ComboFix.txt

Document joint : GKzuBVqZSXj_ComboFix.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ComboFix 17-11-14.01 - Royal 25/11/2017 20:41:48.8.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.2046.1129 [GMT 1:00]
Lancé depuis: c:\users\Royal\Downloads\Programs\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
SP: Avira Antivirus *Disabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-10-25 au 2017-11-25 ))))))))))))))))))))))))))))))))))))
.
.
2017-11-25 19:53 . 2017-11-25 19:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2017-11-25 19:53 . 2017-11-25 19:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2017-11-25 19:53 . 2017-11-25 19:53 -------- d-----w- c:\users\Invité\AppData\Local\temp
2017-11-25 19:53 . 2017-11-25 19:53 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2017-11-25 19:53 . 2017-11-25 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-11-25 19:53 . 2017-11-25 19:53 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2017-11-25 15:34 . 2017-11-25 15:42 -------- d-----w- c:\users\Royal\AppData\Local\Google
2017-11-25 13:27 . 2017-11-25 13:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28C7F760-CF35-4630-9407-B60BBFCCAE54}\offreg.2956.dll
2017-11-23 21:33 . 2017-11-15 07:59 49936 ----a-w- c:\windows\system32\TURegOpt.exe
2017-11-23 21:33 . 2017-11-15 07:56 42256 ----a-w- c:\windows\system32\authuitu.dll
2017-11-22 22:16 . 2017-10-30 07:26 11282328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28C7F760-CF35-4630-9407-B60BBFCCAE54}\mpengine.dll
2017-11-17 23:01 . 2017-10-18 02:16 114408 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-11-17 23:01 . 2017-10-18 02:11 488448 ----a-w- c:\windows\system32\aeinv.dll
2017-11-17 23:01 . 2017-10-15 22:04 313184 ----a-w- c:\windows\system32\centel.dll
2017-11-17 23:01 . 2017-10-04 13:04 541696 ----a-w- c:\windows\system32\generaltel.dll
2017-11-17 23:01 . 2017-10-04 13:04 509440 ----a-w- c:\windows\system32\devinv.dll
2017-11-17 23:01 . 2017-10-04 13:04 303616 ----a-w- c:\windows\system32\invagent.dll
2017-11-17 23:01 . 2017-10-04 13:04 193536 ----a-w- c:\windows\system32\aepic.dll
2017-11-17 23:01 . 2017-10-04 13:04 1918464 ----a-w- c:\windows\system32\aitstatic.exe
2017-11-17 23:01 . 2017-10-04 13:04 150016 ----a-w- c:\windows\system32\acmigration.dll
2017-11-17 23:01 . 2017-10-04 13:04 1321472 ----a-w- c:\windows\system32\appraiser.dll
2017-11-13 17:40 . 2017-11-25 15:40 -------- d-----w- c:\users\Royal\AppData\Roaming\IDM
2017-11-13 17:39 . 2017-11-23 22:06 -------- d-----w- c:\program files\Internet Download Manager
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-18 19:45 . 2017-10-12 02:02 124282896 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2017-10-18 02:24 . 2017-11-17 23:03 3072 ----a-w- c:\windows\system32\drivers\fr-FR\usbehci.sys.mui
2017-10-18 02:22 . 2017-11-17 23:03 25088 ----a-w- c:\windows\system32\drivers\fr-FR\usbport.sys.mui
2017-10-18 02:21 . 2017-11-17 23:03 11776 ----a-w- c:\windows\system32\drivers\fr-FR\usbhub.sys.mui
2017-09-22 15:07 . 2013-09-13 15:20 130912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2017-09-17 18:52 . 2017-02-22 20:11 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-09-13 15:13 . 2017-10-11 20:58 4001512 ----a-w- c:\windows\system32\ntkrnlpa.exe
2017-09-13 15:13 . 2017-10-11 20:58 3945704 ----a-w- c:\windows\system32\ntoskrnl.exe
2017-09-13 15:13 . 2017-10-11 20:58 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2017-09-13 15:13 . 2017-10-11 20:58 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2017-09-13 15:10 . 2017-10-11 20:58 1310528 ----a-w- c:\windows\system32\ntdll.dll
