ComboFix 18-08-08.01 - Robert 10/01/2019 19:33:39.1.4 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3071.2678 [GMT 1:00] Lancé depuis: c:\documents and settings\Robert\Bureau\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Robert\SendTo\Unlocker.exe C:\Documents C:\Thumbs.db . . ((((((((((((((((((((((((((((( Fichiers créés du 2018-12-10 au 2019-01-10 )))))))))))))))))))))))))))))))))))) . . 2019-01-08 20:25 . 2019-01-08 20:27 -------- d-----w- C:\FRST 2019-01-08 13:23 . 2019-01-10 17:17 -------- d-----w- c:\documents and settings\Robert\Application Data\ZHP 2019-01-08 13:23 . 2019-01-08 13:23 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\ZHP 2019-01-08 13:20 . 2019-01-09 14:08 -------- d-----w- C:\AdwCleaner 2019-01-08 10:44 . 2019-01-08 10:44 -------- d-----w- c:\documents and settings\Robert\Application Data\FastStone 2018-12-31 21:07 . 2018-12-31 21:07 181496 ----a-w- c:\windows\system32\drivers\zamguard32.sys 2018-12-31 21:07 . 2018-12-31 21:07 181496 ----a-w- c:\windows\system32\drivers\zam32.sys 2018-12-31 21:07 . 2018-12-31 21:07 -------- d-----w- c:\program files\Zemana AntiMalware 2018-12-31 20:21 . 2018-12-31 20:21 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Zemana 2018-12-31 20:20 . 2018-12-31 20:20 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\Zemana 2018-12-23 13:17 . 2018-12-27 20:13 12872 ----a-w- c:\windows\system32\bootdelete.exe 2018-12-23 09:37 . 2018-12-23 09:37 -------- d-----w- c:\program files\HitmanPro 2018-12-23 09:35 . 2018-12-29 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2018-12-20 21:30 . 2018-12-20 21:30 -------- d-----w- c:\documents and settings\Robert\Application Data\PhotoFiltre 7 2018-12-16 20:40 . 2018-12-16 20:41 -------- dc-h--w- c:\windows\ie8 2018-12-16 20:04 . 2018-12-16 20:04 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\FastStone 2018-12-16 18:21 . 2018-12-16 18:21 -------- d-----w- c:\program files\Mozilla Maintenance Service 2018-12-16 18:21 . 2018-06-21 19:45 875384 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2018-12-16 18:21 . 2018-06-21 15:21 66000 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll 2018-12-16 18:21 . 2018-06-21 15:19 517072 ----a-w- c:\program files\Mozilla Firefox\firefox.exe . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2019-01-08 09:56 . 2018-07-12 09:12 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2019-01-03 18:09 . 2014-10-07 08:36 692736 ----a-w- c:\windows\system32\inetcomm.dll 2019-01-03 18:09 . 2008-04-14 12:00 921088 ----a-w- c:\windows\system32\wininet.dll 2019-01-03 18:09 . 2008-04-14 12:00 66560 ----a-w- c:\windows\system32\tdc.ocx 2019-01-03 18:09 . 2008-04-14 12:00 428544 ----a-w- c:\windows\system32\vbscript.dll 2019-01-03 18:09 . 2008-04-14 12:00 83968 ----a-w- c:\windows\system32\hlink.dll 2019-01-03 18:09 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2019-01-03 18:09 . 2008-04-14 12:00 19456 ----a-w- c:\windows\system32\corpol.dll 2019-01-03 18:09 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2019-01-03 07:41 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec 2018-12-18 14:18 . 2017-06-16 21:37 842240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2018-12-18 14:18 . 2017-06-16 21:37 175104 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2018-12-07 14:58 . 2008-04-14 12:00 352768 ----a-w- c:\windows\system32\msrd3x40.dll 2018-12-06 20:58 . 2018-07-13 07:19 177440 ----a-w- c:\windows\system32\drivers\klflt.sys 2018-12-06 20:35 . 2008-04-14 12:00 1914496 ----a-w- c:\windows\system32\win32k.sys 2018-11-14 21:31 . 2008-04-14 12:00 289280 ----a-w- c:\windows\system32\gdi32.dll 2018-11-11 01:56 . 2008-04-14 12:00 745472 ----a-w- c:\windows\system32\ntdll.dll 2018-11-11 01:56 . 2008-04-14 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2018-11-11 01:56 . 2008-04-14 12:00 404480 ----a-w- c:\windows\system32\rpcss.dll 2018-11-11 01:56 . 2008-04-14 12:00 1299456 ----a-w- c:\windows\system32\ole32.dll 2018-11-11 01:50 . 2008-04-14 12:00 563200 ----a-w- c:\windows\system32\oleaut32.dll 2018-10-31 01:15 . 2008-04-14 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll 2018-10-26 22:43 . 2008-05-05 05:25 7680 ----a-w- c:\windows\system32\xpsp4res.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-07-06 . 952322AE7F95A21F3EEDA99C36C68663 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll [-] 2012-07-06 . 952322AE7F95A21F3EEDA99C36C68663 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll [-] 2012-07-06 . 