l
2015-08-27 17:51 . 2015-09-13 13:40 2048 ----a-w- c:\windows\SysWow64\msxml3r.dl?l
.
.
((((((((((((((((((((((((((((((?((( Points de chargement Reg ))))))))))))))))))))))))))))))?))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program6)\TomTom HOME 2\TomTomHOMERunner.exe" [2015-04-30 248176]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeC?ontrolPanel.exe" [2013-01-16 2736128]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarm?Clock.exe" [2011-02-17 1347912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe"? [2015-10-19 8551848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-10-27 782520]
"UpdatePRCShortCut"="c:\progra?m files (x86)\Hewlett-Packard\Recovery?\MUITransfer\MUIStartMenu.exe"? [2009-05-19 222504]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Avira SystrayStartTrigger"="c:\progr?am files (x86)\Avira\Launcher\Avira.Sys?trayStartTrigger.exe" [2015-10-14 66320]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\Sy?stem\AgentMonitor.exe" [2014-06-20 401280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.e?xe" [2015-05-01 1022152]
.
c:\users\candido\AppData\Roami?ng\Microsoft\Windows\Start Menu\Programs\Startup\
Alertes de surveillance de l'encre - HP Deskjet 2050 J510 series.lnk - c:\windows\system32\RunDll32.e?xe "c:\program files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",Run?DLLEntryALNUMBER=CN22T180D905QV;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 AntiVirMailService;Avira Protection e-mail;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\progra?m files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 clr_optimization_v4.0.30319_64?;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Micr?osoft.NET\Framework64\v4.0.303?19\mscorsvw.exe;c:\windows\Mic?rosoft.NET\Framework64\v4.0.30?319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\?program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIV?ERS\ssudbus.sys;c:\windows\SYS?NATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet? Explorer ETW Collector Service;c:\windows\system32\IE?EtwCollector.exe;c:\windows\SY?SNATIVE\IEEtwCollector.exe [x]
R3 MHIKEY10;MHIKEY10;c:\windows\s?ystem32\Drivers\MHIKEY10x64.sy?s;c:\windows\SYSNATIVE\Drivers?\MHIKEY10x64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DR?IVERS\netaapl64.sys;c:\windows?\SYSNATIVE\DRIVERS\netaapl64.s?ys [x]
R3 PSKMAD;PSKMAD;c:\windows\syste?m32\DRIVERS\PSKMAD.sys;c:\wind?ows\SYSNATIVE\DRIVERS\PSKMAD.s?ys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri?vers\rdpvideominiport.sys;c:\w?indows\SYSNATIVE\drivers\rdpvi?deominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIV?ERS\ssudmdm.sys;c:\windows\SYS?NATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIV?ERS\ssudserd.sys;c:\windows\SY?SNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\s?ystem32\drivers\tsusbflt.sys;c?:\windows\SYSNATIVE\drivers\ts?usbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Dri?vers\usbaapl64.sys;c:\windows\?SYSNATIVE\Drivers\usbaapl64.sy?s [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system?32\Wat\WatAdminSvc.exe;c:\wind?ows\SYSNATIVE\Wat\WatAdminSvc.?exe [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVE?RS\ZTEusbvoice.sys;c:\windows\?SYSNATIVE\DRIVERS\ZTEusbvoice.?sys [x]
R4 AntiVirWebService;Avira Protection Web;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\progra?m files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 pavboot;pavboot;c:\windows\sys?tem32\drivers\pavboot64.sys;c:?\windows\SYSNATIVE\drivers\pav?boot64.sys [x]
S1 avkmgr;avkmgr;c:\windows\syste?m32\DRIVERS\avkmgr.sys;c:\wind?ows\SYSNATIVE\DRIVERS\avkmgr.s?ys [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServi?ce.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServi?ce.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.Ser?viceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.Ser?viceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\s?ystem32\DRIVERS\avnetflt.sys;c?:\windows\SYSNATIVE\DRIVERS\av?netflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\sv?chost.exe;c:\windows\SYSNATIVE?\svchost.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:?\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TomTomHOMEService;TomTomHOMESe?rvice;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\pro?gram files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRI?VERS\Rt64win7.sys;c:\windows\S?YSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wo?w6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 11:46 454176 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.ex?e
.
Contenu du dossier 'Tâches planifiées'
.