2017-09-13 15:09 . 2017-10-11 20:58 392704 ----a-w- c:\windows\system32\wlansec.dll
2017-09-13 15:09 . 2017-10-11 20:58 83968 ----a-w- c:\windows\system32\wlanhlp.dll
2017-09-13 15:09 . 2017-10-11 20:58 828928 ----a-w- c:\windows\system32\wlansvc.dll
2017-09-13 15:09 . 2017-10-11 20:58 80896 ----a-w- c:\windows\system32\wlanapi.dll
2017-09-13 15:09 . 2017-10-11 20:58 428032 ----a-w- c:\windows\system32\wlanmsm.dll
2017-09-13 15:09 . 2017-10-11 20:58 172032 ----a-w- c:\windows\system32\wdigest.dll
2017-09-13 15:09 . 2017-10-11 20:58 99840 ----a-w- c:\windows\system32\sspicli.dll
2017-09-13 15:09 . 2017-10-11 20:58 65536 ----a-w- c:\windows\system32\TSpkg.dll
2017-09-13 15:09 . 2017-10-11 20:58 400896 ----a-w- c:\windows\system32\srcore.dll
2017-09-13 15:09 . 2017-10-11 20:58 43008 ----a-w- c:\windows\system32\srclient.dll
2017-09-13 15:09 . 2017-10-11 20:58 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2017-09-13 15:09 . 2017-10-11 20:58 254464 ----a-w- c:\windows\system32\schannel.dll
2017-09-13 15:09 . 2017-10-11 20:58 141312 ----a-w- c:\windows\system32\rpchttp.dll
2017-09-13 15:09 . 2017-10-11 20:58 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2017-09-13 15:09 . 2017-10-11 20:58 22016 ----a-w- c:\windows\system32\secur32.dll
2017-09-13 15:09 . 2017-10-11 20:58 261120 ----a-w- c:\windows\system32\msv1_0.dll
2017-09-13 15:09 . 2017-10-11 20:58 223232 ----a-w- c:\windows\system32\ncrypt.dll
2017-09-13 15:09 . 2017-10-11 20:58 830464 ----a-w- c:\windows\system32\msctf.dll
2017-09-13 15:09 . 2017-10-11 20:58 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-09-13 15:09 . 2017-10-11 20:58 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-09-13 15:08 . 2017-10-11 20:58 554496 ----a-w- c:\windows\system32\kerberos.dll
2017-09-13 15:08 . 2017-10-11 20:58 1062912 ----a-w- c:\windows\system32\lsasrv.dll
2017-09-13 15:08 . 2017-10-11 20:58 38912 ----a-w- c:\windows\system32\csrsrv.dll
2017-09-13 15:08 . 2017-10-11 20:58 17408 ----a-w- c:\windows\system32\credssp.dll
2017-09-13 15:08 . 2017-10-11 20:58 82432 ----a-w- c:\windows\system32\bcrypt.dll
2017-09-13 15:08 . 2017-10-11 20:58 644096 ----a-w- c:\windows\system32\advapi32.dll
2017-09-13 15:08 . 2017-10-11 20:58 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-09-13 15:08 . 2017-10-11 20:58 6656 ----a-w- c:\windows\system32\apisetschema.dll
2017-09-13 15:08 . 2017-10-11 20:58 50688 ----a-w- c:\windows\system32\appidapi.dll
2017-09-13 14:53 . 2017-10-11 20:58 271360 ----a-w- c:\windows\system32\drivers\nwifi.sys
2017-09-13 14:50 . 2017-10-11 20:58 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2017-09-13 14:50 . 2017-10-11 20:58 50688 ----a-w- c:\windows\system32\drivers\appid.sys
2017-09-13 14:50 . 2017-10-11 20:58 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2017-09-13 14:50 . 2017-10-11 20:58 29696 ----a-w- c:\windows\system32\appidsvc.dll
2017-09-13 14:50 . 2017-10-11 20:58 50176 ----a-w- c:\windows\system32\auditpol.exe
2017-09-13 14:48 . 2017-10-11 20:58 262656 ----a-w- c:\windows\system32\rstrui.exe
2017-09-13 14:46 . 2017-10-11 20:58 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2017-09-13 14:46 . 2017-10-11 20:58 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2017-09-13 14:46 . 2017-10-11 20:58 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2017-09-13 14:46 . 2017-10-11 20:58 36352 ----a-w- c:\windows\system32\cryptbase.dll
2017-09-13 14:46 . 2017-10-11 20:58 22016 ----a-w- c:\windows\system32\lsass.exe
2017-09-13 14:46 . 2017-10-11 20:58 15872 ----a-w- c:\windows\system32\sspisrv.dll
2017-09-13 14:46 . 2017-10-11 20:58 69632 ----a-w- c:\windows\system32\smss.exe
2017-09-08 15:09 . 2017-10-11 20:58 306688 ----a-w- c:\windows\system32\gdi32.dll
