Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 18-08-08.01 - Robert 10/01/2019 19:33:39.1.4 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2678 [GMT 1:00]
Lancé depuis: c:\documents and settings\Robert\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Robert\SendTo\Unlocker.exe
C:\Documents
C:\Thumbs.db
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2018-12-10 au 2019-01-10 ))))))))))))))))))))))))))))))))))))
.
.
2019-01-08 20:25 . 2019-01-08 20:27 -------- d-----w- C:\FRST
2019-01-08 13:23 . 2019-01-10 17:17 -------- d-----w- c:\documents and settings\Robert\Application Data\ZHP
2019-01-08 13:23 . 2019-01-08 13:23 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\ZHP
2019-01-08 13:20 . 2019-01-09 14:08 -------- d-----w- C:\AdwCleaner
2019-01-08 10:44 . 2019-01-08 10:44 -------- d-----w- c:\documents and settings\Robert\Application Data\FastStone
2018-12-31 21:07 . 2018-12-31 21:07 181496 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2018-12-31 21:07 . 2018-12-31 21:07 181496 ----a-w- c:\windows\system32\drivers\zam32.sys
2018-12-31 21:07 . 2018-12-31 21:07 -------- d-----w- c:\program files\Zemana AntiMalware
2018-12-31 20:21 . 2018-12-31 20:21 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Zemana
2018-12-31 20:20 . 2018-12-31 20:20 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\Zemana
2018-12-23 13:17 . 2018-12-27 20:13 12872 ----a-w- c:\windows\system32\bootdelete.exe
2018-12-23 09:37 . 2018-12-23 09:37 -------- d-----w- c:\program files\HitmanPro
2018-12-23 09:35 . 2018-12-29 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2018-12-20 21:30 . 2018-12-20 21:30 -------- d-----w- c:\documents and settings\Robert\Application Data\PhotoFiltre 7
2018-12-16 20:40 . 2018-12-16 20:41 -------- dc-h--w- c:\windows\ie8
2018-12-16 20:04 . 2018-12-16 20:04 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\FastStone
2018-12-16 18:21 . 2018-12-16 18:21 -------- d-----w- c:\program files\Mozilla Maintenance Service
2018-12-16 18:21 . 2018-06-21 19:45 875384 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2018-12-16 18:21 . 2018-06-21 15:21 66000 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2018-12-16 18:21 . 2018-06-21 15:19 517072 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-01-08 09:56 . 2018-07-12 09:12 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2019-01-03 18:09 . 2014-10-07 08:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2019-01-03 18:09 . 2008-04-14 12:00 921088 ----a-w- c:\windows\system32\wininet.dll
2019-01-03 18:09 . 2008-04-14 12:00 66560 ----a-w- c:\windows\system32\tdc.ocx
2019-01-03 18:09 . 2008-04-14 12:00 428544 ----a-w- c:\windows\system32\vbscript.dll
2019-01-03 18:09 . 2008-04-14 12:00 83968 ----a-w- c:\windows\system32\hlink.dll
2019-01-03 18:09 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2019-01-03 18:09 . 2008-04-14 12:00 19456 ----a-w- c:\windows\system32\corpol.dll
2019-01-03 18:09 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2019-01-03 07:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2018-12-18 14:18 . 2017-06-16 21:37 842240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-12-18 14:18 . 2017-06-16 21:37 175104 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-12-07 14:58 . 2008-04-14 12:00 352768 ----a-w- c:\windows\system32\msrd3x40.dll
2018-12-06 20:58 . 2018-07-13 07:19 177440 ----a-w- c:\windows\system32\drivers\klflt.sys
2018-12-06 20:35 . 2008-04-14 12:00 1914496 ----a-w- c:\windows\system32\win32k.sys
2018-11-14 21:31 . 2008-04-14 12:00 289280 ----a-w- c:\windows\system32\gdi32.dll
2018-11-11 01:56 . 2008-04-14 12:00 745472 ----a-w- c:\windows\system32\ntdll.dll
2018-11-11 01:56 . 2008-04-14 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2018-11-11 01:56 . 2008-04-14 12:00 404480 ----a-w- c:\windows\system32\rpcss.dll
2018-11-11 01:56 . 2008-04-14 12:00 1299456 ----a-w- c:\windows\system32\ole32.dll
2018-11-11 01:50 . 2008-04-14 12:00 563200 ----a-w- c:\windows\system32\oleaut32.dll
2018-10-31 01:15 . 2008-04-14 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2018-10-26 22:43 . 2008-05-05 05:25 7680 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-07-06 . 952322AE7F95A21F3EEDA99C36C68663 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . 952322AE7F95A21F3EEDA99C36C68663 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . 5BD75B0B2B2318D1CAFD99EECF7ED8A8 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219-v2\SP3QFE\browser.dll
.
