ComboFix.txt

Document joint : GHlsdngDSup_ComboFix.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ComboFix 17-08-04.01 - Diaby 11/08/2017 19:28:12.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1015.288 [GMT 2:00]
Lancé depuis: c:\users\Diaby\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
SP: Emsisoft Anti-Malware *Disabled/Updated* {CB7D53ED-CD86-A552-2B56-E5019C280620}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\Microsoft
c:\programdata\ntuser.pol
c:\programdata\system.exe.tmp
c:\programdata\WindowsData
c:\users\Administrateur.Diaby-PC.000\AppData\Roaming\Microsoft Windows Audio Device Graphic Card Isolation.exe.tmp
c:\users\Administrateur.Diaby-PC.000\AppData\Roaming\Windows Audio Device Graph.exe.tmp
c:\users\Diaby\AppData\Local\uninstallce.exe
c:\users\Diaby\AppData\LocalZKWaqEnYsq.jpg
c:\users\Diaby\AppData\Roaming\dclogs
c:\users\Diaby\AppData\Roaming\dclogs\2016-07-12-3.dc
c:\users\Diaby\AppData\Roaming\dclogs\2016-07-13-4.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-02-23-5.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-02-24-6.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-02-25-7.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-02-26-1.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-02-27-2.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-02-28-3.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-03-01-4.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-03-02-5.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-03-03-6.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-03-04-7.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-03-05-1.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-03-06-2.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-04-06-5.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-04-07-6.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-21-1.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-22-2.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-23-3.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-24-4.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-25-5.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-26-6.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-27-7.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-28-1.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-29-2.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-30-3.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-05-31-4.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-06-01-5.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-06-03-7.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-06-05-2.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-06-08-5.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-06-10-7.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-06-11-1.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-06-12-2.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-06-13-3.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-06-14-4.dc
c:\users\Diaby\AppData\Roaming\dclogs\2017-06-15-5.dc
c:\users\Diaby\AppData\Roaming\ddos.exe
c:\users\Diaby\AppData\Roaming\logs.dat
c:\users\Diaby\AppData\Roaming\Microsoft Windows Audio Device Graphic Card Isolation.exe.tmp
c:\users\Diaby\AppData\Roaming\Microsoft\Crypto\wscript.exe
c:\users\Diaby\AppData\Roaming\skype.exe.tmp
c:\users\Diaby\AppData\Roaming\system.exe.tmp
c:\users\Diaby\AppData\Roaming\Windows Audio Device Graph.exe.tmp
c:\users\Diaby\AppData\Roaming\Windows.exe.tmp
c:\windows\eebab301a0429b594721c657960fe2db.exe
c:\windows\msdownld.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\Core.dll
c:\windows\system32\xd.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-07-11 au 2017-08-11 ))))))))))))))))))))))))))))))))))))
.
.
2017-08-11 17:45 . 2017-08-11 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-08-11 17:45 . 2017-08-11 17:45 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2017-08-11 17:45 . 2017-08-11 17:51 -------- d-----w- c:\users\Diaby\AppData\Local\temp
