Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-09-28.01 - -user 05/10/2016 9:58.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1993.1233 [GMT 2:00]
Lancé depuis: c:\users\-user.WXPP-XXX\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
FW: Kaspersky Anti-Virus *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Anti-Virus *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\minftnet.exe
c:\program files\Internet Explorer\minftnet.ini
c:\programdata\ntuser.pol
c:\users\-user.WXPP-XXX\AppData\Local\assembly\tmp
c:\users\-user.WXPP-XXX\ZHPDiag3.exe
c:\users\-user\AppData\Local\assembly\tmp
c:\users\-user\AppData\Local\assembly\tmp\0PINH8QE\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\0PINH8QE\WZCFR.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\10EILRBX\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\10EILRBX\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\1MII1150\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\1MII1150\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\346OAT62\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\346OAT62\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\3J7VI3NP\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\3J7VI3NP\OLCmdBar.DLL
c:\users\-user\AppData\Local\assembly\tmp\4FVSOH9S\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\4FVSOH9S\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\577Q2AD0\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\577Q2AD0\WZOutlok.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\5GYV42DB\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\5GYV42DB\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\5W8Q58M6\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\5W8Q58M6\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\6NOXV5Z4\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\6NOXV5Z4\WZCFR.DLL
c:\users\-user\AppData\Local\assembly\tmp\8XLTID4Z\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\8XLTID4Z\WZCFR.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\90I80SVG\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\90I80SVG\OLCmdBar.DLL
c:\users\-user\AppData\Local\assembly\tmp\9CGW8RZG\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\9CGW8RZG\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\9ZAXYBTI\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\9ZAXYBTI\ZipSendService.DLL
c:\users\-user\AppData\Local\assembly\tmp\BEB3XJ1E\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\BEB3XJ1E\office.DLL
c:\users\-user\AppData\Local\assembly\tmp\C1II61PC\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\C1II61PC\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\CZ5GMKZ8\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\CZ5GMKZ8\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\DOQX1Y21\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\DOQX1Y21\WZOutlok.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\DYURPVKE\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\DYURPVKE\office.DLL
c:\users\-user\AppData\Local\assembly\tmp\EDIB3UR6\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\EDIB3UR6\WZSVC.DLL
c:\users\-user\AppData\Local\assembly\tmp\EQQSCSNI\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\EQQSCSNI\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\F6WNWFOW\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\F6WNWFOW\ZipSendService.DLL
c:\users\-user\AppData\Local\assembly\tmp\G6BGOOUG\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\G6BGOOUG\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\IKUALJLX\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\IKUALJLX\OLCmdBar.DLL
c:\users\-user\AppData\Local\assembly\tmp\IRAADX29\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\IRAADX29\WZCFR.DLL
c:\users\-user\AppData\Local\assembly\tmp\IWHSN0XB\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\IWHSN0XB\WZCFR.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\IWTE3SGD\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\IWTE3SGD\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\L42QWDCV\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\L42QWDCV\OLCmdBar.DLL
c:\users\-user\AppData\Local\assembly\tmp\M5O0RM72\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\M5O0RM72\WZSVC.DLL
c:\users\-user\AppData\Local\assembly\tmp\M8OMGYSO\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\M8OMGYSO\Microsoft.Office.Interop.Outlook.DLL
c:\users\-user\AppData\Local\assembly\tmp\MLC0SQI1\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\MLC0SQI1\OLCmdBar.DLL
c:\users\-user\AppData\Local\assembly\tmp\N5CXT0H7\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\N5CXT0H7\WZOutlok.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\OH2SMEKO\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\OH2SMEKO\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\OZ3SY0AC\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\OZ3SY0AC\WZOutlok.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\QD88UH3V\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\QD88UH3V\WZOutlok.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\QUFFTK0K\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\QUFFTK0K\office.DLL
c:\users\-user\AppData\Local\assembly\tmp\S6HJGLLJ\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\S6HJGLLJ\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\UYLOHOMM\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\UYLOHOMM\WZSVC.DLL
c:\users\-user\AppData\Local\assembly\tmp\WMHLT4HY\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\WMHLT4HY\office.DLL
c:\users\-user\AppData\Local\assembly\tmp\X2O414ZR\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\X2O414ZR\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\ZS65JFZC\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\ZS65JFZC\WZOutlok.DLL
c:\users\-user\AppData\Local\Microsoft\Windows\Temporary Internet Files\plot.log
c:\users\TEMP\AppData\Local\assembly\tmp
c:\windows\Downloaded Program Files\IDropFRA.dll
c:\windows\run.vbs
c:\windows\security\Database\tmp.edb
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\272512937d9e61a4__exp__1409898856
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\28bc8f716fd76a47__exp__1409898855
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\32c84fe32bb74d60__exp__1409898857
c:\windows\system32\Cache\3f0036da5a3aaf14.fb
c:\windows\system32\Cache\3f0036da5a3aaf14__exp__1409898854
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\590ba23ce359fd0c__exp__1409898857
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1__exp__1409898856
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0__exp__1409898856
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6d03dad1035885d3__exp__1409898858
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\ad10a52aff5e038d__exp__1409898855
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c1fa887b03019701__exp__1409898857
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c4d28dca2e7648be__exp__1409898856
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d201ef9910cd39de__exp__1409898856
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\f998975c9cc711ee__exp__1409898857
c:\windows\system32\config\systemprofile\AppData\Local\assembly\tmp
c:\windows\system32\MsMAsk32.ocx
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-09-05 au 2016-10-05 ))))))))))))))))))))))))))))))))))))
.