2015-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\F?lash\FlashPlayerUpdateService.?exe [2013-05-16 10:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uLocal Page = c:\windows\System32\blank.htm
uDefault_Search_URL = https://search.avira.net/#web/? [...] art&q=
uSearchMigratedDefaultURL = https://www.google.com/
mDefault_Search_URL = hxxp://www.google.fr/
mDefault_Page_URL = hxxp://www.google.fr/
mStart Page = hxxp://www.google.fr/
mLocal Page = c:\windows\System32\blank.htm
mSearch Page = hxxp://www.google.fr/?q={searc?hTerms}
mSearch Bar = https://www.google.com/
mSearchMigratedDefaultURL = https://www.google.com/
uSearchAssistant = https://www.google.com/
uCustomizeSearch = https://www.google.com/
mCustomizeSearch = https://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4?F4437FE} - hxxp://photoservice.fujicolor.?eu/ips-opdata/objects/jordan.c?ab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-15511458.sys
HKLM_Wow6432Node-ActiveSetup-{?2D46B6DC-2207-486B-B523-A557E6?D54B47} - start
AddRemove-HP Remote Solution - c:\programdata\{ADCBF7A8-716E-?4B21-AF03-E3F11C06C309}\HP_Rem?ote_Solution_Install.exe
AddRemove-{C611CF88-969D-43E6-A877-D6D6439DD081} - c:\programdata\{ADCBF7A8-716E-?4B21-AF03-E3F11C06C309}\HP_Rem?ote_Solution_Install.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-496?7-8AC8-AA9FDA693EDE}\setup.exe?
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Window?s\\system32\\Macromed\\Flash\\?FlashUtil64_19_0_0_245_ActiveX?.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macr?omed\\Flash\\FlashUtil64_19_0_?0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6?823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-00?0000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6?823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Window?s\\SysWOW64\\Macromed\\Flash\\?FlashUtil32_19_0_0_245_ActiveX?.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macr?omed\\Flash\\FlashUtil32_19_0_?0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6?823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macr?omed\\Flash\\Flash32_19_0_0_24?5.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFla?sh.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macr?omed\\Flash\\Flash32_19_0_0_24?5.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-44?4553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFla?sh"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macr?omed\\Flash\\Flash32_19_0_0_24?5.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1?"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macr?omed\\Flash\\Flash32_19_0_0_24?5.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-44?4553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-00?0000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6?823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe?
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
******************************?******************************?**************
.
Heure de fin: 2015-11-19 19:45:28 - La machine a redémarré
ComboFix-quarantined-files.txt? 2015-11-19 18:45
.
Avant-CF: 294 485 446 656 octets libres
Après-CF: 293 916 876 800 octets libres
.
- - End Of File - - 36BD2196555DD1F1772495E8041D95?35
2C2E6B3851C138C6AFD389ABDF61090E
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.409?5.2580 [GMT 1:00]
Lancé depuis: c:\users\candido\Desktop\combo?fixe.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50?FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-91977?42422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132?C1ACF46}
.
.
((((((((((((((((((((((((((((((?(((((( Autres suppressions ))))))))))))))))))))))))))))))?))))))))))))))))))
.
.
c:\users\candido\AppData\Local?\Temp\avgnt.exe\Avira.OE.ExtAp?i.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-10-19 au 2015-11-19 ))))))))))))))))))))))))))))))?))))))
.
.
2015-11-19 18:36 . 2015-11-19 18:36 -------- d-----w- c:\users\UpdatusUser\AppData\L?ocal\temp
2015-11-12 17:35 . 2015-11-12 18:46 -------- d-----w- C:\Pre_Scan
2015-11-12 05:38 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys?
2015-11-11 22:22 . 2015-11-12 16:11 -------- d-----w- c:\users\candido\Doctor Web
2015-11-11 11:00 . 2015-10-29 17:50 6656 ----a-w- c:\windows\system32\shimeng.dl?l
2015-11-11 10:44 . 2015-10-20 18:42 98816 ----a-w- c:\windows\system32\wudriver.d?ll
2015-11-11 10:36 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\nd?is.sys
2015-11-10 19:30 . 2015-11-11 09:50 -------- d-----w- C:\AdsFix
2015-11-10 09:48 . 2015-11-10 12:16 -------- d-----w- C:\FRST
2015-11-10 08:25 . 2015-11-10 08:25 -------- d-----w- c:\program files (x86)\ESET
2015-11-10 08:10 . 2015-11-10 08:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-11-10 08:06 . 2015-11-10 08:06 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-11-10 08:00 . 2015-11-10 08:00 -------- d-----w- c:\users\candido\AppData\Roami?ng\QuickScan
2015-11-04 19:33 . 2015-09-14 12:03 39672 ----a-w- c:\windows\system32\drivers\Da?sPtct.SYS
2015-10-28 17:29 . 2015-10-28 17:29 -------- d-----w- c:\program files\Bonjour
2015-10-28 17:29 . 2015-10-28 17:29 -------- d-----w- c:\program files (x86)\Bonjour
2015-10-28 17:27 . 2015-10-28 17:27 -------- d-----w- c:\program files (x86)\Apple Software Update
2015-10-25 13:26 . 2015-10-25 13:42 -------- d-----w- c:\users\candido\AppData\Local?\AviraSpeedup
2015-10-24 18:54 . 2015-11-05 03:16 -------- d-----w- c:\users\Public\Speedup Sessions
.
