Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-09-14.01 - Fethi 21/09/2016 19:58:36.1.4 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.5939.3843 [GMT 1:00]
Lancé depuis: c:\users\Fethi\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.402.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Personal firewall *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.402.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - Windows: deleted 192 bytes in 1 streams. [/i]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fethi\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-08-21 au 2016-09-21 ))))))))))))))))))))))))))))))))))))
.
.
2016-09-21 19:08 . 2016-09-21 19:08 -------- d-----w- c:\users\invité1\AppData\Local\temp
2016-09-21 19:08 . 2016-09-21 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-09-17 22:12 . 2016-09-20 23:34 -------- d-----w- C:\FRST
2016-09-17 20:14 . 2016-09-17 21:48 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-17 19:22 . 2016-09-17 19:22 -------- d-----w- c:\users\Fethi\AppData\Roaming\Malwarebytes
2016-09-17 18:57 . 2016-09-17 18:57 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-17 18:51 . 2016-09-17 18:51 -------- d-----w- c:\programdata\RogueKiller
2016-09-17 17:41 . 2016-09-17 17:43 -------- d-----w- C:\AdsFix
2016-09-17 17:20 . 2016-09-17 17:22 -------- d-----w- C:\AdwCleaner
2016-09-17 16:38 . 2016-09-17 19:48 -------- d-----w- c:\users\Fethi\AppData\Roaming\ZHP
2016-09-14 22:33 . 2016-08-02 22:36 11847048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{798DA2C1-C8FB-4D59-9B3F-3D6E091D3C29}\mpengine.dll
2016-09-07 00:39 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll
2016-09-07 00:39 . 2016-07-08 15:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-09-06 22:28 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2016-09-06 22:28 . 2009-10-01 02:01 88064 ----a-w- c:\windows\system32\E_IBCBGDE.DLL
2016-09-06 15:34 . 2008-11-12 11:00 118784 ----a-w- c:\windows\system32\E_ILMGDE.DLL
2016-09-06 15:21 . 2012-05-21 23:00 465920 ----a-w- c:\windows\system32\esxw2ud.dll
2016-09-06 15:21 . 2009-10-15 23:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2016-09-06 15:21 . 2009-10-15 23:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2016-09-06 14:42 . 2016-09-15 18:40 -------- d-----w- c:\users\Fethi\AppData\Roaming\EPSON
2016-09-06 14:39 . 2016-09-06 14:39 -------- d-----w- c:\programdata\UDL
2016-08-30 18:17 . 2016-08-30 18:17 153248 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-08-30 18:17 . 2016-08-30 18:17 61608 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-07 13:25 . 2015-10-27 18:39 147640136 -c--a-w- c:\windows\system32\MRT.exe
2016-08-30 18:17 . 2015-07-30 11:41 84640 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-08-30 18:17 . 2015-07-30 11:41 208552 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-08-30 18:17 . 2015-07-30 11:41 263296 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-08-30 18:17 . 2015-07-30 11:41 197288 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-08-02 14:54 . 2016-08-16 23:39 394440 ----a-w- c:\windows\system32\iedkcs32.dll
2016-08-02 06:54 . 2016-08-16 23:39 25808384 ----a-w- c:\windows\system32\mshtml.dll
2016-08-02 06:47 . 2016-08-16 23:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-08-02 06:47 . 2016-08-16 23:39 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-08-02 06:32 . 2016-08-16 23:39 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-08-02 06:32 . 2016-08-16 23:39 2894336 ----a-w- c:\windows\system32\iertutil.dll
2016-08-02 06:31 . 2016-08-16 23:39 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-08-02 06:31 . 2016-08-16 23:39 417792 ----a-w- c:\windows\system32\html.iec
2016-08-02 06:31 . 2016-08-16 23:39 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-08-02 06:31 . 2016-08-16 23:39 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-08-02 06:24 . 2016-08-16 23:39 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-08-02 06:23 . 2016-08-16 23:39 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-08-02 06:20 . 2016-08-16 23:39 615936 ----a-w- c:\windows\system32\ieui.dll
2016-08-02 06:19 . 2016-08-16 23:39 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-08-02 06:19 . 2016-08-16 23:39 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-08-02 06:18 . 2016-08-16 23:39 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-08-02 06:18 . 2016-08-16 23:39 817664 ----a-w- c:\windows\system32\jscript.dll
2016-08-02 06:18 . 2016-08-16 23:39 6047744 ----a-w- c:\windows\system32\jscript9.dll