2017-09-08 14:20 . 2017-10-11 20:58 640512 ----a-w- c:\windows\system32\mswstr10.dll
2017-09-08 14:20 . 2017-10-11 20:58 8704 ----a-w- c:\windows\system32\msjint40.dll
2017-09-07 15:12 . 2017-10-11 20:58 2755072 ----a-w- c:\windows\system32\themeui.dll
2017-09-07 14:48 . 2017-10-11 20:58 312320 ----a-w- c:\windows\system32\drivers\srv.sys
2017-09-07 14:48 . 2017-10-11 20:58 313856 ----a-w- c:\windows\system32\drivers\srv2.sys
2017-09-07 14:48 . 2017-10-11 20:58 115712 ----a-w- c:\windows\system32\drivers\srvnet.sys
2017-09-02 18:36 . 2013-09-13 15:20 153664 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-03-26 11:48 . 2015-03-26 11:48 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
"uTorrent"="c:\users\Royal\AppData\Roaming\uTorrent\uTorrent.exe" [2017-09-28 1982144]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2017-09-20 7685808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2017-10-31 220288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hear.lnk - c:\program files\Hear\Hear.exe [2017-6-7 2589832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-09-04 12:44 55349888 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe"
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe"
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"snpstd3"="c:\windows\vsnpstd3.exe"
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" -startup
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HSPALauncher"="c:\progra~1\HSPAUS~1\HSPALA~1.EXE"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2017-11-23 1128944]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;c:\windows\system32\DRIVERS\cmusbser.sys [2013-06-29 103552]
R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [2015-06-08 509424]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2014-08-15 18944]
R3 netr28u;TP-LINK Wireless USB Adapter;c:\windows\system32\DRIVERS\netr28u.sys [2011-03-14 1174880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2017-08-13 15872]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys [x]
R3 TIACXLN;22M WLAN Adapter;c:\windows\system32\DRIVERS\tiacxln.sys [2003-03-05 168583]
R3 TpMediaServer;TpMediaServer;c:\program files\TP-LINK\COMMON\RaMediaServer.exe [2011-03-14 619872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-02-25 114976]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2014-02-25 94496]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-19 1343400]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2017-11-23 1526832]
S0 avdevprot;avdevprot;c:\windows\system32\DRIVERS\avdevprot.sys [2017-06-14 46440]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2017-03-23 35840]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2017-11-23 490968]
S2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [2017-10-31 1189720]
S2 Avira.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2017-10-26 407408]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2017-03-23 59000]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2017-08-05 149224]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-02-03 409800]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2017-11-15 4448016]
S2 uSHAREitSvc;SHAREit Hotspot Service;c:\program files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [2017-09-11 33224]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuw.sys [2011-07-28 1763584]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 REN2CAP_DRIVER;Hear;c:\windows\system32\drivers\ren2cap.sys [2011-11-07 39048]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2017-11-15 31792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
.