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . AD6F8920E9BC4ADF4F2844E3ED0D47AF . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
.
[-] 2016-08-16 . 020A619D88B59CB8D98199055FEF3BFB . 579584 . . [5.1.2600.7121] . . c:\windows\system32\user32.dll
[-] 2016-08-16 . 020A619D88B59CB8D98199055FEF3BFB . 579584 . . [5.1.2600.7121] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2016-05-10 . 789EB2E023E08EBDDAC1450A51529EFC . 82944 . . [5.1.2600.7074] . . c:\windows\system32\ws2_32.dll
[-] 2016-05-10 . 789EB2E023E08EBDDAC1450A51529EFC . 82944 . . [5.1.2600.7074] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2017-08-23 . C09D5C3667F39DD83C3E85C72175F9C9 . 406528 . . [1.0420.2600.7334] . . c:\windows\system32\usp10.dll
[-] 2017-08-23 . C09D5C3667F39DD83C3E85C72175F9C9 . 406528 . . [1.0420.2600.7334] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 988DD1BCDD050B56F28DFCD16BF26C1B . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
.
[-] 2015-06-01 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
.
[-] 2010-09-18 07:18 . C27D0CD76C1982F36387F2E4F67E64A9 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[7] 2018-09-12 . 9458EC50415F688E9B8CC8C9272F15BB . 2070656 . . [5.1.2600.7581] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2018-09-12 . 9458EC50415F688E9B8CC8C9272F15BB . 2070656 . . [5.1.2600.7581] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2017-12-05 . 3D5CD0ED4D00D7DDA24CDC0B68564886 . 2029056 . . [5.1.2600.7392] . . c:\windows\system32\ntkrnlpa.exe
[-] 2012-04-11 . 16DFD7BE5DCF3A203ED07E01200BD6B4 . 2071168 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . D27A5053A37FB85E8525F998CDC4DE19 . 2071424 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
.
[-] 2016-10-07 22:57 . 09DF57649B33084AAF26EB83B5D64085 . 86016 . . [5.1.2600.7149] . . c:\windows\system32\olepro32.dll
[-] 2016-10-07 22:57 . 09DF57649B33084AAF26EB83B5D64085 . 86016 . . [5.1.2600.7149] . . c:\windows\system32\dllcache\olepro32.dll
.
[7] 2018-09-12 . 55372649BEEA47D3EAE6A87A81068453 . 2194176 . . [5.1.2600.7581] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2018-09-12 . 55372649BEEA47D3EAE6A87A81068453 . 2194176 . . [5.1.2600.7581] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2017-12-05 . 69BFD5F858091877784315447D30B0DA . 2150400 . . [5.1.2600.7392] . . c:\windows\system32\ntoskrnl.exe
[-] 2012-04-11 . 87699B2568FF945306864A0FE9E96915 . 2194688 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 360612511AA332B8D3AB295ACA0192CD . 2194816 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}]
2018-12-06 20:58 1179344 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\ieext\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C500C267-63BF-451F-8797-4D720C9A2ED9}"= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll" [2018-12-06 1179344]
.
[HKEY_CLASSES_ROOT\clsid\{c500c267-63bf-451f-8797-4d720c9a2ed9}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C500C267-63BF-451F-8797-4D720C9A2ED9}"= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll" [2018-12-06 1179344]
.
