Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-10-17.01 - ilyes 11/11/2017 10:17:26.1.2 - x64
Lancé depuis: c:\users\ilyes\Desktop\ComboFix.exe
* Un antivirus résident est actif
.
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\FireFox\uninstall\helper.exe
c:\programdata\A18EEC3FB1.sys
c:\users\ilyes\AppData\Local\Installer\Installshopperpro_18574
c:\users\ilyes\AppData\Local\Installer\Installytd_8307
c:\users\ilyes\AppData\Roaming\DRPSu
c:\users\ilyes\AppData\Roaming\DRPSu\Logs\log___2017-11-01-13-50-13.html
c:\users\ilyes\AppData\Roaming\DRPSu\temp\ps.j9h3nbzr.e7c4r.cmd.txt
c:\users\ilyes\AppData\Roaming\DRPSu\temp\ps.j9h3nbzr.e7c4r.stderr.log
c:\users\ilyes\AppData\Roaming\DRPSu\temp\ps.j9h3nbzr.e7c4r.stdout.log
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-10-11 au 2017-11-11 ))))))))))))))))))))))))))))))))))))
.
.
2017-11-11 11:34 . 2017-11-11 11:34 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2017-11-11 11:34 . 2017-11-11 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-11-11 01:03 . 2017-11-11 01:06 -------- d-----w- c:\users\ilyes\AppData\Roaming\ZHP
2017-11-11 01:03 . 2017-11-11 01:05 -------- d-----w- c:\users\ilyes\AppData\Local\ZHP
2017-11-10 13:20 . 2017-11-10 13:20 -------- d-----w- c:\programdata\Reason
2017-11-10 13:19 . 2017-11-10 13:19 -------- d-----w- c:\program files\Reason
2017-11-04 22:14 . 2017-11-08 16:23 -------- d-----w- c:\programdata\Malwarebytes
2017-11-04 15:25 . 2017-11-04 15:25 -------- d-----w- c:\users\ilyes\AppData\Roaming\Obsidium
2017-11-02 17:59 . 2017-11-02 17:59 -------- d-----w- c:\users\ilyes\AppData\Roaming\Emjysoft
2017-11-01 18:58 . 2017-11-01 18:58 -------- d-----w- c:\users\ilyes\AppData\Local\DESlock+
2017-11-01 14:41 . 2014-06-16 06:01 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2017-11-01 14:41 . 2014-06-16 06:01 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2017-11-01 14:41 . 2014-06-16 06:01 206080 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2017-11-01 14:41 . 2014-06-16 06:01 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2017-11-01 14:41 . 2014-06-16 06:01 110336 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2017-11-01 14:28 . 2017-11-01 17:10 -------- d-----w- c:\users\ilyes\AppData\Local\IIIQF
2017-11-01 13:40 . 2017-11-01 13:40 -------- d-----w- c:\users\ilyes\AppData\Local\Samsung
2017-11-01 13:31 . 2016-05-18 00:49 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2017-11-01 13:19 . 2017-11-01 13:19 -------- d-----w- c:\users\ilyes\AppData\Local\Downloaded Installations
2017-11-01 12:55 . 2017-11-01 12:55 -------- d-----w- c:\program files\SAMSUNG
2017-11-01 12:53 . 2017-11-01 13:28 -------- d-----w- c:\programdata\Samsung
2017-10-17 08:07 . 2017-10-17 08:07 133856 ----a-w- c:\windows\system32\drivers\eamonm.sys
2017-10-14 19:14 . 2017-10-14 19:14 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-02 17:56 . 2015-06-19 08:52 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2017-10-05 09:00 . 2017-10-05 09:00 180088 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2017-10-04 01:21 . 2017-10-04 01:21 29352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-10-04 01:21 . 2017-10-04 01:21 19088 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-10-04 01:21 . 2017-10-04 01:21 19088 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-10-04 01:21 . 2017-10-04 01:21 19088 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-10-03 20:45 . 2017-10-03 20:45 30888 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-10-03 20:45 . 2017-10-03 20:45 19088 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-10-03 20:45 . 2017-10-03 20:45 19088 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-10-03 20:45 . 2017-10-03 20:45 19088 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-09-25 14:15 . 2017-09-25 14:15 81888 ----a-w- c:\windows\system32\drivers\epfw.sys
2017-09-25 14:15 . 2017-09-25 14:15 61040 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2017-09-25 14:15 . 2017-09-25 14:15 106312 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2017-09-25 14:15 . 2017-09-25 14:15 107336 ----a-w- c:\windows\system32\drivers\edevmon.sys
2017-09-25 14:15 . 2017-09-25 14:15 50744 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2017-09-14 18:23 . 2015-06-08 22:57 138202976 -c--a-w- c:\windows\system32\MRT.exe