.
.
((((((((((((((((((((((((((((((?(((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))?))))))))))))))))))
.
2015-11-12 02:13 . 2010-01-13 22:20 145617392 ----a-w- c:\windows\system32\MRT.exe
2015-11-11 10:12 . 2013-05-16 13:49 780488 ----a-w- c:\windows\SysWow64\FlashPlaye?rApp.exe
2015-11-11 10:12 . 2011-10-05 21:18 142536 ----a-w- c:\windows\SysWow64\FlashPlaye?rCPLApp.cpl
2015-10-29 17:50 . 2015-11-11 11:00 350208 ----a-w- c:\windows\apppatch\AppPatch64?\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 11:00 309248 ----a-w- c:\windows\apppatch\AppPatch64?\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 11:00 135168 ----a-w- c:\windows\apppatch\AppPatch64?\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 11:00 103424 ----a-w- c:\windows\apppatch\AppPatch64?\acspecfc.dll
2015-10-29 17:49 . 2015-11-11 11:00 562176 ----a-w- c:\windows\apppatch\AcLayers.d?ll
2015-10-29 17:49 . 2015-11-11 11:00 470528 ----a-w- c:\windows\apppatch\AcSpecfc.d?ll
2015-10-29 17:49 . 2015-11-11 11:00 2178560 ----a-w- c:\windows\apppatch\AcGenral.d?ll
2015-10-29 17:49 . 2015-11-11 11:00 211968 ----a-w- c:\windows\apppatch\AcXtrnal.d?ll
2015-10-29 17:39 . 2015-11-11 11:00 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-27 09:42 . 2013-08-01 18:40 74952 ----a-w- c:\windows\system32\drivers\av?netflt.sys
2015-10-27 09:42 . 2013-08-01 18:40 163544 ----a-w- c:\windows\system32\drivers\av?gntflt.sys
2015-10-20 00:45 . 2015-11-11 11:01 44032 ----a-w- c:\windows\apppatch\acwow64.dl?l
2015-10-13 09:47 . 2015-11-18 02:49 11140960 ----a-w- c:\programdata\Microsoft\Windo?ws Defender\Definition Updates\{E371C090-4423-44C0-B9?ED-D28B84D30190}\mpengine.dll
2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_c?lr0400.dll
2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_c?lr0400.dll
2015-10-01 18:06 . 2015-10-14 08:13 692672 ----a-w- c:\windows\system32\winload.ef?i
2015-10-01 18:04 . 2015-10-14 08:13 616360 ----a-w- c:\windows\system32\winresume.?efi
2015-10-01 18:00 . 2015-10-14 08:13 63488 ----a-w- c:\windows\system32\setbcdloca?le.dll
2015-10-01 18:00 . 2015-10-14 08:13 59392 ----a-w- c:\windows\system32\appidapi.d?ll
2015-10-01 18:00 . 2015-10-14 08:13 32768 ----a-w- c:\windows\system32\appidsvc.d?ll
2015-10-01 18:00 . 2015-10-14 08:13 147456 ----a-w- c:\windows\system32\appidpolic?yconverter.exe
2015-10-01 18:00 . 2015-10-14 08:13 17920 ----a-w- c:\windows\system32\appidcerts?torecheck.exe
2015-10-01 17:50 . 2015-10-14 08:13 50688 ----a-w- c:\windows\SysWow64\appidapi.d?ll
2015-10-01 17:00 . 2015-10-14 08:13 61440 ----a-w- c:\windows\system32\drivers\ap?pid.sys
2015-09-18 19:22 . 2015-10-19 16:21 25432 ----a-w- c:\windows\system32\CompatTelR?unner.exe
2015-09-18 19:19 . 2015-10-15 04:01 700416 ----a-w- c:\windows\system32\invagent.d?ll
2015-09-18 19:19 . 2015-10-19 16:21 766464 ----a-w- c:\windows\system32\generaltel?.dll
2015-09-18 19:19 . 2015-10-19 16:21 503808 ----a-w- c:\windows\system32\devinv.dll?