[HKEY_CLASSES_ROOT\clsid\{c500c267-63bf-451f-8797-4d720c9a2ed9}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro38Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro38CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swprv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteAccess"=3 (0x3)
"RasMan"=2 (0x2)
"RasAuto"=2 (0x2)
"WiseBootAssistant"=2 (0x2)
"Spooler"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"helpsvc"=3 (0x3)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"KSDE3.0.0"=3 (0x3)
"Backupper Service"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe"
"NvCplDaemon"="RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [20/09/2018 13:28 46896]
R0 cm_km;AO Kaspersky Lab Cryptographic Module x86 (56 bit);c:\windows\system32\drivers\cm_km.sys [27/01/2018 10:10 178368]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [27/12/2017 09:10 63688]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [06/01/2015 10:17 23840]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [02/02/2018 02:42 102704]
R1 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [25/04/2018 20:41 76880]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [13/07/2018 08:19 313952]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [30/05/2017 17:51 45520]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [21/11/2017 05:19 86240]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [07/11/2017 22:56 75488]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [24/02/2018 04:17 168640]
R1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\drivers\uim_devim.sys [09/07/2014 12:04 20616]
R1 ZAM;ZAM Helper Driver;c:\windows\system32\drivers\zam32.sys [31/12/2018 22:07 181496]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\system32\drivers\zamguard32.sys [31/12/2018 22:07 181496]
R2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys [20/09/2018 13:28 150192]
R2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [20/09/2018 13:28 34864]
R2 AVP19.0.0;Kaspersky Anti-Virus Service 19.0.0;c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [28/02/2018 22:37 619640]
R2 WiseFs;WiseFS;c:\windows\WiseFs32.sys [01/03/2016 09:48 11184]
R2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [31/12/2018 22:07 15775888]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [03/07/2007 18:06 37376]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [13/07/2018 08:19 177440]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [02/06/2017 19:58 54744]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [15/01/2018 04:16 50888]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/12/2017 10:50 76336]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [07/10/2013 14:58 283600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [07/10/2014 10:39 1691480]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\drivers\kltap.sys [22/06/2016 11:50 42336]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [12/02/2016 16:14 18944]
S3 ute3mjk3;AVZ Kernel Driver;c:\windows\system32\drivers\ute3mjk3.sys [07/07/2018 09:09 7168]
S4 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files\AOMEI Backupper\ABService.exe [20/09/2018 13:28 384880]
S4 KSDE3.0.0;Kaspersky Secure Connection Service 3.0.0;c:\program files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [28/02/2018 22:37 617016]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
mstart page = about:blank
uSearchAssistant = about:blank
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{20D35303-78E7-4D02-9141-964E63161CAE}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\c8h1oczz.default-1545737687390\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
SafeBoot-58445165.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-AppXSvc
SafeBoot-camsvc
SafeBoot-ClipSvc
SafeBoot-dps
SafeBoot-lfsvc
SafeBoot-MBAMService
SafeBoot-semgrsvc
SafeBoot-TokenBroker
SafeBoot-WSService
AddRemove-GSplit3Set - e:\program files\Découpe de fichiers à envoyer\GSplit\Uninst.exe
AddRemove-Miray.HDClone.fe.6.0.7.1036-{A297B5AB-6A4C-4359-97EB-0583ABE6FCFF} - e:\program files\HDClone 6 Free Edition\uninstall.exe
AddRemove-RealAlt_is1 - e:\program files\Real Alternative\unins000.exe
AddRemove-Simple Sudoku_is1 - e:\program files\Simple Sudoku\unins000.exe
AddRemove-Speccy - e:\program files\Speccy\uninst.exe
AddRemove-SpeedFan - e:\program files\SpeedFan\uninstall.exe
AddRemove-SumatraPDF - e:\program files\SumatraPDF\uninstall.exe
AddRemove-WinHTTrack Website Copier_is1 - e:\program files\WinHTTrack\unins000.exe
AddRemove-{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1 - e:\program files\ConvertHelper3\unins000.exe
AddRemove-{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1 - e:\program files\VS Revo Group\Revo Uninstaller\unins000.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Heure de fin: 2019-01-10 19:46:11
ComboFix-quarantined-files.txt 2019-01-10 18:46
.
Avant-CF: 89 760 313 344 octets libres
Après-CF: 89 619 238 912 octets libres
.