.
2016-10-05 08:08 . 2016-10-05 08:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2016-10-05 08:08 . 2016-10-05 08:08 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2016-10-05 08:08 . 2016-10-05 08:08 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2016-09-23 07:00 . 2016-09-23 07:00 -------- d-----w- c:\program files\ESET
2016-09-23 05:54 . 2016-09-23 05:56 -------- d-----w- c:\program files\ZHPFix
2016-09-22 09:57 . 2016-10-05 08:10 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Local\Temp
2016-09-22 09:29 . 2016-09-22 09:52 -------- d-----w- C:\zoek_backup
2016-09-22 06:19 . 2016-09-22 07:35 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-22 06:18 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-22 06:18 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-22 06:18 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-22 06:18 . 2016-09-22 06:18 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-09-22 06:15 . 2016-10-05 08:10 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Roaming\AdAnti
2016-09-21 12:51 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2016-09-21 12:51 . 2012-07-05 20:06 687544 ----a-w- c:\windows\system32\deployJava1.dll
2016-09-21 12:37 . 2016-09-21 12:37 -------- d-----w- c:\users\-user.WXPP-XXX\.oracle_jre_usage
2016-09-21 12:37 . 2016-09-21 12:37 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2016-09-21 09:23 . 2016-08-05 15:13 2048 ----a-w- c:\windows\system32\tzres.dll
2016-09-21 08:00 . 2016-10-04 10:01 -------- d-----w- C:\FRST
2016-09-21 07:50 . 2016-09-23 06:08 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Roaming\ZHP
2016-09-20 13:43 . 2016-09-20 14:23 147328 ----a-w- c:\windows\system32\drivers\klflt.sys
2016-09-20 13:43 . 2016-09-20 14:14 53168 ----a-w- c:\windows\system32\drivers\klhk.sys
2016-09-19 13:26 . 2016-09-19 13:26 -------- d-----w- c:\windows\system32\kuv
2016-09-19 11:52 . 2016-09-19 11:52 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Local\Apps
2016-09-19 11:48 . 2016-09-19 11:48 -------- d-----w- c:\programdata\Avira
2016-09-19 11:48 . 2016-09-19 11:48 -------- d-----w- c:\programdata\Avg
2016-09-16 06:06 . 2016-09-16 06:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D7A9437-B946-46B6-A154-63D428BF9AC9}\offreg.4660.dll
2016-09-16 05:48 . 2016-08-02 22:19 9654712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D7A9437-B946-46B6-A154-63D428BF9AC9}\mpengine.dll
2016-09-14 07:18 . 2016-07-07 15:20 1309928 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-09-14 07:18 . 2016-07-07 15:20 240872 ----a-w- c:\windows\system32\drivers\netio.sys
2016-09-14 07:18 . 2016-07-07 15:20 187624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2016-09-14 07:18 . 2016-07-07 14:57 35840 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2016-09-14 07:18 . 2016-07-01 15:13 84480 ----a-w- c:\windows\system32\INETRES.dll
2016-09-14 07:18 . 2016-07-01 15:13 741888 ----a-w- c:\windows\system32\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-21 12:52 . 2014-01-20 07:07 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-09-20 14:23 . 2015-06-11 17:32 44120 ----a-w- c:\windows\system32\drivers\klim6.sys
2016-09-20 14:23 . 2015-06-08 17:43 39304 ----a-w- c:\windows\system32\drivers\klpd.sys
2016-09-20 14:23 . 2015-06-06 06:48 66976 ----a-w- c:\windows\system32\drivers\kldisk.sys
2016-09-14 07:24 . 2012-06-20 10:36 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-09-14 07:24 . 2011-06-15 09:39 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-07-26 12:24 . 2010-01-13 09:03 406184 ------w- c:\windows\system32\MpSigStub.exe
2009-07-13 23:11 55296 --sha-w- c:\windows\System32\drivers\alifide.sys
2001-08-17 05:59 237216 --sha-w- c:\windows\System32\drivers\peleiq.sys
2008-12-09 14:03 267024 --sha-w- c:\windows\System32\drivers\qlswql.sys
2008-12-09 14:03 267024 --sha-w- c:\windows\System32\drivers\qmryom.sys
2001-08-17 05:59 237216 --sha-w- c:\windows\System32\drivers\rnhnor.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sage AutoUpdate.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sage AutoUpdate.lnk
backup=c:\windows\pss\Sage AutoUpdate.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-12-17 17:39 60688 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-12-08 19:23 6602152 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileOpenBroker]
