Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-07-07.01 - MOHAMED 11/07/2017 22:01:37.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3062.2006 [GMT 0:00]
Lancé depuis: c:\users\MOHAMED\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.408.1 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Pare-feu personnel d'ESET *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.408.1 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-06-11 au 2017-07-11 ))))))))))))))))))))))))))))))))))))
.
.
2017-07-11 22:09 . 2017-07-11 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-10 16:11 . 2017-07-11 14:10 162208 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-10 16:11 . 2017-07-11 14:10 97208 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-07-10 16:11 . 2017-07-11 14:10 65824 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-10 16:10 . 2017-07-11 14:10 39840 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-10 16:10 . 2017-07-11 16:51 220576 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-10 16:10 . 2017-05-31 11:09 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-10 16:10 . 2017-07-10 16:10 -------- d-----w- c:\programdata\Malwarebytes
2017-07-10 16:10 . 2017-07-10 16:10 -------- d-----w- c:\program files\Malwarebytes
2017-07-10 15:39 . 2017-07-10 15:47 -------- d-----w- C:\AdwCleaner
2017-07-10 14:02 . 2017-07-11 12:27 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\ZHP
2017-07-10 14:02 . 2017-07-10 18:36 -------- d-----w- c:\users\MOHAMED\AppData\Local\ZHP
2017-07-10 12:40 . 2017-07-10 12:40 30472 ----a-w- c:\windows\system32\drivers\zknetdrv.sys
2017-07-10 12:40 . 2017-07-10 12:40 -------- d-----w- c:\program files\zksoft
2017-07-10 12:37 . 2010-12-28 19:43 238944 ----a-w- c:\windows\system32\RaCoInst.dll
2017-07-10 12:37 . 2010-12-28 19:55 1174880 ----a-w- c:\windows\system32\drivers\netr28u.sys
2017-07-10 12:36 . 2017-07-10 12:36 -------- d-----w- c:\windows\system32\RaLanguages
2017-07-10 12:36 . 2010-10-01 18:28 796000 ----a-w- c:\windows\system32\RAIHV.dll
2017-07-10 12:36 . 2010-07-01 17:45 119648 ----a-w- c:\windows\system32\RAEXTUI.dll
2017-07-10 12:36 . 2010-07-01 17:29 1607008 ----a-w- c:\windows\system32\RaCertMgr.dll
2017-07-10 12:36 . 2010-06-29 10:34 480608 ----a-w- c:\windows\system32\DiagFunc.dll
2017-07-10 11:49 . 2017-07-10 11:49 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\Samsung
2017-07-10 11:48 . 2017-01-16 06:26 147072 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2017-07-10 11:48 . 2017-01-16 06:26 109184 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2017-07-10 11:47 . 2017-07-10 11:47 -------- d-----w- c:\programdata\Samsung
2017-07-10 11:47 . 2017-07-10 11:48 -------- d-----w- c:\program files\Samsung
2017-07-10 11:46 . 2017-07-10 11:46 -------- d-----w- c:\programdata\Package Cache
2017-07-09 11:19 . 2017-07-09 11:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F986BD66-9282-4F13-902A-0FE7844B50CB}\offreg.3464.dll
2017-07-08 10:23 . 2017-07-08 10:23 10685920 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F986BD66-9282-4F13-902A-0FE7844B50CB}\mpengine.dll
2017-07-08 10:17 . 2017-05-14 18:44 4549120 ----a-w- c:\windows\system32\jscript9.dll
2017-07-08 10:17 . 2017-05-14 18:15 2767872 ----a-w- c:\windows\system32\wininet.dll
2017-07-08 10:17 . 2017-05-12 17:44 2401792 ----a-w- c:\windows\system32\win32k.sys
2017-07-08 10:17 . 2017-05-10 15:01 2092032 ----a-w- c:\windows\system32\wuaueng.dll
2017-07-07 15:47 . 2017-07-07 15:47 -------- d-----w- c:\programdata\Ralink
2017-07-07 15:46 . 2017-07-07 15:46 -------- d-----w- c:\programdata\Ralink Driver
2017-07-07 15:46 . 2017-07-07 15:46 -------- d-----w- c:\program files\Cisco
2017-07-07 15:45 . 2017-07-07 15:45 -------- d-----w- c:\program files\Ralink
2017-07-06 18:48 . 2017-07-06 18:48 -------- d-----w- c:\users\MOHAMED\.Virtualbox
2017-07-06 18:47 . 2017-07-08 08:54 -------- d-----w- c:\program files\YouWave Android
2017-07-05 12:23 . 2017-07-05 12:23 -------- d-----w- c:\users\MOHAMED\AppData\Local\ElevatedDiagnostics
2017-07-03 18:30 . 2017-07-03 18:30 -------- d-----w- c:\programdata\Internet Mobile
2017-06-17 02:12 . 2017-06-17 02:14 -------- d-----w- c:\users\MOHAMED\AppData\Local\Sony
2017-06-17 02:12 . 2017-06-17 02:12 -------- d-----w- c:\program files\Sony
2017-06-17 02:10 . 2017-06-17 02:14 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-11 13:42 . 2017-05-23 19:30 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-11 13:42 . 2017-05-23 19:30 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-02 11:24 . 2017-03-29 12:29 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-04-27 22:50 . 2017-05-20 18:34 3550208 ----a-w- c:\windows\system32\D3DCompiler_47.dll
2017-04-21 15:15 . 2017-05-10 12:50 805376 ----a-w- c:\windows\system32\cdosys.dll
2017-04-17 15:12 . 2017-05-10 12:50 171008 ----a-w- c:\windows\system32\winsrv.dll