------- Examen supplémentaire -------
.
uStart Page = www.google.com
uDefault_Search_URL = https://search.avira.net/#web/result?source=art&q=
mStart Page = https://search.avira.net/#web/result?source=art&q=
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{C355692B-6725-4506-B912-019E7652939E}: NameServer = 192.168.1.1
TCP: Interfaces\{F802D87D-18A5-4D4B-8C5C-1D4E0A674A8A}: NameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
{CDC95B92-E27C-4745-A8C5-64A52A78855D}"-IDM Shell Extension - ShellIconOverlayIdentifiers
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1170095214-172599411-1462784818-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*O*ümh*file:///E:/Tevez/ZziCkkk/Azuro%20ft.%20Elly%20-%20Je%20Ne%20Sais%20Pas%20%28R.I.O.%20Remix%29%20%28www.SongsLover.com%29.mp3]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1170095214-172599411-1462784818-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*O*ümh*file:///E:/Tevez/ZziCkkk/Azuro%20ft.%20Elly%20-%20Je%20Ne%20Sais%20Pas%20%28R.I.O.%20Remix%29%20%28www.SongsLover.com%29.mp3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1170095214-172599411-1462784818-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**5öê_Ç<§Ñw]êSn`]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1170095214-172599411-1462784818-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**5öê_Ç<§Ñw]êSn`\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1170095214-172599411-1462784818-1001\Software\SecuROM\License information*]
"datasecu"=hex:81,2d,7d,bc,2e,7f,91,26,88,04,bf,a3,4d,a6,85,32,a8,56,b1,f7,69,
18,12,ef,32,7e,f3,ac,e6,22,1d,21,17,49,2a,c8,31,b8,b2,a0,96,ea,0b,73,96,3f,\
"rkeysecu"=hex:ac,7e,9a,7a,72,37,8e,85,df,82,2f,56,85,7e,b3,a3
.
[HKEY_USERS\S-1-5-21-1170095214-172599411-1462784818-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):8d,ac,2d,cf,69,9c,5d,f5,ea,38,6b,b6,21,3c,d9,91,ef,4f,97,95,3b,
fb,d1,13,52,ee,ae,d6,0a,2e,90,f6,12,94,ef,07,2a,de,f4,81,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1170095214-172599411-1462784818-1001_Classes\CLSID\{718b1c5f-1825-4dc4-b854-8f409e011324}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ca
"Therad"=dword:00000019
.
[HKEY_USERS\S-1-5-21-1170095214-172599411-1462784818-1001_Classes\CLSID\{b2c37870-d607-41f2-97db-8fc6b7071b85}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000002c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_131_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_26_0_0_131_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files\TP-LINK\COMMON\RaRegistry.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\Framework\Common\avguix.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
c:\program files\Avira\AntiVir Desktop\avgnt.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\users\Royal\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe
c:\users\Royal\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe
c:\windows\system32\DllHost.exe
c:\program files\Avira\Launcher\Avira.Systray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Heure de fin: 2017-11-25 21:06:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-11-25 20:06
ComboFix2.txt 2017-08-03 19:51
ComboFix3.txt 2016-07-24 22:52
ComboFix4.txt 2015-01-29 13:31
.
Avant-CF: 3 878 703 104 octets libres
Après-CF: 3 524 915 200 octets libres
.
- - End Of File - - 0D6DB6F82543BA567C91DF4E040C199C
A36C5E4F47E84449FF07ED3517B43A31

Signaler le contenu de ce document