ComboFix 17-08-04.01 - guillaume 21/08/2017 18:30:43.1.8 - x64 Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.12279.8795 [GMT 2:00] Lancé depuis: c:\users\guillaume\Desktop\ComboFix.exe AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B} SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1343117210.bdinstall.bin c:\programdata\1460464489.bdinstall.bin c:\programdata\ntuser.pol c:\users\guillaume\046.JPG c:\users\guillaume\048.JPG c:\users\guillaume\049.JPG c:\users\guillaume\061.JPG . . ((((((((((((((((((((((((((((( Fichiers créés du 2017-07-21 au 2017-08-21 )))))))))))))))))))))))))))))))))))) . . 2017-08-21 16:27 . 2017-08-21 16:27 84256 ----a-w- c:\windows\system32\drivers\mwac.sys 2017-08-21 15:44 . 2017-08-21 15:44 -------- d-----w- c:\programdata\AVAST Software 2017-08-21 14:26 . 2017-08-21 14:26 -------- d-----w- c:\users\guillaume\AppData\Roaming\TeamViewer 2017-08-21 14:26 . 2017-08-21 14:46 -------- d-----w- c:\program files (x86)\TeamViewer 2017-08-17 15:09 . 2017-08-17 15:12 188352 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys 2017-08-17 15:09 . 2017-08-21 16:24 101784 ----a-w- c:\windows\system32\drivers\farflt.sys 2017-08-17 15:09 . 2017-08-21 16:24 45472 ----a-w- c:\windows\system32\drivers\mbam.sys 2017-08-17 15:04 . 2017-08-17 15:12 77376 ----a-w- c:\windows\system32\drivers\mbae64.sys 2017-08-17 15:03 . 2017-08-17 15:03 -------- d-----w- c:\program files\Malwarebytes 2017-08-17 14:21 . 2016-11-14 13:11 244032 ----a-r- c:\windows\system32\drivers\acsock64.sys 2017-08-17 14:20 . 2017-08-17 14:20 -------- d-----w- c:\users\test 2017-08-15 07:10 . 2017-08-15 07:10 -------- d-----w- c:\program files (x86)\Common Files\Skype . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2017-08-21 16:24 . 2016-06-25 15:29 253856 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2017-08-21 14:21 . 2017-04-05 10:03 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2017-08-20 13:03 . 2012-03-31 16:02 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-08-20 13:03 . 2011-08-31 16:12 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2017-08-09 17:05 . 2011-09-04 07:30 140394280 -c--a-w- c:\windows\system32\MRT.exe 2017-07-07 15:10 . 2017-08-09 07:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2017-06-02 08:10 . 2017-06-14 12:58 733696 ----a-w- c:\windows\HelpPane.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-11-15 9105112] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2017-07-28 27815896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-05-20 595992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DDVCollectorSvcApi;Dell Data Vault Service API;c:\program files\Dell\DellDataVault\DDVCollectorSvcApi.exe;c:\program files\Dell\DellDataVault\DDVCollectorSvcApi.exe [x] R2 DDVDataCollector;Dell Data Vault Collector;c:\program files\Dell\DellDataVault\DDVDataCollector.exe;c:\program files\Dell\DellDataVault\DDVDataCollector.exe [x] R2 DDVRulesProcessor;Dell Data Vault Processor;c:\program files\Dell\DellDataVault\DDVRulesProcessor.exe;c:\program files\Dell\DellDataVault\DDVRulesProcessor.exe [x] R2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x] R3 PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0;PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\alienware\supportassist\pcdsrvc_x64.pkms;c:\program files\alienware\supportassist\pcdsrvc_x64.pkms [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WacHidRouterPro;Wacom Hid Router Pro;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x] S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys;c:\windows\SYSNATIVE\drivers\AWOPFilterDriver.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x] S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x] S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x] S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-06-29 3631104] "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-04-07 61256] "Thermal Controller"="c:\program files\Alienware\Command Center\ThermalController.exe" [2010-04-07 167736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704] . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://www.google.com/ie IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: dell.com TCP: DhcpNameServer = 212.27.40.240 212.27.40.241 FF - ProfilePath - c:\users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\facshbok.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q= FF - prefs.js: network.proxy.type - 0 . . ------- Associations de fichier ------- . inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1 txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1 . - - - - ORPHELINS SUPPRIMES - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{90AB3B40-A9A6E5C8-06020200}_0] "ImagePath"="\??\c:\program files\alienware\supportassist\pcdsrvc_x64.pkms" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\2* *-* *ÎN^\nm¨R] "Category"="" "ClassIDA"=dword:64c959cf "ClassIDB"=dword:47df4501 "SubClassIDA"=dword:ffffffff "SubClassIDB"=dword:ffffffff "ClassName"="????" "IsPublic"=dword:00000001 "HasClassParams"=dword:00000000 "IsManipulator"=dword:00000000 "NeedsToSave"=dword:00000000 "InitialRollupPageState"=dword:7fffffff "OKToCreate"=dword:00000001 "SuperClassID"=dword:00009003 "InternalName"="SlaveFloat" . [HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\3* *-* *ÎN^\MOn] "Category"="" "ClassIDA"=dword:64c959cf "ClassIDB"=dword:47df4512 "SubClassIDA"=dword:ffffffff "SubClassIDB"=dword:ffffffff "ClassName"="????" "IsPublic"=dword:00000001 "HasClassParams"=dword:00000000 "IsManipulator"=dword:00000000 "NeedsToSave"=dword:00000000 "InitialRollupPageState"=dword:7fffffff "OKToCreate"=dword:00000001 "SuperClassID"=dword:0000900b "InternalName"="SlavePos" . [HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\5* *-* *ÎN^\Ëel] "Category"="" "ClassIDA"=dword:64c959cf "ClassIDB"=dword:47df4523 "SubClassIDA"=dword:ffffffff "SubClassIDB"=dword:ffffffff "ClassName"="????" "IsPublic"=dword:00000001 "HasClassParams"=dword:00000000 "IsManipulator"=dword:00000000 "NeedsToSave"=dword:00000000 "InitialRollupPageState"=dword:7fffffff "OKToCreate"=dword:00000001 "SuperClassID"=dword:0000900c "InternalName"="SlaveRotation" . [HKEY_USERS\S-1-5-21-146170593-3183920585-715607474-1000\Software\Autodesk\3dsMax\15.0\Plug-ins_CHS\block.dlc (tsL: 235711232) (tsH: 30211158)\Classes\6* *-* *ÎN^\Ôk‹O] "Category"="" "ClassIDA"=dword:64c959cf "ClassIDB"=dword:47df4534 "SubClassIDA"=dword:ffffffff "SubClassIDB"=dword:ffffffff "ClassName"="????" "IsPublic"=dword:00000001 "HasClassParams"=dword:00000000 "IsManipulator"=dword:00000000 "NeedsToSave"=dword:00000000 "InitialRollupPageState"=dword:7fffffff "OKToCreate"=dword:00000001 "SuperClassID"=dword:0000900d "InternalName"="SlaveScale" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_151_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_151_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:59,d2,24,3b,13,7b,09,89,cb,90,33,1f,ba,d8,61,87,14,8d,aa,e4,a6, b9,e2,c2,f5,cf,ad,b3,30,30,42,74,1d,9f,da,fe,45,20,c9,45,6c,88,49,44,e6,2f,\ . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_151_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:f1,45,15,31,40,79,aa,7b,fb,09,1a,90,1a,73,50,17,d6,b6,81,8e,41, f1,4f,45,7a,2b,24,37,92,71,36,f7,a0,91,4f,f8,41,f0,8e,7b,1d,da,b4,26,09,0d,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.26" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_151.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:59,d2,24,3b,13,7b,09,89,cb,90,33,1f,ba,d8,61,87,14,8d,aa,e4,a6, b9,e2,c2,f5,cf,ad,b3,30,30,42,74,1d,9f,da,fe,45,20,c9,45,6c,88,49,44,e6,2f,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:f1,45,15,31,40,79,aa,7b,fb,09,1a,90,1a,73,50,17,d6,b6,81,8e,41, f1,4f,45,7a,2b,24,37,92,71,36,f7,a0,91,4f,f8,41,f0,8e,7b,1d,da,b4,26,09,0d,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Tablet\Wacom\WacomHost.exe c:\program files (x86)\TeamViewer\TeamViewer_Service.exe c:\program files\Alienware\Command Center\AlienFXHook32Mngr.exe . ************************************************************************** . Heure de fin: 2017-08-21 18:37:24 - La machine a redémarré ComboFix-quarantined-files.txt 2017-08-21 16:37 . Avant-CF: 91 420 991 488 octets libres Après-CF: 90 818 187 264 octets libres . - - End Of File - - 7A353763067F0E5F46BEE3B9C275D71D A36C5E4F47E84449FF07ED3517B43A31