Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-08-04.01 - guillaume 21/08/2017 18:30:43.1.8 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.12279.8795 [GMT 2:00]
Lancé depuis: c:\users\guillaume\Desktop\ComboFix.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1343117210.bdinstall.bin
c:\programdata\1460464489.bdinstall.bin
c:\programdata\ntuser.pol
c:\users\guillaume\046.JPG
c:\users\guillaume\048.JPG
c:\users\guillaume\049.JPG
c:\users\guillaume\061.JPG
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-07-21 au 2017-08-21 ))))))))))))))))))))))))))))))))))))
.
.
2017-08-21 16:27 . 2017-08-21 16:27 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-08-21 15:44 . 2017-08-21 15:44 -------- d-----w- c:\programdata\AVAST Software
2017-08-21 14:26 . 2017-08-21 14:26 -------- d-----w- c:\users\guillaume\AppData\Roaming\TeamViewer
2017-08-21 14:26 . 2017-08-21 14:46 -------- d-----w- c:\program files (x86)\TeamViewer
2017-08-17 15:09 . 2017-08-17 15:12 188352 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-08-17 15:09 . 2017-08-21 16:24 101784 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-08-17 15:09 . 2017-08-21 16:24 45472 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-08-17 15:04 . 2017-08-17 15:12 77376 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-08-17 15:03 . 2017-08-17 15:03 -------- d-----w- c:\program files\Malwarebytes
2017-08-17 14:21 . 2016-11-14 13:11 244032 ----a-r- c:\windows\system32\drivers\acsock64.sys
2017-08-17 14:20 . 2017-08-17 14:20 -------- d-----w- c:\users\test
2017-08-15 07:10 . 2017-08-15 07:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-08-21 16:24 . 2016-06-25 15:29 253856 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-08-21 14:21 . 2017-04-05 10:03 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-08-20 13:03 . 2012-03-31 16:02 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-08-20 13:03 . 2011-08-31 16:12 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-08-09 17:05 . 2011-09-04 07:30 140394280 -c--a-w- c:\windows\system32\MRT.exe
2017-07-07 15:10 . 2017-08-09 07:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-06-02 08:10 . 2017-06-14 12:58 733696 ----a-w- c:\windows\HelpPane.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-11-15 9105112]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2017-07-28 27815896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-05-20 595992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DDVCollectorSvcApi;Dell Data Vault Service API;c:\program files\Dell\DellDataVault\DDVCollectorSvcApi.exe;c:\program files\Dell\DellDataVault\DDVCollectorSvcApi.exe [x]
R2 DDVDataCollector;Dell Data Vault Collector;c:\program files\Dell\DellDataVault\DDVDataCollector.exe;c:\program files\Dell\DellDataVault\DDVDataCollector.exe [x]
R2 DDVRulesProcessor;Dell Data Vault Processor;c:\program files\Dell\DellDataVault\DDVRulesProcessor.exe;c:\program files\Dell\DellDataVault\DDVRulesProcessor.exe [x]
R2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0;PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\alienware\supportassist\pcdsrvc_x64.pkms;c:\program files\alienware\supportassist\pcdsrvc_x64.pkms [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouterPro;Wacom Hid Router Pro;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys;c:\windows\SYSNATIVE\drivers\AWOPFilterDriver.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-06-29 3631104]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-04-07 61256]
"Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2010-04-07 167736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\facshbok.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q=
FF - prefs.js: network.proxy.type - 0
.
.
------- Associations de fichier -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0]
"ImagePath"="\??\c:\program files\alienware\supportassist\pcdsrvc_x64.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\2* *-* *ÎN^\nm¨R]
"Category"=""
"ClassIDA"=dword:64c959cf
"ClassIDB"=dword:47df4501
"SubClassIDA"=dword:ffffffff
"SubClassIDB"=dword:ffffffff
"ClassName"="????"
"IsPublic"=dword:00000001
"HasClassParams"=dword:00000000
"IsManipulator"=dword:00000000
"NeedsToSave"=dword:00000000
"InitialRollupPageState"=dword:7fffffff
"OKToCreate"=dword:00000001
"SuperClassID"=dword:00009003
"InternalName"="SlaveFloat"
.
[HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\3* *-* *ÎN^\MOn]
"Category"=""
"ClassIDA"=dword:64c959cf
"ClassIDB"=dword:47df4512
"SubClassIDA"=dword:ffffffff
"SubClassIDB"=dword:ffffffff
"ClassName"="????"
"IsPublic"=dword:00000001
"HasClassParams"=dword:00000000
"IsManipulator"=dword:00000000
"NeedsToSave"=dword:00000000
"InitialRollupPageState"=dword:7fffffff
"OKToCreate"=dword:00000001
"SuperClassID"=dword:0000900b
"InternalName"="SlavePos"
.
[HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\5* *-* *ÎN^\Ëel]
"Category"=""
"ClassIDA"=dword:64c959cf
"ClassIDB"=dword:47df4523
"SubClassIDA"=dword:ffffffff
"SubClassIDB"=dword:ffffffff
"ClassName"="????"
