Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-03-21.01 - FOUAD 22/03/2017 12:37:24.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.3547.2607 [GMT 1:00]
Lancé depuis: c:\users\FOUAD\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-02-22 au 2017-03-22 ))))))))))))))))))))))))))))))))))))
.
.
2017-03-22 11:42 . 2017-03-22 11:44 -------- d-----w- c:\users\FOUAD\AppData\Local\temp
2017-03-20 22:41 . 2017-03-20 22:41 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2017-03-20 20:25 . 2017-03-20 20:26 -------- d-----w- c:\program files\Reshade 3.0
2017-03-17 00:24 . 2016-10-09 07:25 29648 ----a-w- c:\windows\system32\RegBootDefrag.exe
2017-03-15 14:25 . 2017-03-15 14:25 -------- d-----w- c:\users\FOUAD\AppData\Local\uts
2017-03-14 23:12 . 2017-03-18 16:38 527816 ----a-w- c:\program files\Mozilla Firefox\minidump-analyzer.exe
2017-03-11 14:06 . 2017-03-12 14:11 -------- d-----w- c:\program files\Your Uninstaller! 7
2017-03-07 11:44 . 2017-03-07 11:44 -------- d-----w- c:\users\FOUAD\AppData\Local\Wondershare
2017-03-07 11:44 . 2017-03-07 11:44 -------- d-----w- c:\program files\Common Files\Wondershare
2017-03-07 11:44 . 2017-03-07 11:44 -------- d-----w- c:\users\FOUAD\AppData\Roaming\Wondershare
2017-03-07 11:44 . 2017-03-07 11:48 -------- d-----w- c:\users\FOUAD\.android
2017-03-07 11:44 . 2017-03-17 05:07 -------- d-----w- c:\program files\Wondershare
2017-03-03 16:25 . 2017-03-20 16:43 -------- d-----w- c:\users\FOUAD\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-22 11:30 . 2016-05-26 10:26 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-24 11:26 . 2016-08-31 21:05 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-04 10:33 . 2016-08-22 00:21 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-02-04 10:33 . 2016-08-22 00:21 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-01-19 03:08 . 2017-01-19 03:08 655264 ----a-w- c:\windows\system32\ndm-fre.exe
2017-01-19 02:27 . 2017-01-19 02:27 31224 ----a-w- c:\windows\system32\MDA_NTDRV.sys
2017-01-07 12:54 . 2017-01-07 13:39 189112 ----a-w- c:\windows\PAExec.exe
2016-12-29 08:20 . 2016-12-29 08:20 86520 ----a-w- c:\windows\vssMgr.exe
2016-12-29 08:20 . 2016-12-29 08:20 86520 ----a-w- c:\windows\suite.vssMgr.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-05-13 6690008]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2016-10-09 43984]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-12-15 4001848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-07-08 5089480]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2016-06-15 7815424]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-11-14 2397120]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2016-11-14 1377752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec]
@="Service"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R3 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2016-07-22 107648]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-07-13 102912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 MDA_NTDRV;MDA_NTDRV;c:\windows\system32\MDA_NTDRV.sys [2017-01-19 31224]
R3 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-11-14 1879488]
R3 PAExec;PAExec;c:\windows\PAExec.exe [2017-01-07 189112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ShareItSvc;ShareItSvc;c:\program files\SHAREit\SHAREit\Shareit.Service.exe [2016-04-15 33224]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2016-07-22 146048]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-11-14 426040]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 WsDrvInst;Wondershare Driver Install Service;c:\program files\Wondershare\MobileTrans\DriverInstall.exe [2016-02-24 115856]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 60552]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-07-14 202704]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-07-14 144536]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 46656]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-10-13 17472]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-06-15 23840]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-07-08 1353720]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-11-14 930240]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-10-17 147120]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-11-14 2016704]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-07-22 754784]
S2 WtfEngineDrv;WtfEngineDrv Service;c:\windows\system32\DRIVERS\WtfEngineDrv.sys [2016-05-20 32752]
S3 CX88VID;Conexant 2388x AvStream Video Capture;c:\windows\system32\drivers\cxavsvid.sys [2015-06-08 301104]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys [2015-06-08 37576]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2016-04-18 156712]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-11-14 26048]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-11-14 2904000]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2016-11-14 50744]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2016-06-15 770304]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 23:11 1368920 ----a-w- c:\program files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2017-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-22 10:33]
.
