Publicité
Publicité
Commentaire : slt à tous. je n'arrive pas à installer quelque chose sur mon pc, je n'arrive pas à apporter des modif avec mon pc, je n'arrive pas à activé mon antivirus qui est desactivé... Meme windows defender n'arrive pas à analiser le pc. j'ai donc éssayer avec Combofix et voilà le rapport. aidez moi
Format du document : text/plain
Prévisualisation
ComboFix 16-12-02.01 - MICHEL 04/12/2016 9:01.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2038.742 [GMT 0:00]
Lancé depuis: c:\users\MICHEL\Desktop\Kha.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\62482812bca8fdca.sys
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
-------\Service_syshost32
-------\Legacy_62482812bca8fdca
-------\Service_62482812bca8fdca
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-11-04 au 2016-12-04 ))))))))))))))))))))))))))))))))))))
.
.
2016-12-04 09:11 . 2016-12-04 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-03 17:42 . 2016-12-03 17:43 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-12-03 14:35 . 2016-12-03 14:35 91232 -c--a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-12-03 14:35 . 2016-12-03 14:35 60424 -c--a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-12-03 14:35 . 2016-12-03 14:35 434144 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2016-12-03 14:35 . 2016-12-03 14:35 34008 -c--a-w- c:\windows\system32\drivers\aswHwid.sys
2016-12-03 14:35 . 2016-12-03 14:35 224616 -c--a-w- c:\windows\system32\drivers\aswVmm.sys
2016-12-03 14:35 . 2016-12-03 14:35 118664 -c--a-w- c:\windows\system32\drivers\aswStm.sys
2016-12-03 14:34 . 2016-12-03 14:34 735352 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2016-12-03 14:34 . 2016-12-03 14:34 35096 -c--a-w- c:\windows\system32\drivers\aswKbd.sys
2016-11-18 11:00 . 2016-11-18 11:00 -------- d-----w- c:\users\MICHEL\AppData\Roaming\TuneUp Software
2016-11-18 10:58 . 2016-11-18 11:01 -------- d-----w- c:\programdata\TuneUp Software
2016-11-18 10:57 . 2016-11-18 10:57 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2016-11-09 17:16 . 2016-11-09 17:16 -------- d-----w- c:\users\MICHEL\AppData\Local\intuit
2016-11-09 16:41 . 2016-11-09 16:41 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2016-11-09 16:40 . 2016-11-09 16:43 -------- d-----w- c:\programdata\Intuit
2016-11-09 16:40 . 2016-11-09 16:42 -------- d-----w- c:\program files\Common Files\Intuit
2016-11-09 16:40 . 2016-11-09 16:40 -------- d-----w- c:\program files\Intuit
2016-11-09 16:38 . 2016-11-09 16:38 -------- d-----w- c:\programdata\COMMON FILES
2016-11-09 16:37 . 2016-11-28 07:06 -------- d-----w- c:\users\MICHEL\AppData\Local\ApplicationHistory
2016-11-09 16:34 . 2016-11-09 16:34 -------- d-----w- c:\windows\system32\URTTEMP
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-23 11:34 . 2016-02-12 18:13 807000 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-11-23 11:34 . 2016-02-12 18:13 144984 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-22 23:16 . 2016-02-12 18:32 151552 ----a-w- c:\windows\KMSEmulator.exe
2016-09-22 16:53 . 2016-09-22 16:53 921280 ----a-w- c:\windows\ucrtbase.dll
2016-09-16 05:14 . 2016-09-16 05:14 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F509AABC-6ACF-47E8-8E96-194CD4E6A778}\offreg.2240.dll
2016-09-10 07:31 . 2016-09-10 07:31 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F509AABC-6ACF-47E8-8E96-194CD4E6A778}\offreg.2108.dll
2015-10-21 16:34 . 2016-11-03 09:19 1951512 ----a-w- c:\program files\sfhelper.exe
2008-04-14 11:44 . 2016-11-03 09:35 155536 ----a-w- c:\program files\sfdrvrem.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"MediaDICO4Ut"="c:\program files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe" [2004-03-03 252416]
"uTorrent"="c:\users\MICHEL\AppData\Roaming\uTorrent\uTorrent.exe" [2016-11-27 2145984]
"{892F8A97-8944-433D-8A0B-4A259C242BF7}"="c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe" [2009-07-14 452608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2016-05-05 508128]
"AdobeCEPServiceManager"="c:\program files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2016-11-09 29744]
.
c:\users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lanceur.lnk - c:\program files\Micro Application\LauncherMA.exe [2009-2-10 485376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Application de mise à jour de QuickBooks.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-10 967960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-14 22:41 1364072 ----a-w- c:\program files\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12 11:34]
.