2016-08-02 06:11 . 2016-08-16 23:39 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-08-02 06:08 . 2016-08-16 23:39 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-08-02 06:03 . 2016-08-16 23:39 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-08-02 06:00 . 2016-08-16 23:39 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-02 05:59 . 2016-08-16 23:39 107520 ----a-w- c:\windows\system32\inseng.dll
2016-08-02 05:56 . 2016-08-16 23:39 199680 ----a-w- c:\windows\system32\msrating.dll
2016-08-02 05:55 . 2016-08-16 23:39 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-08-02 05:53 . 2016-08-16 23:39 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-08-02 05:51 . 2016-08-16 23:39 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-08-02 05:51 . 2016-08-16 23:39 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-08-02 05:51 . 2016-08-16 23:39 152064 ----a-w- c:\windows\system32\occache.dll
2016-08-02 05:51 . 2016-08-16 23:39 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-08-02 05:51 . 2016-08-16 23:39 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-08-02 05:50 . 2016-08-16 23:39 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-08-02 05:41 . 2016-08-16 23:39 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-08-02 05:41 . 2016-08-16 23:39 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-08-02 05:40 . 2016-08-16 23:39 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-08-02 05:38 . 2016-08-16 23:39 724992 ----a-w- c:\windows\system32\ie4uinit.exe
2016-08-02 05:38 . 2016-08-16 23:39 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-08-02 05:37 . 2016-08-16 23:39 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-08-02 05:36 . 2016-08-16 23:39 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-08-02 05:29 . 2016-08-16 23:39 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-08-02 05:28 . 2016-08-16 23:39 15412224 ----a-w- c:\windows\system32\ieframe.dll
2016-08-02 05:23 . 2016-08-16 23:39 2868224 ----a-w- c:\windows\system32\wininet.dll
2016-08-02 05:21 . 2016-08-16 23:39 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-08-02 05:14 . 2016-08-16 23:39 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-08-02 05:14 . 2016-08-16 23:39 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-08-02 05:10 . 2016-08-16 23:39 1550848 ----a-w- c:\windows\system32\urlmon.dll
2016-08-02 04:59 . 2016-08-16 23:39 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-08-02 04:56 . 2016-08-16 23:39 2393088 ----a-w- c:\windows\SysWow64\wininet.dll
2016-07-26 13:24 . 2010-11-21 03:27 504488 ------w- c:\windows\system32\MpSigStub.exe
2016-07-19 23:44 . 2016-07-19 23:45 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-07-08 15:37 . 2016-08-16 23:29 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-07-08 15:37 . 2016-08-16 23:29 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-07-08 15:32 . 2016-08-16 23:29 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-07-08 15:32 . 2016-08-16 23:29 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-07-08 15:32 . 2016-08-16 23:29 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-07-08 15:32 . 2016-08-16 23:29 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-07-08 15:32 . 2016-08-16 23:29 343552 ----a-w- c:\windows\system32\schannel.dll
2016-07-08 15:32 . 2016-08-16 23:29 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-07-08 15:32 . 2016-08-16 23:29 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-07-08 15:32 . 2016-08-16 23:29 28160 ----a-w- c:\windows\system32\secur32.dll
2016-07-08 15:32 . 2016-08-16 23:29 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-07-08 15:32 . 2016-08-16 23:29 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-07-08 15:32 . 2016-08-16 23:29 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-07-08 15:32 . 2016-08-16 23:29 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-07-08 15:32 . 2016-08-16 23:29 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-07-08 15:32 . 2016-08-16 23:29 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-07-08 15:32 . 2016-08-16 23:29 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-07-08 15:32 . 2016-08-16 23:29 22016 ----a-w- c:\windows\system32\credssp.dll
2016-07-08 15:32 . 2016-08-16 23:29 463872 ----a-w- c:\windows\system32\certcli.dll