2017-04-17 15:12 . 2017-05-10 12:51 377344 ----a-w- c:\windows\system32\rpcss.dll
2017-04-17 15:12 . 2017-05-10 12:51 581632 ----a-w- c:\windows\system32\oleaut32.dll
2017-04-17 15:12 . 2017-05-10 12:51 1417728 ----a-w- c:\windows\system32\ole32.dll
2017-04-17 15:12 . 2017-05-10 12:50 26112 ----a-w- c:\windows\system32\oleres.dll
2017-04-17 15:12 . 2017-05-10 12:50 294400 ----a-w- c:\windows\system32\KernelBase.dll
2017-04-17 15:12 . 2017-05-10 12:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-17 14:54 . 2017-05-10 12:50 7168 ----a-w- c:\windows\system32\comcat.dll
2017-04-17 14:51 . 2017-05-10 12:50 271360 ----a-w- c:\windows\system32\conhost.exe
2017-04-17 14:48 . 2017-05-10 12:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-17 14:48 . 2017-05-10 12:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-17 14:48 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-17 14:48 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2017-02-08 7347928]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2017-02-08 7347928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2017-03-03 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2017-7-10 11474272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil]
2008-09-26 19:03 528384 ----a-w- c:\program files\Jumpstart\jswtrayutil.exe
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-05-09 3398608]
R2 Modem HDM EC156. RunOuc;Modem HDM EC156. OUC;c:\program files\Modem HDM EC156\UpdateDog\ouc.exe [2012-11-12 657504]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2017-01-16 109184]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-30 11136]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-11-19 379392]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-05-14 104960]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-09-26 954368]
R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys [2017-07-11 97208]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2017-07-11 39840]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2017-07-11 65824]
R3 RaMediaServer;RaMediaServer;c:\program files\Ralink\Common\RaMediaServer.exe [2010-12-31 619872]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2017-01-16 147072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys [2017-03-03 156296]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2017-03-03 71304]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2017-03-03 206472]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2017-03-03 156288]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2017-03-03 52872]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae.sys [2017-05-31 59936]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-05-15 20384]
S1 zknetdrv;ZK NET Driver;c:\windows\system32\DRIVERS\zknetdrv.sys [2017-07-10 30472]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2017-03-03 122496]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2017-03-03 2166040]
S2 jswpbapi;JumpStart Push-Button Service;c:\program files\Jumpstart\jswpbapi.exe [2008-09-26 188416]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2017-01-16 752224]
S2 zkservice;zksrvc;c:\program files\zksoft\marswifi\zkservice.exe [2017-07-10 412424]
S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-08-20 96000]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-08-20 76544]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-08-20 27520]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-10-31 203776]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2010-12-28 1174880]
S3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel(R) 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-07-08 15:39 1393496 ----a-w- c:\program files\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe
.
.
------- Examen supplémentaire -------
.
Trusted Zone: eset.com\help
TCP: Interfaces\{8A28C221-17C3-4B7B-8491-5B2B1F6F4E14}: NameServer = 81.192.21.80 81.192.21.81
FF - ProfilePath - c:\users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\8psai1li.default\
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 9666
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9666
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-27_ssconn - c:\program files\Samsung\USB Drivers\27_ssconn\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-07-11 22:11:42
ComboFix-quarantined-files.txt 2017-07-11 22:11
.
Avant-CF: 151 960 702 976 octets libres
Après-CF: 151 465 373 696 octets libres
.
- - End Of File - - 358A8FCFF4DF25B57ED60C37E4534970
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3062.2006 [GMT 0:00]
Lancé depuis: c:\users\MOHAMED\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.408.1 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Pare-feu personnel d'ESET *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.408.1 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-06-11 au 2017-07-11 ))))))))))))))))))))))))))))))))))))
.