2016-10-22 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2016-02-12 18:33]
.
2016-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-12 18:13]
.
2016-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-12 18:13]
.
.
------- Examen supplémentaire -------
.
uStart Page =
mStart Page =
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 10.128.128.128
FF - ProfilePath - c:\users\MICHEL\AppData\Roaming\Mozilla\Firefox\Profiles\ankbczyc.default\
FF - prefs.js: keyword.URL - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
ShellIconOverlayIdentifiers-{853B7E05-C47D-4985-909A-D0DC5C6D7303} - c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
ShellIconOverlayIdentifiers-{42D38F2E-98E9-4382-B546-E24E4D6D04BB} - c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-qBittorrent - c:\users\MICHEL\Downloads\qBittorrentPortable\App\qBittorrent\qbittorrent.exe
HKLM-Run-Adobe Creative Cloud - c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
HKLM-Run-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-192749338-1734932977-1034651298-1000_Classes\CLSID\{2a02e090-6939-4073-bc25-34ec5937691f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000be
"Therad"=dword:0000002f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,61,a9,31,47,dd,68,9a,4f,12,d7,d0,42,4b,45,40,b8,dc,c6,54,7b,60,1f,\
.
[HKEY_USERS\S-1-5-21-192749338-1734932977-1034651298-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a9,06,b5,62,20,3c,97,27,a7,6c,1b,db,45,ce,71,fd,80,1f,b2,15,7d,
87,d1,3d,4a,9d,e1,b1,44,91,ca,e4,de,0d,66,cd,22,73,3e,ef,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Adobe\AdobeGCClient\AGSService.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2016-12-04 09:17:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-12-04 09:17
.
Avant-CF: 7 465 013 248 octets libres
Après-CF: 19 475 644 416 octets libres
.
- - End Of File - - 2F9309BB59F82073E14A43588CD72F58
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2038.742 [GMT 0:00]
Lancé depuis: c:\users\MICHEL\Desktop\Kha.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\62482812bca8fdca.sys
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
-------\Service_syshost32
-------\Legacy_62482812bca8fdca
-------\Service_62482812bca8fdca
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-11-04 au 2016-12-04 ))))))))))))))))))))))))))))))))))))
.
.
2016-12-04 09:11 . 2016-12-04 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-03 17:42 . 2016-12-03 17:43 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2016-12-03 14:35 . 2016-12-03 14:35 91232 -c--a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-12-03 14:35 . 2016-12-03 14:35 60424 -c--a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-12-03 14:35 . 2016-12-03 14:35 434144 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2016-12-03 14:35 . 2016-12-03 14:35 34008 -c--a-w- c:\windows\system32\drivers\aswHwid.sys
2016-12-03 14:35 . 2016-12-03 14:35 224616 -c--a-w- c:\windows\system32\drivers\aswVmm.sys
2016-12-03 14:35 . 2016-12-03 14:35 118664 -c--a-w- c:\windows\system32\drivers\aswStm.sys
2016-12-03 14:34 . 2016-12-03 14:34 735352 -c--a-w- c:\windows\system32\drivers\aswSnx.sys
2016-12-03 14:34 . 2016-12-03 14:34 35096 -c--a-w- c:\windows\system32\drivers\aswKbd.sys
2016-11-18 11:00 . 2016-11-18 11:00 -------- d-----w- c:\users\MICHEL\AppData\Roaming\TuneUp Software
2016-11-18 10:58 . 2016-11-18 11:01 -------- d-----w- c:\programdata\TuneUp Software
2016-11-18 10:57 . 2016-11-18 10:57 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2016-11-09 17:16 . 2016-11-09 17:16 -------- d-----w- c:\users\MICHEL\AppData\Local\intuit
2016-11-09 16:41 . 2016-11-09 16:41 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2016-11-09 16:40 . 2016-11-09 16:43 -------- d-----w- c:\programdata\Intuit
2016-11-09 16:40 . 2016-11-09 16:42 -------- d-----w- c:\program files\Common Files\Intuit
2016-11-09 16:40 . 2016-11-09 16:40 -------- d-----w- c:\program files\Intuit
2016-11-09 16:38 . 2016-11-09 16:38 -------- d-----w- c:\programdata\COMMON FILES