.
------- Examen supplémentaire -------
.
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{79B61F19-0B83-41B2-88C1-523831B762F6}: NameServer = 41.110.30.2,41.110.32.3,192.168.1.1
FF - ProfilePath - c:\users\FOUAD\AppData\Roaming\Mozilla\Firefox\Profiles\ndxuzi1y.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-684910240-3693451217-3103106448-1000_Classes\CLSID\{309d3c9e-ae9a-4fcf-8d2d-256c40c90a65}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000d8
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-684910240-3693451217-3103106448-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9e,03,5b,6b,88,5d,91,15,6d,12,06,f8,2e,19,b5,5b,a4,6c,56,67,e7,
9d,69,3f,21,de,ea,9a,21,99,41,01,7b,85,65,78,bd,55,c3,90,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-684910240-3693451217-3103106448-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):85,30,04,bf,72,00,31,1c,c3,bc,d3,1e,ca,49,16,b5,ba,93,c7,d3,a2,
b8,d5,82,92,9a,7c,aa,68,1e,a6,3a,2b,86,cf,63,ea,fb,01,b5,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-684910240-3693451217-3103106448-1000_Classes\CLSID\{b7a764a0-3cdd-449c-8baf-701f8533d9a6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ae
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Heure de fin: 2017-03-22 12:49:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-03-22 11:49
.
Avant-CF: 33 329 532 928 octets libres
Après-CF: 33 337 159 680 octets libres
.
- - End Of File - - 0DFE1A5A6FAB30B5D7AFF3A194178820
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.3547.2607 [GMT 1:00]
Lancé depuis: c:\users\FOUAD\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Pare-feu personnel d'ESET *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 8.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-02-22 au 2017-03-22 ))))))))))))))))))))))))))))))))))))
.
.
2017-03-22 11:42 . 2017-03-22 11:44 -------- d-----w- c:\users\FOUAD\AppData\Local\temp
2017-03-20 22:41 . 2017-03-20 22:41 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2017-03-20 20:25 . 2017-03-20 20:26 -------- d-----w- c:\program files\Reshade 3.0
2017-03-17 00:24 . 2016-10-09 07:25 29648 ----a-w- c:\windows\system32\RegBootDefrag.exe
2017-03-15 14:25 . 2017-03-15 14:25 -------- d-----w- c:\users\FOUAD\AppData\Local\uts
2017-03-14 23:12 . 2017-03-18 16:38 527816 ----a-w- c:\program files\Mozilla Firefox\minidump-analyzer.exe
2017-03-11 14:06 . 2017-03-12 14:11 -------- d-----w- c:\program files\Your Uninstaller! 7
2017-03-07 11:44 . 2017-03-07 11:44 -------- d-----w- c:\users\FOUAD\AppData\Local\Wondershare
2017-03-07 11:44 . 2017-03-07 11:44 -------- d-----w- c:\program files\Common Files\Wondershare
2017-03-07 11:44 . 2017-03-07 11:44 -------- d-----w- c:\users\FOUAD\AppData\Roaming\Wondershare
2017-03-07 11:44 . 2017-03-07 11:48 -------- d-----w- c:\users\FOUAD\.android
2017-03-07 11:44 . 2017-03-17 05:07 -------- d-----w- c:\program files\Wondershare
2017-03-03 16:25 . 2017-03-20 16:43 -------- d-----w- c:\users\FOUAD\AppData\Local\CrashDumps
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-22 11:30 . 2016-05-26 10:26 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-24 11:26 . 2016-08-31 21:05 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-02-04 10:33 . 2016-08-22 00:21 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-02-04 10:33 . 2016-08-22 00:21 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-01-19 03:08 . 2017-01-19 03:08 655264 ----a-w- c:\windows\system32\ndm-fre.exe
2017-01-19 02:27 . 2017-01-19 02:27 31224 ----a-w- c:\windows\system32\MDA_NTDRV.sys
2017-01-07 12:54 . 2017-01-07 13:39 189112 ----a-w- c:\windows\PAExec.exe
2016-12-29 08:20 . 2016-12-29 08:20 86520 ----a-w- c:\windows\vssMgr.exe
2016-12-29 08:20 . 2016-12-29 08:20 86520 ----a-w- c:\windows\suite.vssMgr.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 14:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-05-13 6690008]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2016-10-09 43984]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-12-15 4001848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-07-08 5089480]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2016-06-15 7815424]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-11-14 2397120]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2016-11-14 1377752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec]