.
2017-07-11 22:09 . 2017-07-11 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-10 16:11 . 2017-07-11 14:10 162208 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-07-10 16:11 . 2017-07-11 14:10 97208 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-07-10 16:11 . 2017-07-11 14:10 65824 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-07-10 16:10 . 2017-07-11 14:10 39840 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-07-10 16:10 . 2017-07-11 16:51 220576 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-10 16:10 . 2017-05-31 11:09 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-10 16:10 . 2017-07-10 16:10 -------- d-----w- c:\programdata\Malwarebytes
2017-07-10 16:10 . 2017-07-10 16:10 -------- d-----w- c:\program files\Malwarebytes
2017-07-10 15:39 . 2017-07-10 15:47 -------- d-----w- C:\AdwCleaner
2017-07-10 14:02 . 2017-07-11 12:27 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\ZHP
2017-07-10 14:02 . 2017-07-10 18:36 -------- d-----w- c:\users\MOHAMED\AppData\Local\ZHP
2017-07-10 12:40 . 2017-07-10 12:40 30472 ----a-w- c:\windows\system32\drivers\zknetdrv.sys
2017-07-10 12:40 . 2017-07-10 12:40 -------- d-----w- c:\program files\zksoft
2017-07-10 12:37 . 2010-12-28 19:43 238944 ----a-w- c:\windows\system32\RaCoInst.dll
2017-07-10 12:37 . 2010-12-28 19:55 1174880 ----a-w- c:\windows\system32\drivers\netr28u.sys
2017-07-10 12:36 . 2017-07-10 12:36 -------- d-----w- c:\windows\system32\RaLanguages
2017-07-10 12:36 . 2010-10-01 18:28 796000 ----a-w- c:\windows\system32\RAIHV.dll
2017-07-10 12:36 . 2010-07-01 17:45 119648 ----a-w- c:\windows\system32\RAEXTUI.dll
2017-07-10 12:36 . 2010-07-01 17:29 1607008 ----a-w- c:\windows\system32\RaCertMgr.dll
2017-07-10 12:36 . 2010-06-29 10:34 480608 ----a-w- c:\windows\system32\DiagFunc.dll
2017-07-10 11:49 . 2017-07-10 11:49 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\Samsung
2017-07-10 11:48 . 2017-01-16 06:26 147072 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2017-07-10 11:48 . 2017-01-16 06:26 109184 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2017-07-10 11:47 . 2017-07-10 11:47 -------- d-----w- c:\programdata\Samsung
2017-07-10 11:47 . 2017-07-10 11:48 -------- d-----w- c:\program files\Samsung
2017-07-10 11:46 . 2017-07-10 11:46 -------- d-----w- c:\programdata\Package Cache
2017-07-09 11:19 . 2017-07-09 11:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F986BD66-9282-4F13-902A-0FE7844B50CB}\offreg.3464.dll
2017-07-08 10:23 . 2017-07-08 10:23 10685920 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F986BD66-9282-4F13-902A-0FE7844B50CB}\mpengine.dll
2017-07-08 10:17 . 2017-05-14 18:44 4549120 ----a-w- c:\windows\system32\jscript9.dll
2017-07-08 10:17 . 2017-05-14 18:15 2767872 ----a-w- c:\windows\system32\wininet.dll
2017-07-08 10:17 . 2017-05-12 17:44 2401792 ----a-w- c:\windows\system32\win32k.sys
2017-07-08 10:17 . 2017-05-10 15:01 2092032 ----a-w- c:\windows\system32\wuaueng.dll
2017-07-07 15:47 . 2017-07-07 15:47 -------- d-----w- c:\programdata\Ralink
2017-07-07 15:46 . 2017-07-07 15:46 -------- d-----w- c:\programdata\Ralink Driver
2017-07-07 15:46 . 2017-07-07 15:46 -------- d-----w- c:\program files\Cisco
2017-07-07 15:45 . 2017-07-07 15:45 -------- d-----w- c:\program files\Ralink
2017-07-06 18:48 . 2017-07-06 18:48 -------- d-----w- c:\users\MOHAMED\.Virtualbox
2017-07-06 18:47 . 2017-07-08 08:54 -------- d-----w- c:\program files\YouWave Android
2017-07-05 12:23 . 2017-07-05 12:23 -------- d-----w- c:\users\MOHAMED\AppData\Local\ElevatedDiagnostics
2017-07-03 18:30 . 2017-07-03 18:30 -------- d-----w- c:\programdata\Internet Mobile
2017-06-17 02:12 . 2017-06-17 02:14 -------- d-----w- c:\users\MOHAMED\AppData\Local\Sony
2017-06-17 02:12 . 2017-06-17 02:12 -------- d-----w- c:\program files\Sony
2017-06-17 02:10 . 2017-06-17 02:14 -------- d-----w- c:\users\MOHAMED\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-11 13:42 . 2017-05-23 19:30 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-11 13:42 . 2017-05-23 19:30 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-02 11:24 . 2017-03-29 12:29 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-04-27 22:50 . 2017-05-20 18:34 3550208 ----a-w- c:\windows\system32\D3DCompiler_47.dll
2017-04-21 15:15 . 2017-05-10 12:50 805376 ----a-w- c:\windows\system32\cdosys.dll
2017-04-17 15:12 . 2017-05-10 12:50 171008 ----a-w- c:\windows\system32\winsrv.dll
2017-04-17 15:12 . 2017-05-10 12:51 377344 ----a-w- c:\windows\system32\rpcss.dll
2017-04-17 15:12 . 2017-05-10 12:51 581632 ----a-w- c:\windows\system32\oleaut32.dll