2017-08-30 12:23 . 2017-08-30 12:23 987840 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2017-08-30 12:23 . 2017-08-30 12:23 485576 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-23 08:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-23 08:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-23 08:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2017-10-03 4035696]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-05-05 9772248]
"uTorrent"="c:\users\ilyes\AppData\Roaming\uTorrent\uTorrent.exe" [2017-09-29 1982144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe [x]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R2 veesrig;veesrig;c:\programdata\AruaTuss\etytasam.exe;c:\programdata\AruaTuss\etytasam.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\globalupdate.exe;c:\program files (x86)\globalUpdate\Update\globalupdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe;c:\program files\ESET\ESET Security\ekrn.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 rscp;rscp;c:\program files\Reason\Security\Protection\rscp\bin\rscp_svc.exe;c:\program files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [x]
S2 rsService;Reason Core Security Service;c:\program files\Reason\Security\rsService.exe;c:\program files\Reason\Security\rsService.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 IUFileFilter;IUFileFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [x]
S3 IURegProcessFilter;IURegProcessFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [x]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-19 17:00]
.
2017-09-29 c:\windows\Tasks\iToolsDaemon.job
- c:\program files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2017-05-22 21:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2017-05-22 11:16 2478880 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-23 08:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-23 08:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-23 08:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-25 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-25 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-25 410136]
"egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2017-11-10 323328]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = https://safesearch.avira.com/#web/result?source=art&q=
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
Trusted Zone: localhost
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: eset.com\help
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
TCP: DhcpNameServer = 41.110.30.2 41.110.32.3
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-MBAMService
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
Toolbar-10 - (no file)
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2273173420-234936974-565166110-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (S-1-5-32)
@SACL=
"scansk"=hex(0):82,f1,63,91,78,e0,02,14,a1,9f,27,36,68,50,98,2c,8f,cd,ed,9f,6a,
4e,a8,07,d3,cf,12,81,08,4b,77,bf,85,3f,24,86,fe,e9,2f,20,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2273173420-234936974-565166110-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (S-1-5-32)
@SACL=
"scansk"=hex(0):2b,cc,4c,97,0b,cd,69,59,75,84,4d,ac,c5,34,30,b6,9b,ea,04,94,36,
6d,1c,d4,34,7f,6d,33,32,35,ce,c2,2d,5c,1f,c8,61,0c,65,0b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2273173420-234936974-565166110-1001_Classes\Wow6432Node\CLSID\{97813098-2203-4c45-9783-b10a287ab9e6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e7
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2273173420-234936974-565166110-1001_Classes\Wow6432Node\CLSID\{d89be546-19ff-4937-9f5e-54e2f57df803}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ba
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,48,19,a5,63,93,69,65,34,33,a7,a6,4d,42,ed,4f,8f,9d,d6,8f,41,e4,cf,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-11-11 11:39:27
ComboFix-quarantined-files.txt 2017-11-11 11:39
.
Avant-CF: 177 504 350 208 octets libres
Après-CF: 177 197 240 320 octets libres
.
- - End Of File - - 328A63FA58DEC4857359C558B0757FB8
A36C5E4F47E84449FF07ED3517B43A31
Lancé depuis: c:\users\ilyes\Desktop\ComboFix.exe
* Un antivirus résident est actif
.