2017-08-11 17:45 . 2017-08-11 17:45 -------- d-----w- c:\users\Administrateur.Diaby-PC.000\AppData\Local\temp
2017-08-11 17:45 . 2017-08-11 17:45 -------- d-----w- c:\users\123\AppData\Local\temp
2017-08-05 11:41 . 2017-08-05 11:41 -------- d-----w- c:\programdata\SWCUTemp
2017-08-05 11:21 . 2017-08-05 11:21 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1408.dll
2017-08-05 10:55 . 2017-08-05 10:55 -------- d-----w- c:\users\Diaby\AppData\Roaming\QFX Software
2017-08-05 10:55 . 2017-08-05 10:55 -------- d-----w- c:\programdata\QFX Software
2017-08-05 10:44 . 2017-08-05 10:44 -------- d-----w- C:\found.002
2017-08-04 18:58 . 2017-08-04 18:58 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.3704.dll
2017-08-04 16:16 . 2017-08-04 16:16 -------- d-----w- c:\programdata\RL Vision
2017-08-04 16:15 . 1998-06-23 21:00 164144 ----a-w- c:\windows\system32\COMCT232.ocx
2017-08-04 16:15 . 2004-03-08 21:00 609824 ----a-w- c:\windows\system32\COMCTL32.ocx
2017-08-04 16:15 . 2009-03-24 17:52 659264 ----a-w- c:\windows\system32\mscomct2.ocx
2017-08-04 16:15 . 2009-03-24 17:52 1069376 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2017-08-04 07:08 . 2017-08-04 07:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2332.dll
2017-08-03 07:06 . 2017-08-03 07:07 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2720.dll
2017-08-02 16:13 . 2017-08-02 16:14 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2500.dll
2017-08-02 12:13 . 2017-08-05 10:54 -------- d-----w- C:\FRST
2017-08-02 11:03 . 2017-08-02 11:08 -------- d-----w- c:\users\Administrateur.Diaby-PC.000\AppData\Local\Mozilla
2017-08-02 08:30 . 2017-08-02 08:30 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2792.dll
2017-08-01 13:45 . 2017-08-01 13:45 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2824.dll
2017-08-01 12:36 . 2017-08-01 12:36 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2864.dll
2017-08-01 12:31 . 2017-08-05 19:57 -------- d-----w- C:\AdwCleaner
2017-08-01 10:29 . 2017-08-01 10:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2596.dll
2017-08-01 07:02 . 2017-08-01 07:02 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2372.dll
2017-07-31 20:57 . 2017-07-31 20:57 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2608.dll
2017-07-31 11:59 . 2017-07-31 11:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2748.dll
2017-07-31 10:00 . 2017-08-02 10:08 -------- d-----w- c:\users\Administrateur.Diaby-PC.000\AppData\Roaming\4vj4h3behrv
2017-07-31 08:37 . 2017-07-31 08:37 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.3748.dll
2017-07-31 08:00 . 2017-07-31 21:02 -------- d-----w- c:\programdata\Emsisoft
2017-07-31 07:59 . 2017-07-31 20:08 -------- d-----w- c:\users\Administrateur.Diaby-PC.000\AppData\Roaming\iun5lninoq1
2017-07-31 07:36 . 2017-07-31 20:08 -------- d-----w- c:\users\Administrateur.Diaby-PC.000\AppData\Roaming\s3kqh1ko3vm
2017-07-31 07:20 . 2017-08-11 17:49 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2017-07-31 07:02 . 2017-05-25 09:58 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-31 07:02 . 2017-08-01 14:25 -------- d-----w- C:\Anti-Malware
2017-07-31 07:02 . 2017-07-31 07:02 -------- d-----w- c:\programdata\Malwarebytes
2017-07-31 06:46 . 2017-07-31 06:46 28349 ----a-w- c:\programdata\agent.1501483605.bdinstall.bin
2017-07-31 06:25 . 2017-07-31 06:25 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1000.dll
2017-07-30 21:05 . 2017-07-31 20:08 -------- d-----w- c:\users\Administrateur.Diaby-PC.000\AppData\Roaming\ezsuhtc1otl
2017-07-30 20:38 . 2017-07-30 20:38 -------- d-----w- c:\users\Diaby\AppData\Roaming\WarThunder
2017-07-30 20:22 . 2017-07-30 21:07 -------- d-----w- c:\users\Administrateur.Diaby-PC.000\AppData\Roaming\IObit
2017-07-30 19:45 . 2017-07-30 20:04 -------- d-----w- c:\program files\stinger
2017-07-30 19:29 . 2017-07-30 19:48 -------- d-----w- c:\users\Diaby\AppData\Local\ElevatedDiagnostics
2017-07-30 18:54 . 2017-07-30 18:54 26031 ----a-w- c:\programdata\agent.1501440881.bdinstall.bin
2017-07-30 18:53 . 2017-07-30 18:53 26371 ----a-w- c:\programdata\agent.1501440812.bdinstall.bin
2017-07-30 18:53 . 2017-07-30 18:53 26370 ----a-w- c:\programdata\agent.1501440797.bdinstall.bin
