cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 16-08-31.01 - benjamin 02/09/2016 15:54:43.1.2 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.2933.1810 [GMT 2:00]
Lancé depuis: c:\users\benjamin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\benjamin\Desktop\Internet Explorer.lnk
c:\users\benjamin\ZHPCleaner.exe
c:\windows\msdownld.tmp
c:\windows\SysWow64\CCXPButton.ocx
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TESSAFE
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-08-02 au 2016-09-02 ))))))))))))))))))))))))))))))))))))
.
.
2016-09-01 21:30 . 2016-09-01 21:30 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2016-09-01 21:23 . 2016-08-02 22:36 11847048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{444C22B0-6B27-4DD5-9529-B10760DEB1A2}\mpengine.dll
2016-09-01 17:00 . 2016-08-02 22:36 11847048 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-09-01 17:00 . 2016-07-06 16:19 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5B31DEA-D353-4BC0-8D6E-4722A8E10B39}\gapaengine.dll
2016-08-30 09:57 . 2016-08-30 09:57 -------- d-----w- c:\users\benjamin\AppData\Local\VS Revo Group
2016-08-30 09:57 . 2016-08-30 09:57 -------- d-----w- c:\programdata\VS Revo Group
2016-08-30 09:57 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2016-08-30 09:57 . 2016-08-30 09:57 -------- d-----w- c:\program files\VS Revo Group
2016-08-29 16:00 . 2016-08-29 16:00 -------- d-----w- c:\program files (x86)\Cisco
2016-08-29 15:59 . 2009-12-16 19:16 73216 ----a-w- c:\windows\system32\wltrynt.dll
2016-08-29 15:59 . 2009-12-16 19:16 60928 ----a-w- c:\windows\system32\bcmwlrmt.dll
2016-08-29 15:59 . 2009-12-16 19:16 4750848 ----a-w- c:\windows\system32\bcmttls.dll
2016-08-29 15:59 . 2009-12-16 19:16 22520 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2016-08-29 15:59 . 2009-12-16 19:16 4961800 ----a-w- c:\windows\SysWow64\vcredist_x64.exe
2016-08-29 15:59 . 2009-12-16 19:16 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2016-08-29 15:59 . 2009-12-16 19:16 459 ----a-w- c:\windows\SysWow64\vcredist_x64.bat
2016-08-29 15:58 . 2009-12-16 19:16 3053560 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2016-08-29 15:58 . 2009-12-16 19:16 3881984 ----a-w- c:\windows\system32\bcmihvui64.dll
2016-08-28 13:14 . 2016-08-28 13:14 -------- d-----w- c:\users\benjamin\AppData\Roaming\Moonchild Productions
2016-08-28 13:14 . 2016-08-28 13:14 -------- d-----w- c:\users\benjamin\AppData\Local\Moonchild Productions
2016-08-28 13:13 . 2016-08-28 13:13 -------- d-----w- c:\program files\Pale Moon
2016-08-26 18:04 . 2016-08-27 15:18 -------- d-----w- C:\FRST
2016-08-25 10:01 . 2016-08-27 17:37 -------- d-----w- c:\program files (x86)\ZHPFix
2016-08-24 20:46 . 2007-03-16 16:10 89088 ----a-w- c:\windows\SysWow64\ATL71.DLL
2016-08-24 20:46 . 2016-08-29 16:00 -------- d-----w- c:\program files\Dell
2016-08-24 20:46 . 2009-12-16 19:16 7954944 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2016-08-24 20:46 . 2007-03-16 16:10 978944 ----a-w- c:\windows\system32\MSVCP71.DLL
2016-08-24 20:46 . 2007-03-16 16:10 520192 ----a-w- c:\windows\system32\MSVCR71.DLL
2016-08-24 20:46 . 2007-03-16 16:10 1524736 ----a-w- c:\windows\system32\MFC71.DLL
2016-08-24 20:46 . 2007-03-16 16:10 348160 ----a-w- c:\windows\SysWow64\MSVCR71.DLL
2016-08-24 20:46 . 2007-03-16 16:10 118272 ----a-w- c:\windows\system32\ATL71.DLL
2016-08-24 20:46 . 2007-03-16 16:10 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL
2016-08-24 20:45 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2016-08-24 20:45 . 2001-09-05 02:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2016-08-24 20:45 . 2001-09-05 02:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2016-08-24 20:45 . 2001-09-05 02:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2016-08-24 20:45 . 2007-03-16 16:10 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2016-08-22 20:11 . 2016-08-22 20:11 -------- d-----w- c:\users\benjamin\AppData\Local\pdfforge
2016-08-22 19:13 . 2016-05-13 22:07 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-08-22 19:13 . 2016-05-13 21:53 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-08-22 19:13 . 2016-05-13 21:52 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-08-22 19:13 . 2016-05-13 22:09 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-08-22 19:13 . 2016-05-13 22:09 3156480 ----a-w- c:\windows\system32\wucltux.dll
2016-08-22 19:13 . 2016-05-13 21:53 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-08-22 19:13 . 2016-05-13 21:50 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-08-22 19:13 . 2016-05-13 21:38 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-08-22 19:13 . 2016-05-13 21:38 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-08-22 19:13 . 2016-05-13 21:38 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-08-22 18:51 . 2016-07-07 15:36 1896168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-08-22 18:51 . 2016-07-07 15:36 377576 ----a-w- c:\windows\system32\drivers\netio.sys
2016-08-22 18:51 . 2016-07-07 15:36 287976 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2016-08-22 18:51 . 2016-07-07 15:08 46080 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2016-08-22 18:51 . 2016-07-01 15:31 976896 ----a-w- c:\windows\system32\inetcomm.dll
2016-08-22 18:51 . 2016-07-01 15:31 84480 ----a-w- c:\windows\system32\INETRES.dll
2016-08-22 18:51 . 2016-07-01 15:13 84480 ----a-w- c:\windows\SysWow64\INETRES.dll