5BD75B0B2B2318D1CAFD99EECF7ED8A8 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219-v2\SP3QFE\browser.dll . [-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe . [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe . [-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2010-08-23 . AD6F8920E9BC4ADF4F2844E3ED0D47AF . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll . [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll . [-] 2016-08-16 . 020A619D88B59CB8D98199055FEF3BFB . 579584 . . [5.1.2600.7121] . . c:\windows\system32\user32.dll [-] 2016-08-16 . 020A619D88B59CB8D98199055FEF3BFB . 579584 . . [5.1.2600.7121] . . c:\windows\system32\dllcache\user32.dll . [-] 2016-05-10 . 789EB2E023E08EBDDAC1450A51529EFC . 82944 . . [5.1.2600.7074] . . c:\windows\system32\ws2_32.dll [-] 2016-05-10 . 789EB2E023E08EBDDAC1450A51529EFC . 82944 . . [5.1.2600.7074] . . c:\windows\system32\dllcache\ws2_32.dll . [-] 2017-08-23 . C09D5C3667F39DD83C3E85C72175F9C9 . 406528 . . [1.0420.2600.7334] . . c:\windows\system32\usp10.dll [-] 2017-08-23 . C09D5C3667F39DD83C3E85C72175F9C9 . 406528 . . [1.0420.2600.7334] . . c:\windows\system32\dllcache\usp10.dll . [-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll [-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll [-] 2009-07-27 . 988DD1BCDD050B56F28DFCD16BF26C1B . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll . [-] 2015-06-01 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll . [-] 2010-09-18 07:18 . C27D0CD76C1982F36387F2E4F67E64A9 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll [-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll [-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll . [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll . [7] 2018-09-12 . 9458EC50415F688E9B8CC8C9272F15BB . 2070656 . . [5.1.2600.7581] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [7] 2018-09-12 . 9458EC50415F688E9B8CC8C9272F15BB . 2070656 . . [5.1.2600.7581] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2017-12-05 . 3D5CD0ED4D00D7DDA24CDC0B68564886 . 2029056 . . [5.1.2600.7392] . . c:\windows\system32\ntkrnlpa.exe [-] 2012-04-11 . 16DFD7BE5DCF3A203ED07E01200BD6B4 . 2071168 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe [-] 2010-12-09 . D27A5053A37FB85E8525F998CDC4DE19 . 2071424 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe [-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe . [-] 2016-10-07 22:57 . 09DF57649B33084AAF26EB83B5D64085 . 86016 . . [5.1.2600.7149] . . c:\windows\system32\olepro32.dll [-] 2016-10-07 22:57 . 09DF57649B33084AAF26EB83B5D64085 . 86016 . . [5.1.2600.7149] . . c:\windows\system32\dllcache\olepro32.dll . [7] 2018-09-12 . 55372649BEEA47D3EAE6A87A81068453 . 2194176 . . [5.1.2600.7581] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [7] 2018-09-12 . 55372649BEEA47D3EAE6A87A81068453 . 2194176 . . [5.1.2600.7581] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2017-12-05 . 69BFD5F858091877784315447D30B0DA . 2150400 . . [5.1.2600.7392] . . c:\windows\system32\ntoskrnl.exe [-] 2012-04-11 . 87699B2568FF945306864A0FE9E96915 . 2194688 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe [-] 2010-12-09 . 360612511AA332B8D3AB295ACA0192CD . 2194816 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe [-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] 2018-12-06 20:58 1179344 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\ieext\ie_plugin.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{C500C267-63BF-451F-8797-4D720C9A2ED9}"= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll" [2018-12-06 1179344] . [HKEY_CLASSES_ROOT\clsid\{c500c267-63bf-451f-8797-4d720c9a2ed9}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{C500C267-63BF-451F-8797-4D720C9A2ED9}"= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll" [2018-12-06 1179344] . [HKEY_CLASSES_ROOT\clsid\{c500c267-63bf-451f-8797-4d720c9a2ed9}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleNetIDList"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro38Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro38CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swprv] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RemoteAccess"=3 (0x3) "RasMan"=2 (0x2) "RasAuto"=2 (0x2) "WiseBootAssistant"=2 (0x2) "Spooler"=2 (0x2) "iPod Service"=3 (0x3) "Apple Mobile Device"=2 (0x2) "helpsvc"=3 (0x3) "MBAMService"=2 (0x2) "MBAMScheduler"=2 (0x2) "KSDE3.0.0"=3 (0x3) "Backupper Service"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" "NvCplDaemon"="RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= . R0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [20/09/2018 13:28 46896] R0 cm_km;AO Kaspersky Lab Cryptographic Module x86 (56 bit);c:\windows\system32\drivers\cm_km.sys [27/01/2018 