2017-04-17 15:12 . 2017-05-10 12:51 1417728 ----a-w- c:\windows\system32\ole32.dll
2017-04-17 15:12 . 2017-05-10 12:50 26112 ----a-w- c:\windows\system32\oleres.dll
2017-04-17 15:12 . 2017-05-10 12:50 294400 ----a-w- c:\windows\system32\KernelBase.dll
2017-04-17 15:12 . 2017-05-10 12:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-17 15:12 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-17 14:54 . 2017-05-10 12:50 7168 ----a-w- c:\windows\system32\comcat.dll
2017-04-17 14:51 . 2017-05-10 12:50 271360 ----a-w- c:\windows\system32\conhost.exe
2017-04-17 14:48 . 2017-05-10 12:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-17 14:48 . 2017-05-10 12:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-17 14:48 . 2017-05-10 12:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-17 14:48 . 2017-05-10 12:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2017-02-08 7347928]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2017-02-08 7347928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2017-03-03 280576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2017-7-10 11474272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil]
2008-09-26 19:03 528384 ----a-w- c:\program files\Jumpstart\jswtrayutil.exe
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-05-09 3398608]
R2 Modem HDM EC156. RunOuc;Modem HDM EC156. OUC;c:\program files\Modem HDM EC156\UpdateDog\ouc.exe [2012-11-12 657504]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2017-01-16 109184]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-30 11136]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-11-19 379392]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-05-14 104960]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-09-26 954368]
R3 MBAMFarflt;MBAMFarflt;c:\windows\system32\drivers\farflt.sys [2017-07-11 97208]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys [2017-07-11 39840]
R3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\drivers\mwac.sys [2017-07-11 65824]
R3 RaMediaServer;RaMediaServer;c:\program files\Ralink\Common\RaMediaServer.exe [2010-12-31 619872]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2017-01-16 147072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys [2017-03-03 156296]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2017-03-03 71304]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2017-03-03 206472]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2017-03-03 156288]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2017-03-03 52872]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae.sys [2017-05-31 59936]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-05-15 20384]
S1 zknetdrv;ZK NET Driver;c:\windows\system32\DRIVERS\zknetdrv.sys [2017-07-10 30472]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2017-03-03 122496]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2017-03-03 2166040]
S2 jswpbapi;JumpStart Push-Button Service;c:\program files\Jumpstart\jswpbapi.exe [2008-09-26 188416]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-03-01 36600]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2017-01-16 752224]
S2 zkservice;zksrvc;c:\program files\zksoft\marswifi\zkservice.exe [2017-07-10 412424]
S3 BthAvrcp;Profil AVRCP Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-08-20 96000]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-08-20 76544]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-08-20 27520]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-10-31 203776]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2010-12-28 1174880]
S3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel(R) 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-07-08 15:39 1393496 ----a-w- c:\program files\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe
.
.
------- Examen supplémentaire -------
.
Trusted Zone: eset.com\help
TCP: Interfaces\{8A28C221-17C3-4B7B-8491-5B2B1F6F4E14}: NameServer = 81.192.21.80 81.192.21.81
FF - ProfilePath - c:\users\MOHAMED\AppData\Roaming\Mozilla\Firefox\Profiles\8psai1li.default\
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 9666
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9666
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-27_ssconn - c:\program files\Samsung\USB Drivers\27_ssconn\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-07-11 22:11:42
ComboFix-quarantined-files.txt 2017-07-11 22:11
.
Avant-CF: 151 960 702 976 octets libres
Après-CF: 151 465 373 696 octets libres
.
- - End Of File - - 358A8FCFF4DF25B57ED60C37E4534970
A36C5E4F47E84449FF07ED3517B43A31