2017-07-30 18:53 . 2017-07-30 18:53 26370 ----a-w- c:\programdata\agent.1501440783.bdinstall.bin
2017-07-30 18:52 . 2017-07-30 18:52 26369 ----a-w- c:\programdata\agent.1501440730.bdinstall.bin
2017-07-30 18:51 . 2017-07-30 18:51 44696 ----a-w- c:\programdata\agent.1501440658.bdinstall.bin
2017-07-30 18:51 . 2017-07-30 18:51 -------- d-----w- c:\programdata\Bitdefender Agent
2017-07-30 18:08 . 2017-07-30 18:08 -------- d-----w- c:\program files\Common Files\IObit
2017-07-30 18:07 . 2017-07-30 18:07 -------- d-----w- c:\program files\IObit
2017-07-30 17:50 . 2017-07-30 17:50 -------- d-----w- c:\program files\CCleaner
2017-07-30 16:51 . 2017-07-30 16:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1168.dll
2017-07-30 16:37 . 2017-07-30 16:37 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1924.dll
2017-07-30 15:37 . 2017-08-02 08:59 -------- d-----w- c:\users\Diaby\AppData\Local\ZHP
2017-07-30 15:37 . 2017-08-02 08:58 -------- d-----w- c:\users\Diaby\AppData\Roaming\ZHP
2017-07-30 15:28 . 2017-08-04 07:37 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2017-07-30 15:25 . 2017-07-30 15:25 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1124.dll
2017-07-30 15:18 . 2017-07-30 15:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.296.dll
2017-07-30 14:57 . 2017-07-30 14:57 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.336.dll
2017-07-30 14:45 . 2017-02-19 19:15 220192 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2017-07-30 14:44 . 2017-07-30 14:45 -------- d-----w- c:\program files\KeyScrambler
2017-07-30 11:09 . 2017-07-30 11:09 -------- d-----w- c:\programdata\Baidu
2017-07-30 11:07 . 2014-03-11 03:14 47456 ----a-w- c:\windows\system32\drivers\Bhbase.sys
2017-07-30 11:06 . 2017-07-30 11:15 -------- d-----w- c:\users\Diaby\AppData\Roaming\Baidu Security
2017-07-30 11:05 . 2017-07-30 11:05 -------- d-----w- c:\program files\Baidu Security
2017-07-30 11:05 . 2017-07-30 11:15 -------- d-----w- c:\programdata\Baidu Security
2017-07-30 10:29 . 2017-08-01 14:16 -------- d-----w- c:\program files\VS Revo Group
2017-07-30 09:52 . 2017-07-30 09:52 -------- d-----w- c:\program files\Smilegate
2017-07-30 09:16 . 2017-07-30 09:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.252.dll
2017-07-30 09:14 . 2017-07-31 11:09 -------- d-----w- c:\programdata\PEZ
2017-07-30 09:12 . 2017-08-02 10:08 -------- d-sh--w- c:\programdata\NIINBP
2017-07-30 06:10 . 2017-07-30 08:03 -------- d-----w- c:\program files\LAPTOP_KURT
2017-07-30 05:59 . 2017-07-30 15:04 -------- d-----w- c:\program files\O9J4S1YMCM
2017-07-30 05:59 . 2017-07-31 11:26 -------- d-----w- c:\users\Diaby\AppData\Roaming\kdjxa1vc5x4
2017-07-29 17:54 . 2017-07-30 12:51 -------- d-----w- C:\Fraps
2017-07-29 12:45 . 2017-07-31 11:26 -------- d-----w- c:\users\Diaby\AppData\Roaming\ywstcje510l
2017-07-29 06:57 . 2017-07-29 06:57 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1884.dll
2017-07-28 16:27 . 2017-07-28 16:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.308.dll
2017-07-28 16:21 . 2017-07-28 16:25 -------- d-----w- c:\program files\0FQY9S87QG
2017-07-28 16:03 . 2017-07-28 16:03 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1188.dll
2017-07-28 15:58 . 2017-07-28 16:23 -------- d-----w- c:\program files\B3038TC274
2017-07-28 15:42 . 2017-07-28 15:42 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.352.dll
2017-07-28 15:31 . 2017-07-31 20:08 -------- d-----w- c:\users\Administrateur.Diaby-PC.000\AppData\Roaming\rdqwiaalsm4
2017-07-28 15:23 . 2017-08-01 09:36 -------- d-----w- c:\program files\cgmemeyesu2
2017-07-27 19:16 . 2017-07-27 19:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1856.dll
2017-07-26 16:56 . 2017-07-26 16:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1940.dll
2017-07-26 08:24 . 2017-07-26 08:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1888.dll
2017-07-26 06:46 . 2017-07-28 14:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1844.dll
2017-07-25 16:02 . 2017-07-26 19:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1840.dll
2017-07-24 20:53 . 2017-08-05 11:42 -------- d-----w- C:\TEMP