2013-03-26 10:23 908144 ----a-w- c:\program files\FileOpen\Services\FileOpenBroker32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 00:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-12-17 21:12 157456 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iWareV3]
2009-03-27 19:55 507904 ----a-w- c:\program files\MouseDriver\OfficeMouse.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegTool]
2012-02-27 13:26 945152 ----a-w- c:\program files\Gemalto\Classic Client\BIN\RegTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-02 18:07 7596576 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SN0XRCV]
2006-10-23 08:11 102400 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\SN0XRCV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-06-01 11:08 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2015-03-12 39376]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 SageCHAU.Service;Sage AutoUpdate;c:\programdata\Sage\AutoUpdate\SageCHAU.Service.exe [2012-09-13 13312]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2016-06-14 26168]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys [2016-06-14 40504]
R3 eapihdrv;eapihdrv;c:\users\-USER~1.WXP\AppData\Local\Temp\ehdrv.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2013-04-24 98816]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-10-30 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2014-06-10 18944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1343400]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R4 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [2012-08-16 53248]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\DRIVERS\cm_km.sys [2015-07-05 201912]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys [2015-06-06 46776]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys [2015-06-26 58224]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys [2016-09-20 53168]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2016-09-20 44120]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys [2016-09-20 39304]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2015-06-11 54328]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys [2015-06-16 87736]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2015-06-23 156856]
S1 qlswql;qlswql; [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2013-07-30 137232]
S2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [2016-09-20 194000]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FileOpenManager;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManager32.exe [2013-03-19 217456]
S2 GslShmSrvc;GSL Share Memory;c:\program files\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2011-05-12 85504]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys [2016-09-20 66976]
S2 Sentinel RMS License Manager;Sentinel RMS License Manager;c:\program files\Common Files\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe [2010-05-26 847872]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-24 2066968]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-10 214696]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2016-09-20 147328]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2015-06-06 37048]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2015-06-06 38072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
utcsvc REG_MULTI_SZ DiagTrack
TherkaleSchedule REG_MULTI_SZ TherkaleSchedule
.
Contenu du dossier 'Tâches planifiées'
.
2016-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 07:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\-user.WXPP-XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rnxs7jbn.default-1474552426118\
.
.
------- Associations de fichier -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Notify-ScCertProp - (no file)
SafeBoot-71305989.sys
MSConfigStartUp-AuthentIC Manager - AuthManagerV3.exe
HKLM_ActiveSetup-{65122CB0-EA0F-47DF-A953-017170ED12F9} - c:\program files\UCBrowser\Application\5.7.15319.5\Installer\chrmstp.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{74d0e5db-b326-4dae-a6b2-445b9de1836e} - c:\programdata\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conhost.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Heure de fin: 2016-10-05 10:18:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-10-05 08:18
.
Avant-CF: 222 665 719 808 octets libres
Après-CF: 222 310 359 040 octets libres
.