2016-11-09 16:37 . 2016-11-28 07:06 -------- d-----w- c:\users\MICHEL\AppData\Local\ApplicationHistory
2016-11-09 16:34 . 2016-11-09 16:34 -------- d-----w- c:\windows\system32\URTTEMP
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-23 11:34 . 2016-02-12 18:13 807000 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-11-23 11:34 . 2016-02-12 18:13 144984 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-10-22 23:16 . 2016-02-12 18:32 151552 ----a-w- c:\windows\KMSEmulator.exe
2016-09-22 16:53 . 2016-09-22 16:53 921280 ----a-w- c:\windows\ucrtbase.dll
2016-09-16 05:14 . 2016-09-16 05:14 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F509AABC-6ACF-47E8-8E96-194CD4E6A778}\offreg.2240.dll
2016-09-10 07:31 . 2016-09-10 07:31 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F509AABC-6ACF-47E8-8E96-194CD4E6A778}\offreg.2108.dll
2015-10-21 16:34 . 2016-11-03 09:19 1951512 ----a-w- c:\program files\sfhelper.exe
2008-04-14 11:44 . 2016-11-03 09:35 155536 ----a-w- c:\program files\sfdrvrem.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"MediaDICO4Ut"="c:\program files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe" [2004-03-03 252416]
"uTorrent"="c:\users\MICHEL\AppData\Roaming\uTorrent\uTorrent.exe" [2016-11-27 2145984]
"{892F8A97-8944-433D-8A0B-4A259C242BF7}"="c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe" [2009-07-14 452608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2016-05-05 508128]
"AdobeCEPServiceManager"="c:\program files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2016-11-09 29744]
.
c:\users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Lanceur.lnk - c:\program files\Micro Application\LauncherMA.exe [2009-2-10 485376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Application de mise à jour de QuickBooks.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-10 967960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-14 22:41 1364072 ----a-w- c:\program files\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12 11:34]
.
2016-10-22 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2016-02-12 18:33]
.
2016-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-12 18:13]
.
2016-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-12 18:13]
.
.
------- Examen supplémentaire -------
.
uStart Page =
mStart Page =
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 10.128.128.128
FF - ProfilePath - c:\users\MICHEL\AppData\Roaming\Mozilla\Firefox\Profiles\ankbczyc.default\
FF - prefs.js: keyword.URL - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
ShellIconOverlayIdentifiers-{853B7E05-C47D-4985-909A-D0DC5C6D7303} - c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
ShellIconOverlayIdentifiers-{42D38F2E-98E9-4382-B546-E24E4D6D04BB} - c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-qBittorrent - c:\users\MICHEL\Downloads\qBittorrentPortable\App\qBittorrent\qbittorrent.exe
HKLM-Run-Adobe Creative Cloud - c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
HKLM-Run-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-192749338-1734932977-1034651298-1000_Classes\CLSID\{2a02e090-6939-4073-bc25-34ec5937691f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000be
"Therad"=dword:0000002f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,61,a9,31,47,dd,68,9a,4f,12,d7,d0,42,4b,45,40,b8,dc,c6,54,7b,60,1f,\
.
[HKEY_USERS\S-1-5-21-192749338-1734932977-1034651298-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a9,06,b5,62,20,3c,97,27,a7,6c,1b,db,45,ce,71,fd,80,1f,b2,15,7d,
87,d1,3d,4a,9d,e1,b1,44,91,ca,e4,de,0d,66,cd,22,73,3e,ef,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Adobe\AdobeGCClient\AGSService.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2016-12-04 09:17:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-12-04 09:17
.
Avant-CF: 7 465 013 248 octets libres
Après-CF: 19 475 644 416 octets libres
.
- - End Of File - - 2F9309BB59F82073E14A43588CD72F58
A36C5E4F47E84449FF07ED3517B43A31