2016-07-08 15:32 . 2016-08-16 23:29 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-07-08 15:17 . 2016-08-16 23:29 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-07-08 15:17 . 2016-08-16 23:29 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-07-08 15:16 . 2016-08-16 23:29 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-07-08 15:16 . 2016-08-16 23:29 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-07-08 15:16 . 2016-08-16 23:29 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-07-08 15:16 . 2016-08-16 23:29 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-07-08 15:16 . 2016-08-16 23:29 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-07-08 15:16 . 2016-08-16 23:29 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-07-08 15:16 . 2016-08-16 23:29 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-07-08 15:16 . 2016-08-16 23:29 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-07-08 15:16 . 2016-08-16 23:29 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-07-08 15:16 . 2016-08-16 23:29 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-07-08 15:16 . 2016-08-16 23:29 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2016-07-08 15:16 . 2016-08-16 23:29 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2016-07-08 15:16 . 2016-08-16 23:29 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2016-07-08 15:03 . 2016-08-16 23:29 64000 ----a-w- c:\windows\system32\auditpol.exe
2016-07-08 15:01 . 2016-08-16 23:29 3218944 ----a-w- c:\windows\system32\win32k.sys
2016-07-08 14:57 . 2016-08-16 23:29 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-07-08 14:56 . 2016-08-16 23:29 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-07-08 14:56 . 2016-08-16 23:29 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-07-08 14:55 . 2016-08-16 23:29 30720 ----a-w- c:\windows\system32\lsass.exe
2016-07-08 14:55 . 2016-08-16 23:29 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2016-07-08 14:50 . 2016-08-16 23:29 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll
2016-06-26 00:35 . 2016-07-14 03:37 41704 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-06-26 00:27 . 2016-07-14 03:37 756736 ----a-w- c:\windows\system32\win32spl.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 awUSB;awUSB;c:\windows\system32\DRIVERS\USBDrv_AMD64.sys;c:\windows\SYSNATIVE\DRIVERS\USBDrv_AMD64.sys [x]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\CisUtMonitor.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Nitro\Pro 9\NitroPDFDriverService9x64.exe;c:\program files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [x]
S2 NitroUpdateService;NitroUpdateService;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contenu du dossier 'Tâches planifiées'
.
2016-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871439081-2099620904-1760313982-1000Core.job
- c:\users\Fethi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-26 09:09]
.
2016-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871439081-2099620904-1760313982-1000UA.job
- c:\users\Fethi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-26 09:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = https://www.google.com/ie
mLocal Page = c:\windows\System32\blank.htm
mCustomizeSearch = https://www.google.com/
mSearchAssistant = https://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFB80AB9-418D-4E69-AA2D-C581B3D8B276}: NameServer = 8.8.8.8
TCP: Interfaces\{BFB80AB9-418D-4E69-AA2D-C581B3D8B276}\44A414755424: NameServer = 8.8.8.8
TCP: Interfaces\{BFB80AB9-418D-4E69-AA2D-C581B3D8B276}\44A414755424F54493249323: NameServer = 8.8.8.8
TCP: Interfaces\{BFB80AB9-418D-4E69-AA2D-C581B3D8B276}\44A414755424F56493432454: NameServer = 8.8.8.8
TCP: Interfaces\{BFB80AB9-418D-4E69-AA2D-C581B3D8B276}\44C496E6B6: NameServer = 8.8.8.8
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3122661 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3127233 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3136000 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3136000v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3142037 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3143693 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3164025 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-871439081-2099620904-1760313982-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0B9B063-CC36-18CA-ACA2-703F5F1FA732}*]
"jagdkilpclfedphdmejo"=hex:62,61,6a,6a,00,00
"jagdkilpclfedphdmeno"=hex:62,61,6a,6a,00,00
"iagchiihecmaijcjlb"=hex:6b,61,68,6a,66,6a,66,6a,67,65,61,6a,6b,65,68,67,70,61,
6b,6c,6e,66,00,00
"hamcjkdcadbdmdcl"=hex:6b,61,68,6a,66,6a,66,6a,67,65,61,6a,6b,65,68,67,70,61,
6b,6c,6e,66,00,00
.
