ComboFix 16-12-02.01 - MICHEL 04/12/2016 9:01.1.2 - x86 Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2038.742 [GMT 0:00] Lancé depuis: c:\users\MICHEL\Desktop\Kha.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\62482812bca8fdca.sys . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_AdobeUpdateService -------\Service_syshost32 -------\Legacy_62482812bca8fdca -------\Service_62482812bca8fdca . . ((((((((((((((((((((((((((((( Fichiers créés du 2016-11-04 au 2016-12-04 )))))))))))))))))))))))))))))))))))) . . 2016-12-04 09:11 . 2016-12-04 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-12-03 17:42 . 2016-12-03 17:43 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2016-12-03 14:35 . 2016-12-03 14:35 91232 -c--a-w- c:\windows\system32\drivers\aswRdr2.sys 2016-12-03 14:35 . 2016-12-03 14:35 60424 -c--a-w- c:\windows\system32\drivers\aswRvrt.sys 2016-12-03 14:35 . 2016-12-03 14:35 434144 -c--a-w- c:\windows\system32\drivers\aswSP.sys 2016-12-03 14:35 . 2016-12-03 14:35 34008 -c--a-w- c:\windows\system32\drivers\aswHwid.sys 2016-12-03 14:35 . 2016-12-03 14:35 224616 -c--a-w- c:\windows\system32\drivers\aswVmm.sys 2016-12-03 14:35 . 2016-12-03 14:35 118664 -c--a-w- c:\windows\system32\drivers\aswStm.sys 2016-12-03 14:34 . 2016-12-03 14:34 735352 -c--a-w- c:\windows\system32\drivers\aswSnx.sys 2016-12-03 14:34 . 2016-12-03 14:34 35096 -c--a-w- c:\windows\system32\drivers\aswKbd.sys 2016-11-18 11:00 . 2016-11-18 11:00 -------- d-----w- c:\users\MICHEL\AppData\Roaming\TuneUp Software 2016-11-18 10:58 . 2016-11-18 11:01 -------- d-----w- c:\programdata\TuneUp Software 2016-11-18 10:57 . 2016-11-18 10:57 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2016-11-09 17:16 . 2016-11-09 17:16 -------- d-----w- c:\users\MICHEL\AppData\Local\intuit 2016-11-09 16:41 . 2016-11-09 16:41 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0 2016-11-09 16:40 . 2016-11-09 16:43 -------- d-----w- c:\programdata\Intuit 2016-11-09 16:40 . 2016-11-09 16:42 -------- d-----w- c:\program files\Common Files\Intuit 2016-11-09 16:40 . 2016-11-09 16:40 -------- d-----w- c:\program files\Intuit 2016-11-09 16:38 . 2016-11-09 16:38 -------- d-----w- c:\programdata\COMMON FILES 2016-11-09 16:37 . 2016-11-28 07:06 -------- d-----w- c:\users\MICHEL\AppData\Local\ApplicationHistory 2016-11-09 16:34 . 2016-11-09 16:34 -------- d-----w- c:\windows\system32\URTTEMP . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2016-11-23 11:34 . 2016-02-12 18:13 807000 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2016-11-23 11:34 . 2016-02-12 18:13 144984 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2016-10-22 23:16 . 2016-02-12 18:32 151552 ----a-w- c:\windows\KMSEmulator.exe 2016-09-22 16:53 . 2016-09-22 16:53 921280 ----a-w- c:\windows\ucrtbase.dll 2016-09-16 05:14 . 2016-09-16 05:14 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F509AABC-6ACF-47E8-8E96-194CD4E6A778}\offreg.2240.dll 2016-09-10 07:31 . 2016-09-10 07:31 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F509AABC-6ACF-47E8-8E96-194CD4E6A778}\offreg.2108.dll 2015-10-21 16:34 . 2016-11-03 09:19 1951512 ----a-w- c:\program files\sfhelper.exe 2008-04-14 11:44 . 2016-11-03 09:35 155536 ----a-w- c:\program files\sfdrvrem.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "MediaDICO4Ut"="c:\program files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe" [2004-03-03 252416] "uTorrent"="c:\users\MICHEL\AppData\Roaming\uTorrent\uTorrent.exe" [2016-11-27 2145984] "{892F8A97-8944-433D-8A0B-4A259C242BF7}"="c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe" [2009-07-14 452608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2016-05-05 508128] "AdobeCEPServiceManager"="c:\program files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2016-11-09 29744] . c:\users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Lanceur.lnk - c:\program files\Micro Application\LauncherMA.exe [2009-2-10 485376] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Application de mise à jour de QuickBooks.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-10 967960] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-11-14 22:41 1364072 ----a-w- c:\program files\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe . Contenu du dossier 'Tâches planifiées' . 2016-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12 11:34] . 2016-10-22 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2016-02-12 18:33] . 2016-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2016-02-12 18:13] . 2016-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2016-02-12 18:13] . . ------- Examen supplémentaire ------- . uStart Page = mStart Page = IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Trusted Zone: dell.com TCP: DhcpNameServer = 10.128.128.128 FF - ProfilePath - c:\users\MICHEL\AppData\Roaming\Mozilla\Firefox\Profiles\ankbczyc.default\ FF - prefs.js: keyword.URL - true . - - - - ORPHELINS SUPPRIMES - - - - . ShellIconOverlayIdentifiers-{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ShellIconOverlayIdentifiers-{853B7E05-C47D-4985-909A-D0DC5C6D7303} - c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ShellIconOverlayIdentifiers-{42D38F2E-98E9-4382-B546-E24E4D6D04BB} - c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) HKCU-Run-qBittorrent - c:\users\MICHEL\Downloads\qBittorrentPortable\App\qBittorrent\qbittorrent.exe HKLM-Run-Adobe Creative Cloud - c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe HKLM-Run-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-192749338-1734932977-1034651298-1000_Classes\CLSID\{2a02e090-6939-4073-bc25-34ec5937691f}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000be "Therad"=dword:0000002f "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,61,a9,31,47,dd,68,9a,4f,12,d7,d0,42,4b,45,40,b8,dc,c6,54,7b,60,1f,\ . [HKEY_USERS\S-1-5-21-192749338-1734932977-1034651298-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):a9,06,b5,62,20,3c,97,27,a7,6c,1b,db,45,ce,71,fd,80,1f,b2,15,7d, 87,d1,3d,4a,9d,e1,b1,44,91,ca,e4,de,0d,66,cd,22,73,3e,ef,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Adobe\AdobeGCClient\AGSService.exe c:\windows\system32\msiexec.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Heure de fin: 2016-12-04 09:17:11 - La machine a redémarré ComboFix-quarantined-files.txt 2016-12-04 09:17 . Avant-CF: 7 465 013 248 octets libres Après-CF: 19 475 644 416 octets libres . - - End Of File - - 2F9309BB59F82073E14A43588CD72F58 A36C5E4F47E84449FF07ED3517B43A31