- - End Of File - - ED75B3A1F77C3C5331347D5792FAB42D
C99C3199CFAA4CBDCD91493F6D113A50
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2678 [GMT 1:00]
Lancé depuis: c:\documents and settings\Robert\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Robert\SendTo\Unlocker.exe
C:\Documents
C:\Thumbs.db
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2018-12-10 au 2019-01-10 ))))))))))))))))))))))))))))))))))))
.
.
2019-01-08 20:25 . 2019-01-08 20:27 -------- d-----w- C:\FRST
2019-01-08 13:23 . 2019-01-10 17:17 -------- d-----w- c:\documents and settings\Robert\Application Data\ZHP
2019-01-08 13:23 . 2019-01-08 13:23 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\ZHP
2019-01-08 13:20 . 2019-01-09 14:08 -------- d-----w- C:\AdwCleaner
2019-01-08 10:44 . 2019-01-08 10:44 -------- d-----w- c:\documents and settings\Robert\Application Data\FastStone
2018-12-31 21:07 . 2018-12-31 21:07 181496 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2018-12-31 21:07 . 2018-12-31 21:07 181496 ----a-w- c:\windows\system32\drivers\zam32.sys
2018-12-31 21:07 . 2018-12-31 21:07 -------- d-----w- c:\program files\Zemana AntiMalware
2018-12-31 20:21 . 2018-12-31 20:21 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Zemana
2018-12-31 20:20 . 2018-12-31 20:20 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\Zemana
2018-12-23 13:17 . 2018-12-27 20:13 12872 ----a-w- c:\windows\system32\bootdelete.exe
2018-12-23 09:37 . 2018-12-23 09:37 -------- d-----w- c:\program files\HitmanPro
2018-12-23 09:35 . 2018-12-29 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2018-12-20 21:30 . 2018-12-20 21:30 -------- d-----w- c:\documents and settings\Robert\Application Data\PhotoFiltre 7
2018-12-16 20:40 . 2018-12-16 20:41 -------- dc-h--w- c:\windows\ie8
2018-12-16 20:04 . 2018-12-16 20:04 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\FastStone
2018-12-16 18:21 . 2018-12-16 18:21 -------- d-----w- c:\program files\Mozilla Maintenance Service
2018-12-16 18:21 . 2018-06-21 19:45 875384 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2018-12-16 18:21 . 2018-06-21 15:21 66000 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2018-12-16 18:21 . 2018-06-21 15:19 517072 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-01-08 09:56 . 2018-07-12 09:12 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2019-01-03 18:09 . 2014-10-07 08:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2019-01-03 18:09 . 2008-04-14 12:00 921088 ----a-w- c:\windows\system32\wininet.dll
2019-01-03 18:09 . 2008-04-14 12:00 66560 ----a-w- c:\windows\system32\tdc.ocx
2019-01-03 18:09 . 2008-04-14 12:00 428544 ----a-w- c:\windows\system32\vbscript.dll
2019-01-03 18:09 . 2008-04-14 12:00 83968 ----a-w- c:\windows\system32\hlink.dll
2019-01-03 18:09 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2019-01-03 18:09 . 2008-04-14 12:00 19456 ----a-w- c:\windows\system32\corpol.dll
2019-01-03 18:09 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2019-01-03 07:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2018-12-18 14:18 . 2017-06-16 21:37 842240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-12-18 14:18 . 2017-06-16 21:37 175104 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2018-12-07 14:58 . 2008-04-14 12:00 352768 ----a-w- c:\windows\system32\msrd3x40.dll
2018-12-06 20:58 . 2018-07-13 07:19 177440 ----a-w- c:\windows\system32\drivers\klflt.sys
2018-12-06 20:35 . 2008-04-14 12:00 1914496 ----a-w- c:\windows\system32\win32k.sys
2018-11-14 21:31 . 2008-04-14 12:00 289280 ----a-w- c:\windows\system32\gdi32.dll
2018-11-11 01:56 . 2008-04-14 12:00 745472 ----a-w- c:\windows\system32\ntdll.dll
2018-11-11 01:56 . 2008-04-14 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2018-11-11 01:56 . 2008-04-14 12:00 404480 ----a-w- c:\windows\system32\rpcss.dll
2018-11-11 01:56 . 2008-04-14 12:00 1299456 ----a-w- c:\windows\system32\ole32.dll
2018-11-11 01:50 . 2008-04-14 12:00 563200 ----a-w- c:\windows\system32\oleaut32.dll
2018-10-31 01:15 . 2008-04-14 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2018-10-26 22:43 . 2008-05-05 05:25 7680 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-07-06 . 952322AE7F95A21F3EEDA99C36C68663 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[-] 2012-07-06 . 952322AE7F95A21F3EEDA99C36C68663 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . 5BD75B0B2B2318D1CAFD99EECF7ED8A8 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219-v2\SP3QFE\browser.dll
.