@="Service"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R3 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2012-07-19 2568120]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2016-07-22 107648]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-07-13 102912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 MDA_NTDRV;MDA_NTDRV;c:\windows\system32\MDA_NTDRV.sys [2017-01-19 31224]
R3 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-11-14 1879488]
R3 PAExec;PAExec;c:\windows\PAExec.exe [2017-01-07 189112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ShareItSvc;ShareItSvc;c:\program files\SHAREit\SHAREit\Shareit.Service.exe [2016-04-15 33224]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2016-07-22 146048]
R3 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-11-14 426040]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 WsDrvInst;Wondershare Driver Install Service;c:\program files\Wondershare\MobileTrans\DriverInstall.exe [2016-02-24 115856]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 60552]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2015-07-14 202704]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-07-14 144536]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 46656]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-10-13 17472]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2016-06-15 23840]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2015-07-08 1353720]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-11-14 930240]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-10-17 147120]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-11-14 2016704]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-07-22 754784]
S2 WtfEngineDrv;WtfEngineDrv Service;c:\windows\system32\DRIVERS\WtfEngineDrv.sys [2016-05-20 32752]
S3 CX88VID;Conexant 2388x AvStream Video Capture;c:\windows\system32\drivers\cxavsvid.sys [2015-06-08 301104]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys [2015-06-08 37576]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\TeeDriver.sys [2016-04-18 156712]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-11-14 26048]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-11-14 2904000]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2016-11-14 50744]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2016-06-15 770304]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-02-06 23:11 1368920 ----a-w- c:\program files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2017-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-22 10:33]
.
.
------- Examen supplémentaire -------
.
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: Interfaces\{79B61F19-0B83-41B2-88C1-523831B762F6}: NameServer = 41.110.30.2,41.110.32.3,192.168.1.1
FF - ProfilePath - c:\users\FOUAD\AppData\Roaming\Mozilla\Firefox\Profiles\ndxuzi1y.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-684910240-3693451217-3103106448-1000_Classes\CLSID\{309d3c9e-ae9a-4fcf-8d2d-256c40c90a65}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000d8
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-684910240-3693451217-3103106448-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9e,03,5b,6b,88,5d,91,15,6d,12,06,f8,2e,19,b5,5b,a4,6c,56,67,e7,
9d,69,3f,21,de,ea,9a,21,99,41,01,7b,85,65,78,bd,55,c3,90,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-684910240-3693451217-3103106448-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):85,30,04,bf,72,00,31,1c,c3,bc,d3,1e,ca,49,16,b5,ba,93,c7,d3,a2,
b8,d5,82,92,9a,7c,aa,68,1e,a6,3a,2b,86,cf,63,ea,fb,01,b5,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-684910240-3693451217-3103106448-1000_Classes\CLSID\{b7a764a0-3cdd-449c-8baf-701f8533d9a6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ae
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Heure de fin: 2017-03-22 12:49:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-03-22 11:49
.
Avant-CF: 33 329 532 928 octets libres
Après-CF: 33 337 159 680 octets libres
.
- - End Of File - - 0DFE1A5A6FAB30B5D7AFF3A194178820
A36C5E4F47E84449FF07ED3517B43A31