[HKEY_USERS\S-1-5-21-871439081-2099620904-1760313982-1000_Classes\Wow6432Node\CLSID\{644ca9bc-366b-442d-ad0b-6cbe44a5ae63}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000002
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-871439081-2099620904-1760313982-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b0,8e,3a,d0,20,8b,bb,c0,05,30,54,52,b3,c7,63,ec,f1,ad,93,3f,da,
47,95,54,2d,2d,b3,a3,54,b2,c9,7d,b1,02,f9,c1,f9,f1,ff,fe,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2016-09-21 20:16:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-09-21 19:16
.
Avant-CF: 40 116 174 848 octets libres
Après-CF: 39 656 599 552 octets libres
.
- - End Of File - - 9C449C0BDF3A0F2E37256452D0AC1922
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.5939.3843 [GMT 1:00]
Lancé depuis: c:\users\Fethi\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.402.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Personal firewall *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.402.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - Windows: deleted 192 bytes in 1 streams. [/i]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fethi\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-08-21 au 2016-09-21 ))))))))))))))))))))))))))))))))))))
.
.
2016-09-21 19:08 . 2016-09-21 19:08 -------- d-----w- c:\users\invité1\AppData\Local\temp
2016-09-21 19:08 . 2016-09-21 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-09-17 22:12 . 2016-09-20 23:34 -------- d-----w- C:\FRST
2016-09-17 20:14 . 2016-09-17 21:48 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-17 19:22 . 2016-09-17 19:22 -------- d-----w- c:\users\Fethi\AppData\Roaming\Malwarebytes
2016-09-17 18:57 . 2016-09-17 18:57 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-17 18:51 . 2016-09-17 18:51 -------- d-----w- c:\programdata\RogueKiller
2016-09-17 17:41 . 2016-09-17 17:43 -------- d-----w- C:\AdsFix
2016-09-17 17:20 . 2016-09-17 17:22 -------- d-----w- C:\AdwCleaner
2016-09-17 16:38 . 2016-09-17 19:48 -------- d-----w- c:\users\Fethi\AppData\Roaming\ZHP
2016-09-14 22:33 . 2016-08-02 22:36 11847048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{798DA2C1-C8FB-4D59-9B3F-3D6E091D3C29}\mpengine.dll
2016-09-07 00:39 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll
2016-09-07 00:39 . 2016-07-08 15:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-09-06 22:28 . 2007-04-10 00:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2016-09-06 22:28 . 2009-10-01 02:01 88064 ----a-w- c:\windows\system32\E_IBCBGDE.DLL
2016-09-06 15:34 . 2008-11-12 11:00 118784 ----a-w- c:\windows\system32\E_ILMGDE.DLL
2016-09-06 15:21 . 2012-05-21 23:00 465920 ----a-w- c:\windows\system32\esxw2ud.dll
2016-09-06 15:21 . 2009-10-15 23:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2016-09-06 15:21 . 2009-10-15 23:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2016-09-06 14:42 . 2016-09-15 18:40 -------- d-----w- c:\users\Fethi\AppData\Roaming\EPSON
2016-09-06 14:39 . 2016-09-06 14:39 -------- d-----w- c:\programdata\UDL
2016-08-30 18:17 . 2016-08-30 18:17 153248 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-08-30 18:17 . 2016-08-30 18:17 61608 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-07 13:25 . 2015-10-27 18:39 147640136 -c--a-w- c:\windows\system32\MRT.exe
2016-08-30 18:17 . 2015-07-30 11:41 84640 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-08-30 18:17 . 2015-07-30 11:41 208552 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-08-30 18:17 . 2015-07-30 11:41 263296 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-08-30 18:17 . 2015-07-30 11:41 197288 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-08-02 14:54 . 2016-08-16 23:39 394440 ----a-w- c:\windows\system32\iedkcs32.dll
2016-08-02 06:54 . 2016-08-16 23:39 25808384 ----a-w- c:\windows\system32\mshtml.dll
2016-08-02 06:47 . 2016-08-16 23:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-08-02 06:47 . 2016-08-16 23:39 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-08-02 06:32 . 2016-08-16 23:39 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-08-02 06:32 . 2016-08-16 23:39 2894336 ----a-w- c:\windows\system32\iertutil.dll