2017-07-24 20:49 . 2017-07-24 20:49 -------- d-----w- C:\App Chrome
2017-07-24 06:54 . 2017-07-24 06:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1868.dll
2017-07-23 18:58 . 2017-07-24 15:02 -------- d-----w- c:\users\Diaby\AppData\Local\Genymobile
2017-07-23 18:57 . 2017-07-24 15:02 -------- d-----w- c:\program files\Genymobile
2017-07-23 16:33 . 2017-07-27 16:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1820.dll
2017-07-23 08:53 . 2017-07-23 08:53 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1828.dll
2017-07-23 06:11 . 2017-07-25 11:49 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1836.dll
2017-07-22 15:39 . 2017-07-22 15:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1712.dll
2017-07-22 07:07 . 2017-07-22 07:07 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1404.dll
2017-07-21 14:52 . 2017-07-21 14:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1792.dll
2017-07-20 12:59 . 2017-07-20 12:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1960.dll
2017-07-20 06:43 . 2017-07-20 06:43 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1104.dll
2017-07-19 06:11 . 2017-07-19 06:11 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1012.dll
2017-07-18 09:46 . 2017-07-18 09:46 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1784.dll
2017-07-18 08:27 . 2017-07-18 08:27 -------- d-----w- c:\users\Diaby\AppData\Local\Zaczero
2017-07-18 05:49 . 2017-07-18 05:49 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1944.dll
2017-07-17 19:18 . 2017-07-17 19:18 177880 ----a-w- c:\windows\system32\drivers\VBoxNetLwf.sys
2017-07-17 19:18 . 2017-07-17 19:18 113944 ----a-w- c:\windows\system32\drivers\VBoxNetAdp6.sys
2017-07-17 06:09 . 2017-07-17 06:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.348.dll
2017-07-15 19:11 . 2017-07-29 12:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1876.dll
2017-07-15 15:58 . 2017-07-15 15:58 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.324.dll
2017-07-15 13:32 . 2017-07-15 13:33 -------- d-----w- c:\users\Diaby\AppData\Local\chromium
2017-07-15 07:09 . 2017-07-15 07:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1852.dll
2017-07-14 10:12 . 2017-07-14 10:12 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.228.dll
2017-07-14 09:29 . 2017-07-14 09:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2044.dll
2017-07-14 06:52 . 2017-07-14 11:21 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.112.dll
2017-07-14 06:31 . 2017-07-14 06:31 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.328.dll
2017-07-13 19:05 . 2017-07-13 19:05 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.540.dll
2017-07-13 11:13 . 2017-07-13 11:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.360.dll
2017-07-12 18:06 . 2017-07-12 18:06 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1812.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-08-11 12:45 . 2017-06-29 06:18 181064 ----a-w- c:\windows\PSEXESVC.exe
2017-08-05 20:17 . 2016-07-04 18:43 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-08-05 20:17 . 2016-07-04 18:43 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-07-31 06:45 . 2017-07-03 06:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1824.dll
2017-07-30 05:57 . 2017-07-10 15:19 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1872.dll
2017-07-26 14:36 . 2017-07-07 10:28 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1948.dll
2017-07-21 06:15 . 2017-07-12 06:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1816.dll
2017-07-14 08:18 . 2017-07-07 17:33 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2032.dll
2017-07-11 19:09 . 2017-07-11 19:09 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1064.dll
2017-07-11 06:54 . 2017-07-11 06:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1848.dll
2017-07-10 14:48 . 2017-07-04 05:21 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.300.dll
2017-07-10 06:15 . 2017-07-10 06:15 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.316.dll
2017-07-09 06:05 . 2017-07-09 06:05 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.2020.dll