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . AD6F8920E9BC4ADF4F2844E3ED0D47AF . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
.
[-] 2016-08-16 . 020A619D88B59CB8D98199055FEF3BFB . 579584 . . [5.1.2600.7121] . . c:\windows\system32\user32.dll
[-] 2016-08-16 . 020A619D88B59CB8D98199055FEF3BFB . 579584 . . [5.1.2600.7121] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2016-05-10 . 789EB2E023E08EBDDAC1450A51529EFC . 82944 . . [5.1.2600.7074] . . c:\windows\system32\ws2_32.dll
[-] 2016-05-10 . 789EB2E023E08EBDDAC1450A51529EFC . 82944 . . [5.1.2600.7074] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2017-08-23 . C09D5C3667F39DD83C3E85C72175F9C9 . 406528 . . [1.0420.2600.7334] . . c:\windows\system32\usp10.dll
[-] 2017-08-23 . C09D5C3667F39DD83C3E85C72175F9C9 . 406528 . . [1.0420.2600.7334] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 988DD1BCDD050B56F28DFCD16BF26C1B . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
.
[-] 2015-06-01 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
.
[-] 2010-09-18 07:18 . C27D0CD76C1982F36387F2E4F67E64A9 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[7] 2018-09-12 . 9458EC50415F688E9B8CC8C9272F15BB . 2070656 . . [5.1.2600.7581] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2018-09-12 . 9458EC50415F688E9B8CC8C9272F15BB . 2070656 . . [5.1.2600.7581] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2017-12-05 . 3D5CD0ED4D00D7DDA24CDC0B68564886 . 2029056 . . [5.1.2600.7392] . . c:\windows\system32\ntkrnlpa.exe
[-] 2012-04-11 . 16DFD7BE5DCF3A203ED07E01200BD6B4 . 2071168 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . D27A5053A37FB85E8525F998CDC4DE19 . 2071424 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
.
[-] 2016-10-07 22:57 . 09DF57649B33084AAF26EB83B5D64085 . 86016 . . [5.1.2600.7149] . . c:\windows\system32\olepro32.dll
[-] 2016-10-07 22:57 . 09DF57649B33084AAF26EB83B5D64085 . 86016 . . [5.1.2600.7149] . . c:\windows\system32\dllcache\olepro32.dll
.
[7] 2018-09-12 . 55372649BEEA47D3EAE6A87A81068453 . 2194176 . . [5.1.2600.7581] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2018-09-12 . 55372649BEEA47D3EAE6A87A81068453 . 2194176 . . [5.1.2600.7581] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2017-12-05 . 69BFD5F858091877784315447D30B0DA . 2150400 . . [5.1.2600.7392] . . c:\windows\system32\ntoskrnl.exe
[-] 2012-04-11 . 87699B2568FF945306864A0FE9E96915 . 2194688 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 360612511AA332B8D3AB295ACA0192CD . 2194816 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}]
2018-12-06 20:58 1179344 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\ieext\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C500C267-63BF-451F-8797-4D720C9A2ED9}"= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll" [2018-12-06 1179344]
.
[HKEY_CLASSES_ROOT\clsid\{c500c267-63bf-451f-8797-4d720c9a2ed9}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C500C267-63BF-451F-8797-4D720C9A2ED9}"= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll" [2018-12-06 1179344]
.