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\FireFox\uninstall\helper.exe
c:\programdata\A18EEC3FB1.sys
c:\users\ilyes\AppData\Local\Installer\Installshopperpro_18574
c:\users\ilyes\AppData\Local\Installer\Installytd_8307
c:\users\ilyes\AppData\Roaming\DRPSu
c:\users\ilyes\AppData\Roaming\DRPSu\Logs\log___2017-11-01-13-50-13.html
c:\users\ilyes\AppData\Roaming\DRPSu\temp\ps.j9h3nbzr.e7c4r.cmd.txt
c:\users\ilyes\AppData\Roaming\DRPSu\temp\ps.j9h3nbzr.e7c4r.stderr.log
c:\users\ilyes\AppData\Roaming\DRPSu\temp\ps.j9h3nbzr.e7c4r.stdout.log
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-10-11 au 2017-11-11 ))))))))))))))))))))))))))))))))))))
.
.
2017-11-11 11:34 . 2017-11-11 11:34 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2017-11-11 11:34 . 2017-11-11 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-11-11 01:03 . 2017-11-11 01:06 -------- d-----w- c:\users\ilyes\AppData\Roaming\ZHP
2017-11-11 01:03 . 2017-11-11 01:05 -------- d-----w- c:\users\ilyes\AppData\Local\ZHP
2017-11-10 13:20 . 2017-11-10 13:20 -------- d-----w- c:\programdata\Reason
2017-11-10 13:19 . 2017-11-10 13:19 -------- d-----w- c:\program files\Reason
2017-11-04 22:14 . 2017-11-08 16:23 -------- d-----w- c:\programdata\Malwarebytes
2017-11-04 15:25 . 2017-11-04 15:25 -------- d-----w- c:\users\ilyes\AppData\Roaming\Obsidium
2017-11-02 17:59 . 2017-11-02 17:59 -------- d-----w- c:\users\ilyes\AppData\Roaming\Emjysoft
2017-11-01 18:58 . 2017-11-01 18:58 -------- d-----w- c:\users\ilyes\AppData\Local\DESlock+
2017-11-01 14:41 . 2014-06-16 06:01 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2017-11-01 14:41 . 2014-06-16 06:01 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2017-11-01 14:41 . 2014-06-16 06:01 206080 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2017-11-01 14:41 . 2014-06-16 06:01 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2017-11-01 14:41 . 2014-06-16 06:01 110336 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2017-11-01 14:28 . 2017-11-01 17:10 -------- d-----w- c:\users\ilyes\AppData\Local\IIIQF
2017-11-01 13:40 . 2017-11-01 13:40 -------- d-----w- c:\users\ilyes\AppData\Local\Samsung
2017-11-01 13:31 . 2016-05-18 00:49 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2017-11-01 13:19 . 2017-11-01 13:19 -------- d-----w- c:\users\ilyes\AppData\Local\Downloaded Installations
2017-11-01 12:55 . 2017-11-01 12:55 -------- d-----w- c:\program files\SAMSUNG
2017-11-01 12:53 . 2017-11-01 13:28 -------- d-----w- c:\programdata\Samsung
2017-10-17 08:07 . 2017-10-17 08:07 133856 ----a-w- c:\windows\system32\drivers\eamonm.sys
2017-10-14 19:14 . 2017-10-14 19:14 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-02 17:56 . 2015-06-19 08:52 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2017-10-05 09:00 . 2017-10-05 09:00 180088 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2017-10-04 01:21 . 2017-10-04 01:21 29352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-10-04 01:21 . 2017-10-04 01:21 19088 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-10-04 01:21 . 2017-10-04 01:21 19088 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-10-04 01:21 . 2017-10-04 01:21 19088 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-10-03 20:45 . 2017-10-03 20:45 30888 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-10-03 20:45 . 2017-10-03 20:45 19088 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-10-03 20:45 . 2017-10-03 20:45 19088 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-10-03 20:45 . 2017-10-03 20:45 19088 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-09-25 14:15 . 2017-09-25 14:15 81888 ----a-w- c:\windows\system32\drivers\epfw.sys
2017-09-25 14:15 . 2017-09-25 14:15 61040 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2017-09-25 14:15 . 2017-09-25 14:15 106312 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2017-09-25 14:15 . 2017-09-25 14:15 107336 ----a-w- c:\windows\system32\drivers\edevmon.sys
2017-09-25 14:15 . 2017-09-25 14:15 50744 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2017-09-14 18:23 . 2015-06-08 22:57 138202976 -c--a-w- c:\windows\system32\MRT.exe