"IsPublic"=dword:00000001
"HasClassParams"=dword:00000000
"IsManipulator"=dword:00000000
"NeedsToSave"=dword:00000000
"InitialRollupPageState"=dword:7fffffff
"OKToCreate"=dword:00000001
"SuperClassID"=dword:0000900c
"InternalName"="SlaveRotation"
.
[HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\6* *-* *ÎN^\ÔkO]
"Category"=""
"ClassIDA"=dword:64c959cf
"ClassIDB"=dword:47df4534
"SubClassIDA"=dword:ffffffff
"SubClassIDB"=dword:ffffffff
"ClassName"="????"
"IsPublic"=dword:00000001
"HasClassParams"=dword:00000000
"IsManipulator"=dword:00000000
"NeedsToSave"=dword:00000000
"InitialRollupPageState"=dword:7fffffff
"OKToCreate"=dword:00000001
"SuperClassID"=dword:0000900d
"InternalName"="SlaveScale"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_151_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_151_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:59,d2,24,3b,13,7b,09,89,cb,90,33,1f,ba,d8,61,87,14,8d,aa,e4,a6,
b9,e2,c2,f5,cf,ad,b3,30,30,42,74,1d,9f,da,fe,45,20,c9,45,6c,88,49,44,e6,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f1,45,15,31,40,79,aa,7b,fb,09,1a,90,1a,73,50,17,d6,b6,81,8e,41,
f1,4f,45,7a,2b,24,37,92,71,36,f7,a0,91,4f,f8,41,f0,8e,7b,1d,da,b4,26,09,0d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.26"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:59,d2,24,3b,13,7b,09,89,cb,90,33,1f,ba,d8,61,87,14,8d,aa,e4,a6,
b9,e2,c2,f5,cf,ad,b3,30,30,42,74,1d,9f,da,fe,45,20,c9,45,6c,88,49,44,e6,2f,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f1,45,15,31,40,79,aa,7b,fb,09,1a,90,1a,73,50,17,d6,b6,81,8e,41,
f1,4f,45,7a,2b,24,37,92,71,36,f7,a0,91,4f,f8,41,f0,8e,7b,1d,da,b4,26,09,0d,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Tablet\Wacom\WacomHost.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files\Alienware\Command Center\AlienFXHook32Mngr.exe
.
**************************************************************************
.
Heure de fin: 2017-08-21 18:37:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-08-21 16:37
.
Avant-CF: 91 420 991 488 octets libres
Après-CF: 90 818 187 264 octets libres
.
- - End Of File - - 7A353763067F0E5F46BEE3B9C275D71D
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.12279.8795 [GMT 2:00]
Lancé depuis: c:\users\guillaume\Desktop\ComboFix.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1343117210.bdinstall.bin
c:\programdata\1460464489.bdinstall.bin
c:\programdata\ntuser.pol
c:\users\guillaume\046.JPG
c:\users\guillaume\048.JPG
c:\users\guillaume\049.JPG
c:\users\guillaume\061.JPG
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-07-21 au 2017-08-21 ))))))))))))))))))))))))))))))))))))
.
.
2017-08-21 16:27 . 2017-08-21 16:27 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-08-21 15:44 . 2017-08-21 15:44 -------- d-----w- c:\programdata\AVAST Software
2017-08-21 14:26 . 2017-08-21 14:26 -------- d-----w- c:\users\guillaume\AppData\Roaming\TeamViewer
2017-08-21 14:26 . 2017-08-21 14:46 -------- d-----w- c:\program files (x86)\TeamViewer
2017-08-17 15:09 . 2017-08-17 15:12 188352 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-08-17 15:09 . 2017-08-21 16:24 101784 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-08-17 15:09 . 2017-08-21 16:24 45472 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-08-17 15:04 . 2017-08-17 15:12 77376 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-08-17 15:03 . 2017-08-17 15:03 -------- d-----w- c:\program files\Malwarebytes
2017-08-17 14:21 . 2016-11-14 13:11 244032 ----a-r- c:\windows\system32\drivers\acsock64.sys
2017-08-17 14:20 . 2017-08-17 14:20 -------- d-----w- c:\users\test
2017-08-15 07:10 . 2017-08-15 07:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-08-21 16:24 . 2016-06-25 15:29 253856 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-08-21 14:21 . 2017-04-05 10:03 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-08-20 13:03 . 2012-03-31 16:02 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-08-20 13:03 . 2011-08-31 16:12 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-08-09 17:05 . 2011-09-04 07:30 140394280 -c--a-w- c:\windows\system32\MRT.exe
2017-07-07 15:10 . 2017-08-09 07:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-06-02 08:10 . 2017-06-14 12:58 733696 ----a-w- c:\windows\HelpPane.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-11-15 9105112]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2017-07-28 27815896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-05-20 595992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DDVCollectorSvcApi;Dell Data Vault Service API;c:\program files\Dell\DellDataVault\DDVCollectorSvcApi.exe;c:\program files\Dell\DellDataVault\DDVCollectorSvcApi.exe [x]
R2 DDVDataCollector;Dell Data Vault Collector;c:\program files\Dell\DellDataVault\DDVDataCollector.exe;c:\program files\Dell\DellDataVault\DDVDataCollector.exe [x]
R2 DDVRulesProcessor;Dell Data Vault Processor;c:\program files\Dell\DellDataVault\DDVRulesProcessor.exe;c:\program files\Dell\DellDataVault\DDVRulesProcessor.exe [x]
R2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0;PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\alienware\supportassist\pcdsrvc_x64.pkms;c:\program files\alienware\supportassist\pcdsrvc_x64.pkms [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouterPro;Wacom Hid Router Pro;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys;c:\windows\SYSNATIVE\drivers\AWOPFilterDriver.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-06-29 3631104]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-04-07 61256]
"Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2010-04-07 167736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\facshbok.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q=
FF - prefs.js: network.proxy.type - 0
.
