Format du document : text/plain
Prévisualisation
ComboFix 17-10-17.01 - Magali 25/10/2017 10:51:58.1.1 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3839.1819 [GMT 2:00]
Lancé depuis: c:\users\Magali\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\logs\scecomp.log
c:\windows\SysWow64\config\systemprofile\user.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-09-25 au 2017-10-25 ))))))))))))))))))))))))))))))))))))
.
.
2017-10-25 09:12 . 2017-10-25 09:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-10-25 09:12 . 2017-10-25 09:12 -------- d-----w- c:\users\Luna\AppData\Local\temp
2017-10-25 09:12 . 2017-10-25 09:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-10-25 08:47 . 2017-10-25 08:47 -------- d-----w- c:\programdata\SWCUTemp
2017-10-20 14:27 . 2017-10-20 14:36 -------- d-----w- c:\users\Magali\AppData\Local\CUSTPDF Writer
2017-10-17 06:14 . 2017-10-17 06:14 -------- d-----w- c:\program files (x86)\ESET
2017-10-16 06:40 . 2017-10-16 06:40 -------- d-----w- c:\programdata\DigitalWave.ApplicationUpdater_files
2017-10-15 17:33 . 2017-10-16 06:44 -------- d-----w- C:\FRST
2017-10-14 19:31 . 2017-10-14 19:31 -------- d-----w- c:\program files\Malwarebytes
2017-10-14 08:07 . 2017-10-14 08:12 -------- d-----w- C:\AdwCleaner
2017-10-13 01:15 . 2017-10-13 01:15 126925120 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2017-10-12 20:08 . 2017-09-13 15:09 392704 ----a-w- c:\windows\SysWow64\wlansec.dll
2017-10-11 07:10 . 2017-10-11 07:10 -------- d-----w- c:\users\Magali\AppData\Local\Lavasoft
2017-10-11 07:08 . 2017-10-14 08:43 -------- d-----w- c:\program files (x86)\Lavasoft
2017-10-04 19:20 . 2017-10-04 19:20 -------- d-----w- c:\users\Magali\AppData\Roaming\HPPSDr
2017-10-04 18:47 . 2017-10-04 18:47 401488 ----a-w- c:\windows\system32\aswBoot.exe
2017-10-03 11:00 . 2017-10-03 11:00 -------- d-----w- c:\program files\Mozilla Firefox
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-10-13 01:15 . 2011-01-24 11:33 126925120 -c--a-w- c:\windows\system32\MRT.exe
2017-10-11 06:55 . 2012-08-31 07:53 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-10-11 06:55 . 2011-06-01 08:15 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-10-04 18:47 . 2013-12-27 12:54 201352 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-10-04 18:47 . 2013-03-05 15:02 363440 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-10-04 18:47 . 2014-04-25 18:20 47008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-10-04 18:47 . 2013-03-05 15:02 84416 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-10-04 18:47 . 2012-04-16 23:28 587168 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-10-04 18:47 . 2012-04-16 23:27 147776 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-10-04 18:47 . 2012-04-16 23:28 110376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-10-04 18:45 . 2012-04-16 23:28 1020536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-10-04 18:45 . 2017-03-02 16:07 57736 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-10-04 18:45 . 2017-03-02 16:07 343288 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-10-04 18:45 . 2017-03-02 16:07 198976 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-10-04 18:45 . 2017-03-02 16:07 321032 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-09-17 07:11 . 2016-02-23 19:56 41832 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-09-13 15:08 . 2017-10-12 20:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-08-22 10:09 . 2017-08-22 10:09 42064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2017-08-19 15:28 . 2017-09-23 14:38 197120 ----a-w- c:\windows\system32\shdocvw.dll