- - End Of File - - 0801A2DF0F2E02C765346260002DD98D
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1993.1233 [GMT 2:00]
Lancé depuis: c:\users\-user.WXPP-XXX\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
FW: Kaspersky Anti-Virus *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Anti-Virus *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\minftnet.exe
c:\program files\Internet Explorer\minftnet.ini
c:\programdata\ntuser.pol
c:\users\-user.WXPP-XXX\AppData\Local\assembly\tmp
c:\users\-user.WXPP-XXX\ZHPDiag3.exe
c:\users\-user\AppData\Local\assembly\tmp
c:\users\-user\AppData\Local\assembly\tmp\0PINH8QE\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\0PINH8QE\WZCFR.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\10EILRBX\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\10EILRBX\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\1MII1150\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\1MII1150\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\346OAT62\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\346OAT62\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\3J7VI3NP\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\3J7VI3NP\OLCmdBar.DLL
c:\users\-user\AppData\Local\assembly\tmp\4FVSOH9S\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\4FVSOH9S\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\577Q2AD0\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\577Q2AD0\WZOutlok.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\5GYV42DB\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\5GYV42DB\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\5W8Q58M6\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\5W8Q58M6\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\6NOXV5Z4\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\6NOXV5Z4\WZCFR.DLL
c:\users\-user\AppData\Local\assembly\tmp\8XLTID4Z\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\8XLTID4Z\WZCFR.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\90I80SVG\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\90I80SVG\OLCmdBar.DLL
c:\users\-user\AppData\Local\assembly\tmp\9CGW8RZG\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\9CGW8RZG\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\9ZAXYBTI\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\9ZAXYBTI\ZipSendService.DLL
c:\users\-user\AppData\Local\assembly\tmp\BEB3XJ1E\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\BEB3XJ1E\office.DLL
c:\users\-user\AppData\Local\assembly\tmp\C1II61PC\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\C1II61PC\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\CZ5GMKZ8\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\CZ5GMKZ8\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\DOQX1Y21\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\DOQX1Y21\WZOutlok.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\DYURPVKE\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\DYURPVKE\office.DLL
c:\users\-user\AppData\Local\assembly\tmp\EDIB3UR6\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\EDIB3UR6\WZSVC.DLL
c:\users\-user\AppData\Local\assembly\tmp\EQQSCSNI\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\EQQSCSNI\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\F6WNWFOW\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\F6WNWFOW\ZipSendService.DLL
c:\users\-user\AppData\Local\assembly\tmp\G6BGOOUG\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\G6BGOOUG\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\IKUALJLX\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\IKUALJLX\OLCmdBar.DLL
c:\users\-user\AppData\Local\assembly\tmp\IRAADX29\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\IRAADX29\WZCFR.DLL
c:\users\-user\AppData\Local\assembly\tmp\IWHSN0XB\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\IWHSN0XB\WZCFR.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\IWTE3SGD\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\IWTE3SGD\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\L42QWDCV\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\L42QWDCV\OLCmdBar.DLL
c:\users\-user\AppData\Local\assembly\tmp\M5O0RM72\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\M5O0RM72\WZSVC.DLL
c:\users\-user\AppData\Local\assembly\tmp\M8OMGYSO\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\M8OMGYSO\Microsoft.Office.Interop.Outlook.DLL
c:\users\-user\AppData\Local\assembly\tmp\MLC0SQI1\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\MLC0SQI1\OLCmdBar.DLL
c:\users\-user\AppData\Local\assembly\tmp\N5CXT0H7\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\N5CXT0H7\WZOutlok.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\OH2SMEKO\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\OH2SMEKO\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\OZ3SY0AC\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\OZ3SY0AC\WZOutlok.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\QD88UH3V\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\QD88UH3V\WZOutlok.resources.DLL
c:\users\-user\AppData\Local\assembly\tmp\QUFFTK0K\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\QUFFTK0K\office.DLL
c:\users\-user\AppData\Local\assembly\tmp\S6HJGLLJ\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\S6HJGLLJ\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\UYLOHOMM\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\UYLOHOMM\WZSVC.DLL
c:\users\-user\AppData\Local\assembly\tmp\WMHLT4HY\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\WMHLT4HY\office.DLL
c:\users\-user\AppData\Local\assembly\tmp\X2O414ZR\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\X2O414ZR\WZOutlok.DLL
c:\users\-user\AppData\Local\assembly\tmp\ZS65JFZC\__AssemblyInfo__.ini
c:\users\-user\AppData\Local\assembly\tmp\ZS65JFZC\WZOutlok.DLL
c:\users\-user\AppData\Local\Microsoft\Windows\Temporary Internet Files\plot.log
c:\users\TEMP\AppData\Local\assembly\tmp
c:\windows\Downloaded Program Files\IDropFRA.dll
c:\windows\run.vbs
c:\windows\security\Database\tmp.edb
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\272512937d9e61a4__exp__1409898856
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\28bc8f716fd76a47__exp__1409898855
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\32c84fe32bb74d60__exp__1409898857
c:\windows\system32\Cache\3f0036da5a3aaf14.fb
c:\windows\system32\Cache\3f0036da5a3aaf14__exp__1409898854
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\590ba23ce359fd0c__exp__1409898857
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1__exp__1409898856
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0__exp__1409898856
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6d03dad1035885d3__exp__1409898858
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\ad10a52aff5e038d__exp__1409898855
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c1fa887b03019701__exp__1409898857
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c4d28dca2e7648be__exp__1409898856
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d201ef9910cd39de__exp__1409898856
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\f998975c9cc711ee__exp__1409898857
c:\windows\system32\config\systemprofile\AppData\Local\assembly\tmp
c:\windows\system32\MsMAsk32.ocx
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-09-05 au 2016-10-05 ))))))))))))))))))))))))))))))))))))
.