2016-08-22 18:51 . 2016-07-01 15:13 741888 ----a-w- c:\windows\SysWow64\inetcomm.dll
2016-08-22 18:51 . 2016-07-01 14:56 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2016-08-22 18:51 . 2016-07-01 14:56 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-08-22 18:51 . 2016-07-01 14:56 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-08-22 18:44 . 2015-12-16 18:55 69120 ----a-w- c:\windows\system32\nlsbres.dll
2016-08-22 18:44 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2016-08-22 18:44 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2016-08-22 18:44 . 2015-12-16 18:53 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2016-08-22 18:44 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll
2016-08-22 18:44 . 2015-12-16 18:48 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL
2016-08-22 18:44 . 2015-12-16 18:47 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
2016-08-20 17:45 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll
2016-08-20 17:45 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2016-08-18 12:14 . 2016-08-18 12:14 -------- d-----w- c:\windows\system32\sag
2016-08-18 09:42 . 2016-08-18 07:46 357888 ----a-w- c:\windows\system32\dnsapi.dll
2016-08-18 06:29 . 2016-08-18 06:29 -------- d-----w- c:\windows\system32\taz
2016-08-16 21:37 . 2016-08-16 21:37 -------- d-----w- c:\windows\system32\vupw
2016-08-16 20:53 . 2016-08-16 20:53 -------- d-----w- c:\windows\system32\idh
2016-08-16 16:44 . 2016-08-30 14:56 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-08-16 16:44 . 2016-08-16 16:44 -------- d-----w- c:\program files\RogueKiller
2016-08-16 16:43 . 2016-08-16 16:43 -------- d-----w- c:\programdata\RogueKiller
2016-08-16 16:34 . 2016-08-30 15:09 -------- d-----w- C:\AdwCleaner
2016-08-16 15:40 . 2016-08-16 15:40 -------- d-----w- c:\windows\system32\gog
2016-08-16 15:31 . 2016-08-16 15:31 -------- d-----w- c:\windows\system32\ufi
2016-08-16 15:31 . 2016-08-16 15:31 -------- d-----w- c:\windows\system32\fin
2016-08-16 15:09 . 2016-08-16 15:09 -------- d-----w- c:\users\benjamin\AppData\Roaming\GowvePitpagf
2016-08-16 14:58 . 2016-08-18 12:16 -------- d-----w- c:\users\benjamin\AppData\Roaming\Nuidereg
2016-08-16 14:58 . 2016-08-16 15:09 -------- d-----w- c:\users\benjamin\AppData\Local\Tempfolder
2016-08-16 14:54 . 2016-08-16 14:54 -------- d-----w- c:\users\benjamin\AppData\Local\Profiles
2016-08-16 14:51 . 2016-08-16 14:51 -------- d-----w- c:\programdata\AVAST Software
2016-08-16 14:50 . 2016-08-16 14:50 -------- d--h--w- c:\program files (x86)\8dhE704
2016-08-16 14:49 . 2016-08-16 14:54 -------- d-----w- c:\users\benjamin\AppData\Local\comapyreawecultetesp
2016-08-16 14:48 . 2016-08-16 14:50 -------- d-----w- c:\users\benjamin\AppData\Roaming\Profiles
2016-08-16 14:28 . 2016-08-18 08:47 -------- d-----w- c:\users\benjamin\AppData\Local\BitZipper
2016-08-16 14:28 . 2016-08-18 12:15 -------- d-----w- c:\program files (x86)\BitZipper
2016-08-12 21:09 . 2016-08-15 16:26 12528 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS
2016-08-12 19:34 . 2016-08-12 19:34 -------- d-----w- c:\program files (x86)\Le seigneur des aneaux le retour du roi
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-21 05:31 . 2015-01-23 19:38 147640136 -c--a-w- c:\windows\system32\MRT.exe
2016-07-27 19:25 . 2015-01-23 19:40 504488 ------w- c:\windows\system32\MpSigStub.exe
2016-07-14 19:44 . 2015-06-05 16:59 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-07-14 19:44 . 2015-06-05 16:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-06 16:19 . 2015-02-08 16:15 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-06-14 15:21 . 2016-08-19 07:59 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-07-13 8891608]
"Gestionnaire Antidote.exe"="c:\program files (x86)\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-03 542136]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-06-18 4468056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys;c:\windows\SYSNATIVE\drivers\sfdrv01a.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys;c:\windows\SYSNATIVE\DRIVERS\awealloc.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys;c:\windows\SYSNATIVE\DRIVERS\imdisk.sys [x]
S2 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe;c:\windows\SYSNATIVE\imdsksvc.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contenu du dossier 'Tâches planifiées'
.
2016-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-05 19:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 1340192]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.google.fr/
mDefault_Page_URL = hxxp://www.google.fr/
mDefault_Search_URL = hxxp://www.google.fr/
mSearch Page = hxxp://www.google.fr/?q={searchTerms}
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,69,0a,0c,73,4f,fd,43,9b,42,de,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a3,69,0a,0c,73,4f,fd,43,9b,42,de,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.22"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_22_0_0_210.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\IPCONFIG.exe
.
**************************************************************************
.
Heure de fin: 2016-09-02 16:10:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-09-02 14:10
.
Avant-CF: 43 590 942 720 octets libres
Après-CF: 42 866 413 568 octets libres
.
- - End Of File - - C9B54D1A018DCB552FDFDB9DF9481423

Publicité


Signaler le contenu de ce document

Publicité