.
------- Associations de fichier -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0]
"ImagePath"="\??\c:\program files\alienware\supportassist\pcdsrvc_x64.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\2* *-* *ÎN^\nm¨R]
"Category"=""
"ClassIDA"=dword:64c959cf
"ClassIDB"=dword:47df4501
"SubClassIDA"=dword:ffffffff
"SubClassIDB"=dword:ffffffff
"ClassName"="????"
"IsPublic"=dword:00000001
"HasClassParams"=dword:00000000
"IsManipulator"=dword:00000000
"NeedsToSave"=dword:00000000
"InitialRollupPageState"=dword:7fffffff
"OKToCreate"=dword:00000001
"SuperClassID"=dword:00009003
"InternalName"="SlaveFloat"
.
[HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\3* *-* *ÎN^\MOn]
"Category"=""
"ClassIDA"=dword:64c959cf
"ClassIDB"=dword:47df4512
"SubClassIDA"=dword:ffffffff
"SubClassIDB"=dword:ffffffff
"ClassName"="????"
"IsPublic"=dword:00000001
"HasClassParams"=dword:00000000
"IsManipulator"=dword:00000000
"NeedsToSave"=dword:00000000
"InitialRollupPageState"=dword:7fffffff
"OKToCreate"=dword:00000001
"SuperClassID"=dword:0000900b
"InternalName"="SlavePos"
.
[HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\5* *-* *ÎN^\Ëel]
"Category"=""
"ClassIDA"=dword:64c959cf
"ClassIDB"=dword:47df4523
"SubClassIDA"=dword:ffffffff
"SubClassIDB"=dword:ffffffff
"ClassName"="????"
"IsPublic"=dword:00000001
"HasClassParams"=dword:00000000
"IsManipulator"=dword:00000000
"NeedsToSave"=dword:00000000
"InitialRollupPageState"=dword:7fffffff
"OKToCreate"=dword:00000001
"SuperClassID"=dword:0000900c
"InternalName"="SlaveRotation"
.
[HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\6* *-* *ÎN^\ÔkO]
"Category"=""
"ClassIDA"=dword:64c959cf
"ClassIDB"=dword:47df4534
"SubClassIDA"=dword:ffffffff
"SubClassIDB"=dword:ffffffff
"ClassName"="????"
"IsPublic"=dword:00000001
"HasClassParams"=dword:00000000
"IsManipulator"=dword:00000000
"NeedsToSave"=dword:00000000
"InitialRollupPageState"=dword:7fffffff
"OKToCreate"=dword:00000001
"SuperClassID"=dword:0000900d
"InternalName"="SlaveScale"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_151_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_151_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:59,d2,24,3b,13,7b,09,89,cb,90,33,1f,ba,d8,61,87,14,8d,aa,e4,a6,
b9,e2,c2,f5,cf,ad,b3,30,30,42,74,1d,9f,da,fe,45,20,c9,45,6c,88,49,44,e6,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f1,45,15,31,40,79,aa,7b,fb,09,1a,90,1a,73,50,17,d6,b6,81,8e,41,
f1,4f,45,7a,2b,24,37,92,71,36,f7,a0,91,4f,f8,41,f0,8e,7b,1d,da,b4,26,09,0d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.26"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:59,d2,24,3b,13,7b,09,89,cb,90,33,1f,ba,d8,61,87,14,8d,aa,e4,a6,
b9,e2,c2,f5,cf,ad,b3,30,30,42,74,1d,9f,da,fe,45,20,c9,45,6c,88,49,44,e6,2f,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f1,45,15,31,40,79,aa,7b,fb,09,1a,90,1a,73,50,17,d6,b6,81,8e,41,
f1,4f,45,7a,2b,24,37,92,71,36,f7,a0,91,4f,f8,41,f0,8e,7b,1d,da,b4,26,09,0d,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Tablet\Wacom\WacomHost.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files\Alienware\Command Center\AlienFXHook32Mngr.exe
.
**************************************************************************
.
Heure de fin: 2017-08-21 18:37:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-08-21 16:37
.
Avant-CF: 91 420 991 488 octets libres
Après-CF: 90 818 187 264 octets libres
.
- - End Of File - - 7A353763067F0E5F46BEE3B9C275D71D
A36C5E4F47E84449FF07ED3517B43A31