.
2016-10-05 08:08 . 2016-10-05 08:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2016-10-05 08:08 . 2016-10-05 08:08 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2016-10-05 08:08 . 2016-10-05 08:08 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2016-09-23 07:00 . 2016-09-23 07:00 -------- d-----w- c:\program files\ESET
2016-09-23 05:54 . 2016-09-23 05:56 -------- d-----w- c:\program files\ZHPFix
2016-09-22 09:57 . 2016-10-05 08:10 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Local\Temp
2016-09-22 09:29 . 2016-09-22 09:52 -------- d-----w- C:\zoek_backup
2016-09-22 06:19 . 2016-09-22 07:35 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-22 06:18 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-22 06:18 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-22 06:18 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-22 06:18 . 2016-09-22 06:18 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-09-22 06:15 . 2016-10-05 08:10 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Roaming\AdAnti
2016-09-21 12:51 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2016-09-21 12:51 . 2012-07-05 20:06 687544 ----a-w- c:\windows\system32\deployJava1.dll
2016-09-21 12:37 . 2016-09-21 12:37 -------- d-----w- c:\users\-user.WXPP-XXX\.oracle_jre_usage
2016-09-21 12:37 . 2016-09-21 12:37 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2016-09-21 09:23 . 2016-08-05 15:13 2048 ----a-w- c:\windows\system32\tzres.dll
2016-09-21 08:00 . 2016-10-04 10:01 -------- d-----w- C:\FRST
2016-09-21 07:50 . 2016-09-23 06:08 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Roaming\ZHP
2016-09-20 13:43 . 2016-09-20 14:23 147328 ----a-w- c:\windows\system32\drivers\klflt.sys
2016-09-20 13:43 . 2016-09-20 14:14 53168 ----a-w- c:\windows\system32\drivers\klhk.sys
2016-09-19 13:26 . 2016-09-19 13:26 -------- d-----w- c:\windows\system32\kuv
2016-09-19 11:52 . 2016-09-19 11:52 -------- d-----w- c:\users\-user.WXPP-XXX\AppData\Local\Apps
2016-09-19 11:48 . 2016-09-19 11:48 -------- d-----w- c:\programdata\Avira
2016-09-19 11:48 . 2016-09-19 11:48 -------- d-----w- c:\programdata\Avg
2016-09-16 06:06 . 2016-09-16 06:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D7A9437-B946-46B6-A154-63D428BF9AC9}\offreg.4660.dll
2016-09-16 05:48 . 2016-08-02 22:19 9654712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D7A9437-B946-46B6-A154-63D428BF9AC9}\mpengine.dll
2016-09-14 07:18 . 2016-07-07 15:20 1309928 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-09-14 07:18 . 2016-07-07 15:20 240872 ----a-w- c:\windows\system32\drivers\netio.sys
2016-09-14 07:18 . 2016-07-07 15:20 187624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2016-09-14 07:18 . 2016-07-07 14:57 35840 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2016-09-14 07:18 . 2016-07-01 15:13 84480 ----a-w- c:\windows\system32\INETRES.dll
2016-09-14 07:18 . 2016-07-01 15:13 741888 ----a-w- c:\windows\system32\inetcomm.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-09-21 12:52 . 2014-01-20 07:07 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-09-20 14:23 . 2015-06-11 17:32 44120 ----a-w- c:\windows\system32\drivers\klim6.sys
2016-09-20 14:23 . 2015-06-08 17:43 39304 ----a-w- c:\windows\system32\drivers\klpd.sys
2016-09-20 14:23 . 2015-06-06 06:48 66976 ----a-w- c:\windows\system32\drivers\kldisk.sys
2016-09-14 07:24 . 2012-06-20 10:36 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-09-14 07:24 . 2011-06-15 09:39 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-07-26 12:24 . 2010-01-13 09:03 406184 ------w- c:\windows\system32\MpSigStub.exe
2009-07-13 23:11 55296 --sha-w- c:\windows\System32\drivers\alifide.sys
2001-08-17 05:59 237216 --sha-w- c:\windows\System32\drivers\peleiq.sys
2008-12-09 14:03 267024 --sha-w- c:\windows\System32\drivers\qlswql.sys
2008-12-09 14:03 267024 --sha-w- c:\windows\System32\drivers\qmryom.sys
2001-08-17 05:59 237216 --sha-w- c:\windows\System32\drivers\rnhnor.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sage AutoUpdate.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sage AutoUpdate.lnk
backup=c:\windows\pss\Sage AutoUpdate.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-12-17 17:39 60688 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-12-08 19:23 6602152 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileOpenBroker]