2017-07-08 09:38 . 2016-12-01 13:52 98152608 ----a-w- c:\windows\system32\lastpass_1337.exe
2017-07-08 09:37 . 2016-12-01 13:52 1072128 ----a-w- c:\windows\system32\lastpass_downloader.exe
2017-07-08 09:31 . 2017-07-08 09:31 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.408.dll
2017-07-08 07:17 . 2017-07-08 07:17 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1112.dll
2017-07-07 19:12 . 2017-07-07 19:12 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1380.dll
2017-07-07 15:56 . 2017-07-07 15:56 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1628.dll
2017-07-07 10:44 . 2016-08-18 17:28 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys
2017-07-07 10:44 . 2016-08-18 17:28 81768 ----a-w- c:\windows\system32\drivers\ksapi.sys
2017-07-07 10:00 . 2017-07-07 10:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1048.dll
2017-07-07 06:42 . 2017-07-07 06:42 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1936.dll
2017-07-07 05:32 . 2017-07-07 05:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.964.dll
2017-07-06 09:13 . 2017-07-04 14:41 164880 ------w- c:\users\Diaby\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2017-07-05 14:37 . 2017-07-05 14:37 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.384.dll
2017-07-05 05:21 . 2017-07-05 05:21 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1292.dll
2017-07-04 16:52 . 2017-07-03 16:24 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1864.dll
2017-07-02 05:59 . 2017-07-02 05:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.388.dll
2017-06-30 10:45 . 2017-06-30 10:45 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.192.dll
2017-06-30 05:46 . 2017-06-30 05:46 62576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12044267-13B2-472B-8CF6-5ED51DEDDF00}\offreg.1900.dll
2017-06-25 16:37 . 2016-06-08 18:14 168544 ----a-w- c:\windows\system32\S4EULogin.exe
2017-06-17 10:56 . 2017-06-17 10:57 236032 ----a-w- c:\windows\system32\devil.dll
2017-06-15 10:53 . 2017-06-15 10:53 36944 ----a-w- c:\windows\system32\drivers\taphss6.sys
2017-06-09 13:18 . 2017-06-15 13:51 383016 ----a-w- c:\windows\system32\EasyAntiCheat.exe
2017-06-02 08:09 . 2017-06-16 05:38 1549824 ----a-w- c:\windows\system32\tquery.dll
2017-06-02 08:09 . 2017-06-16 05:38 1400320 ----a-w- c:\windows\system32\mssrch.dll
2017-06-02 08:09 . 2017-06-16 05:38 337408 ----a-w- c:\windows\system32\mssph.dll
2017-06-02 08:09 . 2017-06-16 05:38 666624 ----a-w- c:\windows\system32\mssvp.dll
2017-06-02 08:09 . 2017-06-16 05:38 59392 ----a-w- c:\windows\system32\msscntrs.dll
2017-06-02 08:09 . 2017-06-16 05:38 197120 ----a-w- c:\windows\system32\mssphtb.dll
2017-06-02 08:09 . 2017-06-16 05:38 34816 ----a-w- c:\windows\system32\mssprxy.dll
2017-06-02 08:09 . 2017-06-16 05:38 104448 ----a-w- c:\windows\system32\mssitlb.dll
2017-06-02 07:58 . 2017-06-16 05:38 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-06-02 07:58 . 2017-06-16 05:38 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-06-02 07:57 . 2017-06-16 05:38 497152 ----a-w- c:\windows\HelpPane.exe
2017-06-02 07:57 . 2017-06-16 05:38 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-06-02 07:57 . 2017-06-16 05:38 9728 ----a-w- c:\windows\system32\msshooks.dll
2017-05-22 14:21 . 2017-05-22 14:21 27968 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2017-05-22 14:21 . 2017-03-06 11:39 27968 ---ha-w- c:\windows\system32\hamachi.sys
2017-05-22 05:59 . 2017-05-22 05:59 0 ----a-w- c:\users\Diaby\www.imperial-mt2.com
2017-05-21 04:10 . 2017-06-16 05:38 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-05-21 04:10 . 2017-06-16 05:38 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-05-21 04:06 . 2017-06-16 05:38 65536 ----a-w- c:\windows\system32\TSpkg.dll
2017-05-21 04:06 . 2017-06-16 05:38 172032 ----a-w- c:\windows\system32\wdigest.dll
2017-05-21 04:06 . 2017-06-16 05:38 99840 ----a-w- c:\windows\system32\sspicli.dll
2017-05-21 04:06 . 2017-06-16 05:38 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2017-05-21 04:06 . 2017-06-16 05:38 254464 ----a-w- c:\windows\system32\schannel.dll