10:10 178368] R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\drivers\klbackupdisk.sys [27/12/2017 09:10 63688] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [06/01/2015 10:17 23840] R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\drivers\klbackupflt.sys [02/02/2018 02:42 102704] R1 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [25/04/2018 20:41 76880] R1 klhk;Kaspersky Lab service driver;c:\windows\system32\drivers\klhk.sys [13/07/2018 08:19 313952] R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\drivers\klpd.sys [30/05/2017 17:51 45520] R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [21/11/2017 05:19 86240] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [07/11/2017 22:56 75488] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [24/02/2018 04:17 168640] R1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\drivers\uim_devim.sys [09/07/2014 12:04 20616] R1 ZAM;ZAM Helper Driver;c:\windows\system32\drivers\zam32.sys [31/12/2018 22:07 181496] R1 ZAM_Guard;ZAM Guard Driver;c:\windows\system32\drivers\zamguard32.sys [31/12/2018 22:07 181496] R2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys [20/09/2018 13:28 150192] R2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [20/09/2018 13:28 34864] R2 AVP19.0.0;Kaspersky Anti-Virus Service 19.0.0;c:\program files\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe [28/02/2018 22:37 619640] R2 WiseFs;WiseFS;c:\windows\WiseFs32.sys [01/03/2016 09:48 11184] R2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [31/12/2018 22:07 15775888] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [03/07/2007 18:06 37376] R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [13/07/2018 08:19 177440] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [02/06/2017 19:58 54744] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [15/01/2018 04:16 50888] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/12/2017 10:50 76336] S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [07/10/2013 14:58 283600] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [07/10/2014 10:39 1691480] S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\drivers\kltap.sys [22/06/2016 11:50 42336] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [12/02/2016 16:14 18944] S3 ute3mjk3;AVZ Kernel Driver;c:\windows\system32\drivers\ute3mjk3.sys [07/07/2018 09:09 7168] S4 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files\AOMEI Backupper\ABService.exe [20/09/2018 13:28 384880] S4 KSDE3.0.0;Kaspersky Secure Connection Service 3.0.0;c:\program files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [28/02/2018 22:37 617016] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr/ mstart page = about:blank uSearchAssistant = about:blank TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{20D35303-78E7-4D02-9141-964E63161CAE}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\c8h1oczz.default-1545737687390\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - prefs.js: network.proxy.type - 0 . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) SafeBoot-58445165.sys SafeBoot-WudfPf SafeBoot-WudfRd SafeBoot-AppXSvc SafeBoot-camsvc SafeBoot-ClipSvc SafeBoot-dps SafeBoot-lfsvc SafeBoot-MBAMService SafeBoot-semgrsvc SafeBoot-TokenBroker SafeBoot-WSService AddRemove-GSplit3Set - e:\program files\Découpe de fichiers à envoyer\GSplit\Uninst.exe AddRemove-Miray.HDClone.fe.6.0.7.1036-{A297B5AB-6A4C-4359-97EB-0583ABE6FCFF} - e:\program files\HDClone 6 Free Edition\uninstall.exe AddRemove-RealAlt_is1 - e:\program files\Real Alternative\unins000.exe AddRemove-Simple Sudoku_is1 - e:\program files\Simple Sudoku\unins000.exe AddRemove-Speccy - e:\program files\Speccy\uninst.exe AddRemove-SpeedFan - e:\program files\SpeedFan\uninstall.exe AddRemove-SumatraPDF - e:\program files\SumatraPDF\uninstall.exe AddRemove-WinHTTrack Website Copier_is1 - e:\program files\WinHTTrack\unins000.exe AddRemove-{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1 - e:\program files\ConvertHelper3\unins000.exe AddRemove-{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1 - e:\program files\VS Revo Group\Revo Uninstaller\unins000.exe . . . ************************************************************************** . disk not found C:\ . please note that you need administrator rights to perform deep scan Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Heure de fin: 2019-01-10 19:46:11 ComboFix-quarantined-files.txt 2019-01-10 18:46 . Avant-CF: 89 760 313 344 octets libres Après-CF: 89 619 238 912 octets libres . - - End Of File - - ED75B3A1F77C3C5331347D5792FAB42D C99C3199CFAA4CBDCD91493F6D113A50