2013-03-26 10:23 908144 ----a-w- c:\program files\FileOpen\Services\FileOpenBroker32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 00:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 17:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-12-17 21:12 157456 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iWareV3]
2009-03-27 19:55 507904 ----a-w- c:\program files\MouseDriver\OfficeMouse.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegTool]
2012-02-27 13:26 945152 ----a-w- c:\program files\Gemalto\Classic Client\BIN\RegTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-02 18:07 7596576 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SN0XRCV]
2006-10-23 08:11 102400 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\SN0XRCV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-06-01 11:08 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2015-03-12 39376]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 SageCHAU.Service;Sage AutoUpdate;c:\programdata\Sage\AutoUpdate\SageCHAU.Service.exe [2012-09-13 13312]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys [2016-06-14 26168]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys [2016-06-14 40504]
R3 eapihdrv;eapihdrv;c:\users\-USER~1.WXP\AppData\Local\Temp\ehdrv.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2013-04-24 98816]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-10-30 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2014-06-10 18944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-06 1343400]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R4 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [2012-08-16 53248]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x86 (Weak);c:\windows\system32\DRIVERS\cm_km.sys [2015-07-05 201912]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys [2015-06-06 46776]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys [2015-06-26 58224]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys [2016-09-20 53168]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2016-09-20 44120]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys [2016-09-20 39304]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2015-06-11 54328]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys [2015-06-16 87736]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2015-06-23 156856]
S1 qlswql;qlswql; [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2013-07-30 137232]
S2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [2016-09-20 194000]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FileOpenManager;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManager32.exe [2013-03-19 217456]
S2 GslShmSrvc;GSL Share Memory;c:\program files\Gemalto\Classic Client\BIN\GslShmSrvc.exe [2011-05-12 85504]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys [2016-09-20 66976]
S2 Sentinel RMS License Manager;Sentinel RMS License Manager;c:\program files\Common Files\SafeNet Sentinel\Sentinel RMS License Manager\WinNT\lservnt.exe [2010-05-26 847872]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-24 2066968]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-10 214696]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys [2016-09-20 147328]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2015-06-06 37048]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2015-06-06 38072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
utcsvc REG_MULTI_SZ DiagTrack
TherkaleSchedule REG_MULTI_SZ TherkaleSchedule
.
Contenu du dossier 'Tâches planifiées'
.
2016-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 07:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\-user.WXPP-XXX\AppData\Roaming\Mozilla\Firefox\Profiles\rnxs7jbn.default-1474552426118\
.
.
------- Associations de fichier -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Notify-ScCertProp - (no file)
SafeBoot-71305989.sys
MSConfigStartUp-AuthentIC Manager - AuthManagerV3.exe
HKLM_ActiveSetup-{65122CB0-EA0F-47DF-A953-017170ED12F9} - c:\program files\UCBrowser\Application\5.7.15319.5\Installer\chrmstp.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{74d0e5db-b326-4dae-a6b2-445b9de1836e} - c:\programdata\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\conhost.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Heure de fin: 2016-10-05 10:18:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-10-05 08:18
.
Avant-CF: 222 665 719 808 octets libres
Après-CF: 222 310 359 040 octets libres
.
- - End Of File - - 0801A2DF0F2E02C765346260002DD98D
A36C5E4F47E84449FF07ED3517B43A31