2017-05-21 04:06 . 2017-06-16 05:38 22016 ----a-w- c:\windows\system32\secur32.dll
2017-05-21 04:06 . 2017-06-16 05:38 141312 ----a-w- c:\windows\system32\rpchttp.dll
2017-05-21 04:06 . 2017-06-16 05:38 261120 ----a-w- c:\windows\system32\msv1_0.dll
2017-05-21 04:06 . 2017-06-16 05:38 223232 ----a-w- c:\windows\system32\ncrypt.dll
2017-05-21 04:06 . 2017-06-16 05:38 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-05-21 04:06 . 2017-06-16 05:38 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-05-21 04:06 . 2017-06-16 05:38 553472 ----a-w- c:\windows\system32\kerberos.dll
2017-05-21 04:06 . 2017-06-16 05:38 1062912 ----a-w- c:\windows\system32\lsasrv.dll
2017-05-21 04:06 . 2017-06-16 05:38 17408 ----a-w- c:\windows\system32\credssp.dll
2017-05-21 04:06 . 2017-06-16 05:38 82432 ----a-w- c:\windows\system32\bcrypt.dll
2017-05-21 04:06 . 2017-06-16 05:38 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-05-21 03:46 . 2017-06-16 05:38 50176 ----a-w- c:\windows\system32\auditpol.exe
2017-05-21 03:43 . 2017-06-16 05:38 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-05-21 03:42 . 2017-06-16 05:38 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-05-21 03:42 . 2017-06-16 05:38 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-05-21 03:42 . 2017-06-16 05:38 36352 ----a-w- c:\windows\system32\cryptbase.dll
2017-05-21 03:42 . 2017-06-16 05:38 22016 ----a-w- c:\windows\system32\lsass.exe
2017-05-21 03:42 . 2017-06-16 05:38 15872 ----a-w- c:\windows\system32\sspisrv.dll
2017-05-14 19:37 . 2017-06-16 05:38 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2017-05-14 19:37 . 2017-06-16 05:38 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2017-05-14 19:23 . 2017-06-16 05:38 62464 ----a-w- c:\windows\system32\iesetup.dll
2017-05-14 19:22 . 2017-06-16 05:38 499200 ----a-w- c:\windows\system32\vbscript.dll
2017-05-14 19:22 . 2017-06-16 05:38 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2017-05-14 19:22 . 2017-06-16 05:38 341504 ----a-w- c:\windows\system32\html.iec
2017-05-14 19:21 . 2017-06-16 05:38 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2017-05-14 19:11 . 2017-06-16 05:38 104960 ----a-w- c:\windows\system32\ieetwcollector.exe
2017-05-14 19:11 . 2017-06-16 05:38 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2017-05-14 19:10 . 2017-06-16 05:38 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2017-05-14 19:05 . 2017-06-16 05:38 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2017-05-14 18:57 . 2017-06-16 05:38 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2017-05-14 18:57 . 2017-06-16 05:38 73216 ----a-w- c:\windows\system32\tdc.ocx
2017-05-14 18:44 . 2017-06-16 05:38 4549120 ----a-w- c:\windows\system32\jscript9.dll
2017-05-14 18:39 . 2017-06-16 05:38 2057216 ----a-w- c:\windows\system32\inetcpl.cpl
2017-05-14 18:38 . 2017-06-16 05:38 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2017-05-14 18:15 . 2017-06-16 05:38 2767872 ----a-w- c:\windows\system32\wininet.dll
2015-03-12 00:02 . 2015-02-14 23:58 379 ----a-w- c:\program files\UnpackSound.bat
2015-01-31 08:02 . 2015-02-14 23:58 31 ----a-w- c:\program files\Run_TE_Vanilla.bat
2014-06-04 02:36 . 2015-02-14 23:58 38 ----a-w- c:\program files\Run_ITST_Mod.bat
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-12-03 10:05 223432 ------w- c:\users\Diaby\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-12-03 10:05 223432 ------w- c:\users\Diaby\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-12-03 10:05 223432 ------w- c:\users\Diaby\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"="c:\users\Diaby\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-11-05 144008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2016-05-26 14696704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2017-04-23 515600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2017-06-30 12:23 7658200 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISS Manager]
2010-11-20 21:29 53248 ----a-w- c:\program files\ISS Manager\issmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp]
2017-05-09 15:42 3146704 ----a-w- c:\nouveau dossier\DBZ SAGAS\Anti-Malware\mbamtray.exe
.