2017-08-30 12:23 . 2017-08-30 12:23 987840 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2017-08-30 12:23 . 2017-08-30 12:23 485576 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-23 08:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-23 08:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-23 08:34 1743664 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2017-10-03 4035696]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-05-05 9772248]
"uTorrent"="c:\users\ilyes\AppData\Roaming\uTorrent\uTorrent.exe" [2017-09-29 1982144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe [x]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R2 veesrig;veesrig;c:\programdata\AruaTuss\etytasam.exe;c:\programdata\AruaTuss\etytasam.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\globalupdate.exe;c:\program files (x86)\globalUpdate\Update\globalupdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Security\ekrn.exe;c:\program files\ESET\ESET Security\ekrn.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 rscp;rscp;c:\program files\Reason\Security\Protection\rscp\bin\rscp_svc.exe;c:\program files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [x]
S2 rsService;Reason Core Security Service;c:\program files\Reason\Security\rsService.exe;c:\program files\Reason\Security\rsService.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 IUFileFilter;IUFileFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [x]
S3 IURegProcessFilter;IURegProcessFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [x]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-19 17:00]
.
2017-09-29 c:\windows\Tasks\iToolsDaemon.job
- c:\program files (x86)\ThinkSky\iTools 3\iToolsDaemon.exe [2017-05-22 21:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2017-05-22 11:16 2478880 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-23 08:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-23 08:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-23 08:29 2351920 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-25 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-25 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-25 410136]
"egui"="c:\program files\ESET\ESET Security\ecmds.exe" [2017-11-10 323328]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = https://safesearch.avira.com/#web/result?source=art&q=
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
Trusted Zone: localhost
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: eset.com\help
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
TCP: DhcpNameServer = 41.110.30.2 41.110.32.3
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-MBAMService
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
Toolbar-10 - (no file)
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2273173420-234936974-565166110-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (S-1-5-32)
@SACL=
"scansk"=hex(0):82,f1,63,91,78,e0,02,14,a1,9f,27,36,68,50,98,2c,8f,cd,ed,9f,6a,
4e,a8,07,d3,cf,12,81,08,4b,77,bf,85,3f,24,86,fe,e9,2f,20,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2273173420-234936974-565166110-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (S-1-5-32)
@SACL=
"scansk"=hex(0):2b,cc,4c,97,0b,cd,69,59,75,84,4d,ac,c5,34,30,b6,9b,ea,04,94,36,
6d,1c,d4,34,7f,6d,33,32,35,ce,c2,2d,5c,1f,c8,61,0c,65,0b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2273173420-234936974-565166110-1001_Classes\Wow6432Node\CLSID\{97813098-2203-4c45-9783-b10a287ab9e6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e7
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2273173420-234936974-565166110-1001_Classes\Wow6432Node\CLSID\{d89be546-19ff-4937-9f5e-54e2f57df803}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ba
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,48,19,a5,63,93,69,65,34,33,a7,a6,4d,42,ed,4f,8f,9d,d6,8f,41,e4,cf,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-11-11 11:39:27
ComboFix-quarantined-files.txt 2017-11-11 11:39
.
Avant-CF: 177 504 350 208 octets libres
Après-CF: 177 197 240 320 octets libres
.
- - End Of File - - 328A63FA58DEC4857359C558B0757FB8
A36C5E4F47E84449FF07ED3517B43A31