2016-08-02 06:31 . 2016-08-16 23:39 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-08-02 06:31 . 2016-08-16 23:39 417792 ----a-w- c:\windows\system32\html.iec
2016-08-02 06:31 . 2016-08-16 23:39 572416 ----a-w- c:\windows\system32\vbscript.dll
2016-08-02 06:31 . 2016-08-16 23:39 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-08-02 06:24 . 2016-08-16 23:39 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-08-02 06:23 . 2016-08-16 23:39 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-08-02 06:20 . 2016-08-16 23:39 615936 ----a-w- c:\windows\system32\ieui.dll
2016-08-02 06:19 . 2016-08-16 23:39 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-08-02 06:19 . 2016-08-16 23:39 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-08-02 06:18 . 2016-08-16 23:39 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-08-02 06:18 . 2016-08-16 23:39 817664 ----a-w- c:\windows\system32\jscript.dll
2016-08-02 06:18 . 2016-08-16 23:39 6047744 ----a-w- c:\windows\system32\jscript9.dll
2016-08-02 06:11 . 2016-08-16 23:39 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-08-02 06:08 . 2016-08-16 23:39 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-08-02 06:03 . 2016-08-16 23:39 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-08-02 06:00 . 2016-08-16 23:39 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-02 05:59 . 2016-08-16 23:39 107520 ----a-w- c:\windows\system32\inseng.dll
2016-08-02 05:56 . 2016-08-16 23:39 199680 ----a-w- c:\windows\system32\msrating.dll
2016-08-02 05:55 . 2016-08-16 23:39 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-08-02 05:53 . 2016-08-16 23:39 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-08-02 05:51 . 2016-08-16 23:39 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-08-02 05:51 . 2016-08-16 23:39 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-08-02 05:51 . 2016-08-16 23:39 152064 ----a-w- c:\windows\system32\occache.dll
2016-08-02 05:51 . 2016-08-16 23:39 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-08-02 05:51 . 2016-08-16 23:39 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-08-02 05:50 . 2016-08-16 23:39 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-08-02 05:41 . 2016-08-16 23:39 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-08-02 05:41 . 2016-08-16 23:39 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-08-02 05:40 . 2016-08-16 23:39 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-08-02 05:38 . 2016-08-16 23:39 724992 ----a-w- c:\windows\system32\ie4uinit.exe
2016-08-02 05:38 . 2016-08-16 23:39 806400 ----a-w- c:\windows\system32\msfeeds.dll
2016-08-02 05:37 . 2016-08-16 23:39 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-08-02 05:36 . 2016-08-16 23:39 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
2016-08-02 05:29 . 2016-08-16 23:39 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2016-08-02 05:28 . 2016-08-16 23:39 15412224 ----a-w- c:\windows\system32\ieframe.dll
2016-08-02 05:23 . 2016-08-16 23:39 2868224 ----a-w- c:\windows\system32\wininet.dll
2016-08-02 05:21 . 2016-08-16 23:39 4608000 ----a-w- c:\windows\SysWow64\jscript9.dll
2016-08-02 05:14 . 2016-08-16 23:39 2055680 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2016-08-02 05:14 . 2016-08-16 23:39 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2016-08-02 05:10 . 2016-08-16 23:39 1550848 ----a-w- c:\windows\system32\urlmon.dll
2016-08-02 04:59 . 2016-08-16 23:39 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2016-08-02 04:56 . 2016-08-16 23:39 2393088 ----a-w- c:\windows\SysWow64\wininet.dll
2016-07-26 13:24 . 2010-11-21 03:27 504488 ------w- c:\windows\system32\MpSigStub.exe
2016-07-19 23:44 . 2016-07-19 23:45 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-07-08 15:37 . 2016-08-16 23:29 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-07-08 15:37 . 2016-08-16 23:29 154856 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-07-08 15:32 . 2016-08-16 23:29 86528 ----a-w- c:\windows\system32\TSpkg.dll