2015-09-18 19:19 . 2015-10-19 16:21 73216 ----a-w- c:\windows\system32\acmigratio?n.dll
2015-09-18 19:19 . 2015-10-19 16:21 1291264 ----a-w- c:\windows\system32\appraiser.?dll
2015-09-18 19:09 . 2015-10-15 04:01 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-09-02 03:04 . 2015-09-13 13:33 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-13 13:33 100864 ----a-w- c:\windows\system32\fontsub.dl?l
2015-09-02 03:04 . 2015-09-13 13:33 14336 ----a-w- c:\windows\system32\dciman32.d?ll
2015-09-02 03:04 . 2015-09-13 13:33 46080 ----a-w- c:\windows\system32\atmlib.dll?
2015-09-02 02:48 . 2015-09-13 13:33 70656 ----a-w- c:\windows\SysWow64\fontsub.dl?l
2015-09-02 02:48 . 2015-09-13 13:33 10240 ----a-w- c:\windows\SysWow64\dciman32.d?ll
2015-09-02 02:48 . 2015-09-13 13:33 34304 ----a-w- c:\windows\SysWow64\atmlib.dll?
2015-09-02 02:47 . 2015-09-13 13:33 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:47 . 2015-09-13 13:33 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-13 13:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-09-01 13:56 . 2013-08-01 18:40 141416 ----a-w- c:\windows\system32\drivers\av?ipbb.sys
2015-08-27 18:18 . 2015-09-13 13:41 2004480 ----a-w- c:\windows\system32\msxml6.dll?
2015-08-27 18:18 . 2015-09-13 13:41 1887232 ----a-w- c:\windows\system32\msxml3.dll?
2015-08-27 18:13 . 2015-09-13 13:40 2048 ----a-w- c:\windows\system32\msxml6r.dl?l
2015-08-27 18:13 . 2015-09-13 13:40 2048 ----a-w- c:\windows\system32\msxml3r.dl?l
2015-08-27 17:58 . 2015-09-13 13:40 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll?
2015-08-27 17:58 . 2015-09-13 13:40 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll?
2015-08-27 17:51 . 2015-09-13 13:40 2048 ----a-w- c:\windows\SysWow64\msxml6r.dl?l
2015-08-27 17:51 . 2015-09-13 13:40 2048 ----a-w- c:\windows\SysWow64\msxml3r.dl?l
.
.
((((((((((((((((((((((((((((((?((( Points de chargement Reg ))))))))))))))))))))))))))))))?))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program6)\TomTom HOME 2\TomTomHOMERunner.exe" [2015-04-30 248176]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeC?ontrolPanel.exe" [2013-01-16 2736128]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarm?Clock.exe" [2011-02-17 1347912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe"? [2015-10-19 8551848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-10-27 782520]
"UpdatePRCShortCut"="c:\progra?m files (x86)\Hewlett-Packard\Recovery?\MUITransfer\MUIStartMenu.exe"? [2009-05-19 222504]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Avira SystrayStartTrigger"="c:\progr?am files (x86)\Avira\Launcher\Avira.Sys?trayStartTrigger.exe" [2015-10-14 66320]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\Sy?stem\AgentMonitor.exe" [2014-06-20 401280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.e?xe" [2015-05-01 1022152]
.
c:\users\candido\AppData\Roami?ng\Microsoft\Windows\Start Menu\Programs\Startup\
Alertes de surveillance de l'encre - HP Deskjet 2050 J510 series.lnk - c:\windows\system32\RunDll32.e?xe "c:\program files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",Run?DLLEntryALNUMBER=CN22T180D905QV;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 AntiVirMailService;Avira Protection e-mail;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\progra?m files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 clr_optimization_v4.0.30319_64?;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Micr?osoft.NET\Framework64\v4.0.303?19\mscorsvw.exe;c:\windows\Mic?rosoft.NET\Framework64\v4.0.30?319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\?program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIV?ERS\ssudbus.sys;c:\windows\SYS?NATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet? Explorer ETW Collector Service;c:\windows\system32\IE?EtwCollector.exe;c:\windows\SY?SNATIVE\IEEtwCollector.exe [x]
R3 MHIKEY10;MHIKEY10;c:\windows\s?ystem32\Drivers\MHIKEY10x64.sy?s;c:\windows\SYSNATIVE\Drivers?\MHIKEY10x64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DR?IVERS\netaapl64.sys;c:\windows?\SYSNATIVE\DRIVERS\netaapl64.s?ys [x]
R3 PSKMAD;PSKMAD;c:\windows\syste?m32\DRIVERS\PSKMAD.sys;c:\wind?ows\SYSNATIVE\DRIVERS\PSKMAD.s?ys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri?vers\rdpvideominiport.sys;c:\w?indows\SYSNATIVE\drivers\rdpvi?deominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIV?ERS\ssudmdm.sys;c:\windows\SYS?NATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIV?ERS\ssudserd.sys;c:\windows\SY?SNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\s?ystem32\drivers\tsusbflt.sys;c?:\windows\SYSNATIVE\drivers\ts?usbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Dri?vers\usbaapl64.sys;c:\windows\?SYSNATIVE\Drivers\usbaapl64.sy?s [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system?32\Wat\WatAdminSvc.exe;c:\wind?ows\SYSNATIVE\Wat\WatAdminSvc.?exe [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVE?RS\ZTEusbvoice.sys;c:\windows\?SYSNATIVE\DRIVERS\ZTEusbvoice.?sys [x]