2017-08-16 15:29 . 2017-09-23 14:38 806912 ----a-w- c:\windows\system32\usp10.dll
2017-08-16 15:10 . 2017-09-23 14:38 629760 ----a-w- c:\windows\SysWow64\usp10.dll
2017-08-15 15:29 . 2017-09-23 14:38 14182400 ----a-w- c:\windows\system32\shell32.dll
2017-08-15 15:29 . 2017-09-23 14:38 1867264 ----a-w- c:\windows\system32\ExplorerFrame.dll
2017-08-15 15:10 . 2017-09-23 14:38 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2017-08-14 17:35 . 2017-09-23 14:38 2150912 ----a-w- c:\windows\SysWow64\mmcndmgr.dll
2017-08-14 17:35 . 2017-09-23 14:38 303104 ----a-w- c:\windows\SysWow64\mmcbase.dll
2017-08-14 17:35 . 2017-09-23 14:38 128512 ----a-w- c:\windows\SysWow64\mmcshext.dll
2017-08-14 17:35 . 2017-09-23 14:38 172544 ----a-w- c:\windows\SysWow64\cic.dll
2017-08-14 17:35 . 2017-09-23 14:38 3203584 ----a-w- c:\windows\system32\mmcndmgr.dll
2017-08-14 17:35 . 2017-09-23 14:38 355328 ----a-w- c:\windows\system32\mmcbase.dll
2017-08-14 17:35 . 2017-09-23 14:38 131072 ----a-w- c:\windows\system32\mmcshext.dll
2017-08-14 17:34 . 2017-09-23 14:38 211968 ----a-w- c:\windows\system32\cic.dll
2017-08-13 21:37 . 2017-09-23 14:38 2144256 ----a-w- c:\windows\system32\mmc.exe
2017-08-13 21:30 . 2017-09-23 14:38 1401344 ----a-w- c:\windows\SysWow64\mmc.exe
2017-08-13 13:31 . 2015-08-19 08:53 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2017-08-11 06:35 . 2017-09-23 14:38 757248 ----a-w- c:\windows\system32\win32spl.dll
2017-08-11 06:35 . 2017-09-23 14:38 313856 ----a-w- c:\windows\system32\Wldap32.dll
2017-08-11 06:35 . 2017-09-23 14:38 25600 ----a-w- c:\windows\system32\winnsi.dll
2017-08-11 06:35 . 2017-09-23 14:38 512000 ----a-w- c:\windows\system32\rpcss.dll
2017-08-11 06:35 . 2017-09-23 14:38 346112 ----a-w- c:\windows\system32\ntprint.dll
2017-08-11 06:35 . 2017-09-23 14:38 26112 ----a-w- c:\windows\system32\nsisvc.dll
2017-08-11 06:35 . 2017-09-23 14:38 13312 ----a-w- c:\windows\system32\nsi.dll
2017-08-11 06:35 . 2017-09-23 14:38 2065408 ----a-w- c:\windows\system32\ole32.dll
2017-08-11 06:35 . 2017-09-23 14:38 26112 ----a-w- c:\windows\system32\oleres.dll
2017-08-11 06:34 . 2017-09-23 14:38 971776 ----a-w- c:\windows\system32\localspl.dll
2017-08-11 06:34 . 2017-09-23 14:38 166400 ----a-w- c:\windows\system32\inetpp.dll
2017-08-11 06:34 . 2017-09-23 14:38 22528 ----a-w- c:\windows\system32\inetppui.dll
2017-08-11 06:34 . 2017-09-23 14:38 8704 ----a-w- c:\windows\system32\comcat.dll
2017-08-11 06:20 . 2017-09-23 14:38 48640 ----a-w- c:\windows\system32\wpnpinst.exe
2017-08-11 06:20 . 2017-09-23 14:38 61952 ----a-w- c:\windows\system32\ntprint.exe
2017-08-11 06:19 . 2017-09-23 14:38 497664 ----a-w- c:\windows\SysWow64\win32spl.dll
2017-08-11 06:19 . 2017-09-23 14:38 271360 ----a-w- c:\windows\SysWow64\Wldap32.dll
2017-08-11 06:19 . 2017-09-23 14:38 16384 ----a-w- c:\windows\SysWow64\winnsi.dll
2017-08-11 06:19 . 2017-09-23 14:38 299008 ----a-w- c:\windows\SysWow64\ntprint.dll
2017-08-11 06:19 . 2017-09-23 14:38 8704 ----a-w- c:\windows\SysWow64\nsi.dll
2017-08-11 06:19 . 2017-09-23 14:38 1417728 ----a-w- c:\windows\SysWow64\ole32.dll
2017-08-11 06:19 . 2017-09-23 14:38 26112 ----a-w- c:\windows\SysWow64\oleres.dll
2017-08-11 06:12 . 2017-09-23 14:38 25088 ----a-w- c:\windows\system32\netbtugc.exe
2017-08-11 06:09 . 2017-09-23 14:38 61952 ----a-w- c:\windows\SysWow64\ntprint.exe
2017-08-11 06:03 . 2017-09-23 14:38 26624 ----a-w- c:\windows\SysWow64\netbtugc.exe
2017-08-11 06:01 . 2017-09-23 14:38 7168 ----a-w- c:\windows\SysWow64\comcat.dll
2017-08-11 06:00 . 2017-09-23 14:38 262656 ----a-w- c:\windows\system32\drivers\netbt.sys
2017-08-11 05:58 . 2017-09-23 14:38 26112 ----a-w- c:\windows\system32\drivers\nsiproxy.sys