[HKEY_CLASSES_ROOT\clsid\{c500c267-63bf-451f-8797-4d720c9a2ed9}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro38Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro38CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swprv]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteAccess"=3 (0x3)
"RasMan"=2 (0x2)
"RasAuto"=2 (0x2)
"WiseBootAssistant"=2 (0x2)
"Spooler"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"helpsvc"=3 (0x3)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"KSDE3.0.0"=3 (0x3)
"Backupper Service"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe"
"NvCplDaemon"="RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [20/09/2018 13:28 46896]
R0 cm_km;AO Kaspersky Lab Cryptographic Module x86 (56 bit);c:\windows\system32\drivers\cm_km.sys [27/01/2018 10:10 178368]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [27/12/2017 09:10 63688]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [06/01/2015 10:17 23840]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [02/02/2018 02:42 102704]
R1 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [25/04/2018 20:41 76880]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [13/07/2018 08:19 313952]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [30/05/2017 17:51 45520]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [21/11/2017 05:19 86240]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [07/11/2017 22:56 75488]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [24/02/2018 04:17 168640]
R1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\drivers\uim_devim.sys [09/07/2014 12:04 20616]
R1 ZAM;ZAM Helper Driver;c:\windows\system32\drivers\zam32.sys [31/12/2018 22:07 181496]
R1 ZAM_Guard;ZAM Guard Driver;c:\windows\system32\drivers\zamguard32.sys [31/12/2018 22:07 181496]
R2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys [20/09/2018 13:28 150192]
R2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [20/09/2018 13:28 34864]
R2 AVP19.0.0;Kaspersky Anti-Virus Service 19.0.0;c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [28/02/2018 22:37 619640]
R2 WiseFs;WiseFS;c:\windows\WiseFs32.sys [01/03/2016 09:48 11184]
R2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [31/12/2018 22:07 15775888]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [03/07/2007 18:06 37376]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [13/07/2018 08:19 177440]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [02/06/2017 19:58 54744]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [15/01/2018 04:16 50888]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/12/2017 10:50 76336]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [07/10/2013 14:58 283600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [07/10/2014 10:39 1691480]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\drivers\kltap.sys [22/06/2016 11:50 42336]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [12/02/2016 16:14 18944]
S3 ute3mjk3;AVZ Kernel Driver;c:\windows\system32\drivers\ute3mjk3.sys [07/07/2018 09:09 7168]
S4 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files\AOMEI Backupper\ABService.exe [20/09/2018 13:28 384880]
S4 KSDE3.0.0;Kaspersky Secure Connection Service 3.0.0;c:\program files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [28/02/2018 22:37 617016]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
mstart page = about:blank
uSearchAssistant = about:blank
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{20D35303-78E7-4D02-9141-964E63161CAE}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\c8h1oczz.default-1545737687390\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
SafeBoot-58445165.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-AppXSvc
SafeBoot-camsvc
SafeBoot-ClipSvc
SafeBoot-dps
SafeBoot-lfsvc
SafeBoot-MBAMService
SafeBoot-semgrsvc
SafeBoot-TokenBroker
SafeBoot-WSService
AddRemove-GSplit3Set - e:\program files\Découpe de fichiers à envoyer\GSplit\Uninst.exe
AddRemove-Miray.HDClone.fe.6.0.7.1036-{A297B5AB-6A4C-4359-97EB-0583ABE6FCFF} - e:\program files\HDClone 6 Free Edition\uninstall.exe
AddRemove-RealAlt_is1 - e:\program files\Real Alternative\unins000.exe
AddRemove-Simple Sudoku_is1 - e:\program files\Simple Sudoku\unins000.exe
AddRemove-Speccy - e:\program files\Speccy\uninst.exe
AddRemove-SpeedFan - e:\program files\SpeedFan\uninstall.exe
AddRemove-SumatraPDF - e:\program files\SumatraPDF\uninstall.exe
AddRemove-WinHTTrack Website Copier_is1 - e:\program files\WinHTTrack\unins000.exe
AddRemove-{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1 - e:\program files\ConvertHelper3\unins000.exe
AddRemove-{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1 - e:\program files\VS Revo Group\Revo Uninstaller\unins000.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Heure de fin: 2019-01-10 19:46:11
ComboFix-quarantined-files.txt 2019-01-10 18:46
.
Avant-CF: 89 760 313 344 octets libres
Après-CF: 89 619 238 912 octets libres
.
- - End Of File - - ED75B3A1F77C3C5331347D5792FAB42D
C99C3199CFAA4CBDCD91493F6D113A50