2016-07-08 15:32 . 2016-08-16 23:29 210432 ----a-w- c:\windows\system32\wdigest.dll
2016-07-08 15:32 . 2016-08-16 23:29 135680 ----a-w- c:\windows\system32\sspicli.dll
2016-07-08 15:32 . 2016-08-16 23:29 28672 ----a-w- c:\windows\system32\sspisrv.dll
2016-07-08 15:32 . 2016-08-16 23:29 343552 ----a-w- c:\windows\system32\schannel.dll
2016-07-08 15:32 . 2016-08-16 23:29 1212928 ----a-w- c:\windows\system32\rpcrt4.dll
2016-07-08 15:32 . 2016-08-16 23:29 190464 ----a-w- c:\windows\system32\rpchttp.dll
2016-07-08 15:32 . 2016-08-16 23:29 28160 ----a-w- c:\windows\system32\secur32.dll
2016-07-08 15:32 . 2016-08-16 23:29 316416 ----a-w- c:\windows\system32\msv1_0.dll
2016-07-08 15:32 . 2016-08-16 23:29 312320 ----a-w- c:\windows\system32\ncrypt.dll
2016-07-08 15:32 . 2016-08-16 23:29 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-07-08 15:32 . 2016-08-16 23:29 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-07-08 15:32 . 2016-08-16 23:29 1464320 ----a-w- c:\windows\system32\lsasrv.dll
2016-07-08 15:32 . 2016-08-16 23:29 730624 ----a-w- c:\windows\system32\kerberos.dll
2016-07-08 15:32 . 2016-08-16 23:29 43520 ----a-w- c:\windows\system32\cryptbase.dll
2016-07-08 15:32 . 2016-08-16 23:29 22016 ----a-w- c:\windows\system32\credssp.dll
2016-07-08 15:32 . 2016-08-16 23:29 463872 ----a-w- c:\windows\system32\certcli.dll
2016-07-08 15:32 . 2016-08-16 23:29 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-07-08 15:17 . 2016-08-16 23:29 666112 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2016-07-08 15:17 . 2016-08-16 23:29 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2016-07-08 15:16 . 2016-08-16 23:29 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2016-07-08 15:16 . 2016-08-16 23:29 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2016-07-08 15:16 . 2016-08-16 23:29 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2016-07-08 15:16 . 2016-08-16 23:29 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2016-07-08 15:16 . 2016-08-16 23:29 141312 ----a-w- c:\windows\SysWow64\rpchttp.dll
2016-07-08 15:16 . 2016-08-16 23:29 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2016-07-08 15:16 . 2016-08-16 23:29 260608 ----a-w- c:\windows\SysWow64\msv1_0.dll
2016-07-08 15:16 . 2016-08-16 23:29 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-07-08 15:16 . 2016-08-16 23:29 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-07-08 15:16 . 2016-08-16 23:29 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2016-07-08 15:16 . 2016-08-16 23:29 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2016-07-08 15:16 . 2016-08-16 23:29 342528 ----a-w- c:\windows\SysWow64\certcli.dll
2016-07-08 15:16 . 2016-08-16 23:29 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2016-07-08 15:03 . 2016-08-16 23:29 64000 ----a-w- c:\windows\system32\auditpol.exe
2016-07-08 15:01 . 2016-08-16 23:29 3218944 ----a-w- c:\windows\system32\win32k.sys
2016-07-08 14:57 . 2016-08-16 23:29 159744 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-07-08 14:56 . 2016-08-16 23:29 291328 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-07-08 14:56 . 2016-08-16 23:29 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-07-08 14:55 . 2016-08-16 23:29 30720 ----a-w- c:\windows\system32\lsass.exe
2016-07-08 14:55 . 2016-08-16 23:29 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2016-07-08 14:50 . 2016-08-16 23:29 36352 ----a-w- c:\windows\SysWow64\cryptbase.dll
2016-06-26 00:35 . 2016-07-14 03:37 41704 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-06-26 00:27 . 2016-07-14 03:37 756736 ----a-w- c:\windows\system32\win32spl.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 awUSB;awUSB;c:\windows\system32\DRIVERS\USBDrv_AMD64.sys;c:\windows\SYSNATIVE\DRIVERS\USBDrv_AMD64.sys [x]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\CisUtMonitor.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Nitro\Pro 9\NitroPDFDriverService9x64.exe;c:\program files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [x]
S2 NitroUpdateService;NitroUpdateService;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contenu du dossier 'Tâches planifiées'
.