R4 AntiVirWebService;Avira Protection Web;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\progra?m files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 pavboot;pavboot;c:\windows\sys?tem32\drivers\pavboot64.sys;c:?\windows\SYSNATIVE\drivers\pav?boot64.sys [x]
S1 avkmgr;avkmgr;c:\windows\syste?m32\DRIVERS\avkmgr.sys;c:\wind?ows\SYSNATIVE\DRIVERS\avkmgr.s?ys [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServi?ce.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServi?ce.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.Ser?viceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.Ser?viceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\s?ystem32\DRIVERS\avnetflt.sys;c?:\windows\SYSNATIVE\DRIVERS\av?netflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\sv?chost.exe;c:\windows\SYSNATIVE?\svchost.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:?\program files (x86)\Nero\Update\NASvc.exe [x]
S2 TomTomHOMEService;TomTomHOMESe?rvice;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\pro?gram files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRI?VERS\Rt64win7.sys;c:\windows\S?YSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wo?w6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 11:46 454176 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.ex?e
.
Contenu du dossier 'Tâches planifiées'
.
2015-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\F?lash\FlashPlayerUpdateService.?exe [2013-05-16 10:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uLocal Page = c:\windows\System32\blank.htm
uDefault_Search_URL = https://search.avira.net/#web/? [...] art&q=
uSearchMigratedDefaultURL = https://www.google.com/
mDefault_Search_URL = hxxp://www.google.fr/
mDefault_Page_URL = hxxp://www.google.fr/
mStart Page = hxxp://www.google.fr/
mLocal Page = c:\windows\System32\blank.htm
mSearch Page = hxxp://www.google.fr/?q={searc?hTerms}
mSearch Bar = https://www.google.com/
mSearchMigratedDefaultURL = https://www.google.com/
uSearchAssistant = https://www.google.com/
uCustomizeSearch = https://www.google.com/
mCustomizeSearch = https://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4?F4437FE} - hxxp://photoservice.fujicolor.?eu/ips-opdata/objects/jordan.c?ab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-15511458.sys
HKLM_Wow6432Node-ActiveSetup-{?2D46B6DC-2207-486B-B523-A557E6?D54B47} - start
AddRemove-HP Remote Solution - c:\programdata\{ADCBF7A8-716E-?4B21-AF03-E3F11C06C309}\HP_Rem?ote_Solution_Install.exe
AddRemove-{C611CF88-969D-43E6-A877-D6D6439DD081} - c:\programdata\{ADCBF7A8-716E-?4B21-AF03-E3F11C06C309}\HP_Rem?ote_Solution_Install.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-496?7-8AC8-AA9FDA693EDE}\setup.exe?
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Window?s\\system32\\Macromed\\Flash\\?FlashUtil64_19_0_0_245_ActiveX?.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macr?omed\\Flash\\FlashUtil64_19_0_?0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6?823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-00?0000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6?823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Window?s\\SysWOW64\\Macromed\\Flash\\?FlashUtil32_19_0_0_245_ActiveX?.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macr?omed\\Flash\\FlashUtil32_19_0_?0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6?823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macr?omed\\Flash\\Flash32_19_0_0_24?5.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFla?sh.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macr?omed\\Flash\\Flash32_19_0_0_24?5.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-44?4553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFla?sh"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macr?omed\\Flash\\Flash32_19_0_0_24?5.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1?"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macr?omed\\Flash\\Flash32_19_0_0_24?5.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-44?4553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-00?0000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6?823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe?
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
******************************?******************************?**************
.
Heure de fin: 2015-11-19 19:45:28 - La machine a redémarré
ComboFix-quarantined-files.txt? 2015-11-19 18:45
.
Avant-CF: 294 485 446 656 octets libres
Après-CF: 293 916 876 800 octets libres
.
- - End Of File - - 36BD2196555DD1F1772495E8041D95?35
2C2E6B3851C138C6AFD389ABDF61090E