2017-07-29 14:56 . 2017-08-11 22:15 117248 ----a-w- c:\windows\system32\drivers\tdx.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-09-20 9856176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-07-21 587288]
"WDAppManager"="c:\program files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe" [2016-08-04 21384]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2016-08-05 1767816]
"DriveUtilitiesHelper"="c:\program files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe" [2016-08-05 1953688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WD Backup Drive Helper;WD Backup Drive Helper;c:\windows\SysWOW64\dllhost.exe;c:\windows\SysWOW64\dllhost.exe [x]
R3 WD Backup Snapshot;WD Backup Snapshot;c:\windows\SysWOW64\dllhost.exe;c:\windows\SysWOW64\dllhost.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
R4 ogmservice;Online Games Manager;c:\program files (x86)\Online Games Manager\ogmservice.exe;c:\program files (x86)\Online Games Manager\ogmservice.exe [x]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R4 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DigitalWave.Update.Service;Digital Wave Update Service;c:\program files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe;c:\program files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64_prewin8.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64_prewin8.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMWEBPROTECTION
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-02 12:32 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-08-10 15:24 324080 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contenu du dossier 'Tâches planifiées'
.
2017-10-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-31 12:55]
.
2017-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14 17:39]
.
2017-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14 17:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-10-04 18:47 1789648 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-10-04 18:47 1789648 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-10-04 253344]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
Trusted Zone: driversupport.com\apps
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Magali\AppData\Roaming\Mozilla\Firefox\Profiles\xf9fzobn.default-1485170335518\
FF - prefs.js: browser.search.selectedEngine - Bing®
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=COSP&ptag=D101117-A6AA2274B27&form=CONMHP&conlogo=CT3335819
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
SafeBoot-MBAMService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{431ec7c0-f990-4240-8012-95c642bbe5b7} - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1743326474-3589483476-2283609743-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_27_0_0_130_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_27_0_0_130_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_27_0_0_130_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_27_0_0_130_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_27_0_0_130.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.27"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_27_0_0_130.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_27_0_0_130.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_27_0_0_130.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-10-25 11:19:20
ComboFix-quarantined-files.txt 2017-10-25 09:19
.
Avant-CF: 111 053 017 088 octets libres
Après-CF: 111 630 077 952 octets libres
.
- - End Of File - - EDAFBC6F7E984AC21DCDDCBE22FC13A3
A36C5E4F47E84449FF07ED3517B43A31