2016-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871439081-2099620904-1760313982-1000Core.job
- c:\users\Fethi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-26 09:09]
.
2016-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871439081-2099620904-1760313982-1000UA.job
- c:\users\Fethi\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-26 09:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = https://www.google.com/ie
mLocal Page = c:\windows\System32\blank.htm
mCustomizeSearch = https://www.google.com/
mSearchAssistant = https://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BFB80AB9-418D-4E69-AA2D-C581B3D8B276}: NameServer = 8.8.8.8
TCP: Interfaces\{BFB80AB9-418D-4E69-AA2D-C581B3D8B276}\44A414755424: NameServer = 8.8.8.8
TCP: Interfaces\{BFB80AB9-418D-4E69-AA2D-C581B3D8B276}\44A414755424F54493249323: NameServer = 8.8.8.8
TCP: Interfaces\{BFB80AB9-418D-4E69-AA2D-C581B3D8B276}\44A414755424F56493432454: NameServer = 8.8.8.8
TCP: Interfaces\{BFB80AB9-418D-4E69-AA2D-C581B3D8B276}\44C496E6B6: NameServer = 8.8.8.8
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3122661 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3127233 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3136000 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3136000v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3142037 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3143693 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3164025 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.6.01055\setup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-871439081-2099620904-1760313982-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0B9B063-CC36-18CA-ACA2-703F5F1FA732}*]
"jagdkilpclfedphdmejo"=hex:62,61,6a,6a,00,00
"jagdkilpclfedphdmeno"=hex:62,61,6a,6a,00,00
"iagchiihecmaijcjlb"=hex:6b,61,68,6a,66,6a,66,6a,67,65,61,6a,6b,65,68,67,70,61,
6b,6c,6e,66,00,00
"hamcjkdcadbdmdcl"=hex:6b,61,68,6a,66,6a,66,6a,67,65,61,6a,6b,65,68,67,70,61,
6b,6c,6e,66,00,00
.
[HKEY_USERS\S-1-5-21-871439081-2099620904-1760313982-1000_Classes\Wow6432Node\CLSID\{644ca9bc-366b-442d-ad0b-6cbe44a5ae63}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000002
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-871439081-2099620904-1760313982-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b0,8e,3a,d0,20,8b,bb,c0,05,30,54,52,b3,c7,63,ec,f1,ad,93,3f,da,
47,95,54,2d,2d,b3,a3,54,b2,c9,7d,b1,02,f9,c1,f9,f1,ff,fe,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_286_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_286.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2016-09-21 20:16:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-09-21 19:16
.
Avant-CF: 40 116 174 848 octets libres
Après-CF: 39 656 599 552 octets libres
.
- - End Of File - - 9C449C0BDF3A0F2E37256452D0AC1922
A36C5E4F47E84449FF07ED3517B43A31