R1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys [2017-07-17 113944]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
R1 vgwluipk;vgwluipk;c:\windows\system32\drivers\vgwluipk.sys [x]
R2 Ntp2UpSvc;Ntp2UpSvc;c:\program files\Common Files\ntp2UpSvc\notepad2.exe run_up [x]
R3 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 ClientAnalyticsService;ClientAnalyticsService;c:\program files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [x]
R3 cpuz138;cpuz138;c:\users\Diaby\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 dump_wmimmc;dump_wmimmc;c:\program files\GameforgeLive\Games\FRA_fra\Metin2\GameGuard\dump_wmimmc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe [2017-06-09 383016]
R3 EasyAntiCheatSys;EasyAntiCheatSys;c:\windows\system32\drivers\EasyAntiCheat.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2017-05-14 104960]
R3 ksapi;ksapi;c:\windows\system32\drivers\ksapi.sys [2017-07-07 81768]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2016-05-18 5691912]
R3 PCFApiUtil;PCFApiUtil;c:\program files\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys [x]
R3 QFXUpdateService;QFX Software Update Service;c:\program files\KeyScrambler\QFXUpdateService.exe [2017-04-23 75792]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2017-04-04 1343400]
R3 XDva535;XDva535;c:\users\Diaby\AppData\Local\Temp\DinAC35.tmp [x]
R3 XDva536;XDva536;c:\windows\system32\XDva536.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456]
S1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [2016-11-23 105248]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-05-26 23840]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2017-07-31 5953080]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Ntp2NetSvc;Ntp2NetSvc;c:\program files\notepad2\notepad2.exe run_net [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2017-02-19 220192]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2017-06-15 36944]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
apple_config REG_MULTI_SZ Apple_Cfg
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-08-05 11:46 1429848 ----a-w- c:\program files\Google\Chrome\Application\60.0.3112.90\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2017-08-05 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-13 20:17]
.
2011-02-22 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2017-07-07 21:48]
.
2016-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1bffee1ac4c3e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2017-08-05 11:51]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1c000120ba96b.job
- c:\program files\Google\Update\GoogleUpdate.exe [2017-08-05 11:51]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d22066d30bdfad.job
- c:\program files\Google\Update\GoogleUpdate.exe [2017-08-05 11:51]
.
2016-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d2206738002651.job
- c:\program files\Google\Update\GoogleUpdate.exe [2017-08-05 11:51]
.
2017-04-05 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2010-11-20 21:29]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uDefault_Search_URL =
mStart Page = about:blank
uInternet Settings,ProxyOverride =
Trusted Zone: localhost
FF - ProfilePath - c:\users\Diaby\AppData\Roaming\Mozilla\Firefox\Profiles\zo5cs3w4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Powered
FF - prefs.js: browser.startup.homepage - hxxps://www.google.fr/?gws_rd=ssl
FF - prefs.js: keyword.URL - true
FF - user.js: extensions.blocklist.detailsURL -
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: extensions.blocklist.interval - 86400
FF - user.js: extensions.blocklist.itemURL -
FF - user.js: extensions.blocklist.url -
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKCU-Run-4c121ab7 - c:\users\Diaby\AppData\Roaming\Microsoft\Crypto\wscript.exe
HKLM-Run-a689fa49fd42104e55e4ba78550f130f - c:\users\Administrateur.Diaby-PC.000\AppData\Roaming\Microsoft Windows Audio Device Graphic Card Isolation.exe
HKLM-Run-AvastUI.exe - c:\program files\AVAST Software\Avast\AvLaunch.exe
SafeBoot-MBAMService
MSConfigStartUp-Aeria Ignite - c:\program files\Aeria Games\Ignite\aeriaignite.exe
MSConfigStartUp-cmsc - c:\program files\cmcm\Clean Master\cmtray.exe
AddRemove-Avast Antivirus - c:\program files\AVAST Software\Avast\Setup\Instup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\XDva535]
"ImagePath"="\??\c:\users\Diaby\AppData\Local\Temp\DinAC35.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-377985148-792701347-3327087119-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-377985148-792701347-3327087119-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(3304)
c:\users\Diaby\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\Telemetry.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\actxprxy.dll
c:\windows\System32\shdocvw.dll
c:\windows\System32\shacct.dll
c:\windows\system32\MsftEdit.dll
c:\windows\System32\gameux.dll
c:\windows\system32\msls31.dll
c:\windows\system32\stobject.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\wlanutil.dll
c:\windows\System32\WSCAPI.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\notepad2\notepad2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Heure de fin: 2017-08-11 19:58:38 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-08-11 17:58
.
Avant-CF: 17 820 602 368 octets libres
Après-CF: 17 608 015 872 octets libres
.
- - End Of File - - 33EE0B291C18F060A926EFE404C10927
A36C5E4F47E84449FF07ED3517B43A31

Signaler le contenu de ce document