Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-10-04.01 - CYRIL 10/10/2017 10:42:23.2.4 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.4077.2483 [GMT 2:00]
Lancé depuis: c:\users\CYRIL\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\CYRIL\Desktop\CFScript.txt
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-09-10 au 2017-10-10 ))))))))))))))))))))))))))))))))))))
.
.
2017-10-10 08:46 . 2017-10-10 08:52 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2017-10-10 08:46 . 2017-10-10 08:46 -------- d-----w- c:\users\Invité\AppData\Local\temp
2017-10-07 13:30 . 2017-10-08 14:23 -------- d-----w- C:\FRST
2017-10-05 17:05 . 2017-10-05 18:43 -------- d-----w- c:\users\CYRIL\AppData\Roaming\ZHP
2017-10-05 17:05 . 2017-10-05 18:16 -------- d-----w- c:\users\CYRIL\AppData\Local\ZHP
2017-10-02 17:52 . 2017-10-07 17:39 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-10-02 17:45 . 2017-10-02 17:45 -------- d-----w- c:\program files\Common Files\AV
2017-10-02 17:27 . 2013-09-20 08:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2017-09-19 17:12 . 2017-09-19 17:12 -------- d-----w- c:\program files (x86)\Index Education
2017-09-16 01:51 . 2017-09-16 01:52 -------- d-----w- c:\windows\rescache
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-13 11:48 . 2013-09-21 11:01 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-09-13 11:48 . 2013-09-21 11:01 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-08-11 06:19 . 2017-09-13 11:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-07-29 14:56 . 2017-08-25 17:53 117248 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-07-21 14:26 . 2017-08-25 17:53 282624 ----a-w- c:\windows\SysWow64\mstext40.dll
2017-07-21 14:26 . 2017-08-25 17:53 518144 ----a-w- c:\windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26 . 2017-08-25 17:53 290816 ----a-w- c:\windows\SysWow64\msjtes40.dll
2017-07-21 14:26 . 2017-08-25 17:53 409600 ----a-w- c:\windows\SysWow64\msexch40.dll
2017-07-14 15:29 . 2017-08-25 17:53 486400 ----a-w- c:\windows\system32\wer.dll
2017-07-14 15:29 . 2017-08-25 17:53 34304 ----a-w- c:\windows\system32\werdiagcontroller.dll
2017-07-14 15:29 . 2017-08-25 17:53 2319872 ----a-w- c:\windows\system32\tquery.dll
2017-07-14 15:29 . 2017-08-25 17:53 2058240 ----a-w- c:\windows\system32\Query.dll
2017-07-14 15:29 . 2017-08-25 17:53 778240 ----a-w- c:\windows\system32\mssvp.dll
2017-07-14 15:29 . 2017-08-25 17:53 2222080 ----a-w- c:\windows\system32\mssrch.dll
2017-07-14 15:29 . 2017-08-25 17:53 491520 ----a-w- c:\windows\system32\mssph.dll
2017-07-14 15:29 . 2017-08-25 17:53 99840 ----a-w- c:\windows\system32\mssprxy.dll
2017-07-14 15:29 . 2017-08-25 17:53 288256 ----a-w- c:\windows\system32\mssphtb.dll
2017-07-14 15:29 . 2017-08-25 17:53 115200 ----a-w- c:\windows\system32\mssitlb.dll
2017-07-14 15:29 . 2017-08-25 17:53 75264 ----a-w- c:\windows\system32\msscntrs.dll
2017-07-14 15:29 . 2017-08-25 17:53 14336 ----a-w- c:\windows\system32\msshooks.dll
2017-07-14 15:12 . 2017-08-25 17:53 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-07-14 15:12 . 2017-08-25 17:53 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-07-14 15:11 . 2017-08-25 17:53 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-07-14 15:10 . 2017-08-25 17:53 382976 ----a-w- c:\windows\SysWow64\wer.dll
2017-07-14 15:10 . 2017-08-25 17:53 1549824 ----a-w- c:\windows\SysWow64\tquery.dll
2017-07-14 15:10 . 2017-08-25 17:53 1363968 ----a-w- c:\windows\SysWow64\Query.dll
2017-07-14 15:10 . 2017-08-25 17:53 1400320 ----a-w- c:\windows\SysWow64\mssrch.dll
2017-07-14 15:10 . 2017-08-25 17:53 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2017-07-14 15:10 . 2017-08-25 17:53 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2017-07-14 15:10 . 2017-08-25 17:53 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2017-07-14 15:10 . 2017-08-25 17:53 104448 ----a-w- c:\windows\SysWow64\mssitlb.dll
2017-07-14 15:10 . 2017-08-25 17:53 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2017-07-14 15:10 . 2017-08-25 17:53 34816 ----a-w- c:\windows\SysWow64\mssprxy.dll
2017-07-14 15:00 . 2017-08-25 17:53 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00 . 2017-08-25 17:53 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59 . 2017-08-25 17:53 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59 . 2017-08-25 17:53 9728 ----a-w- c:\windows\SysWow64\msshooks.dll
2017-07-14 14:57 . 2017-08-25 17:53 50688 ----a-w- c:\windows\system32\wermgr.exe
2017-07-14 14:50 . 2017-08-25 17:53 54272 ----a-w- c:\windows\SysWow64\wermgr.exe
2017-07-14 14:50 . 2017-08-25 17:53 28672 ----a-w- c:\windows\SysWow64\werdiagcontroller.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="d:\utilitaires\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-12 393216]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-12-08 8590760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe" [2011-04-11 734544]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-25 766208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMService;Malwarebytes Service;d:\utilitaires\Anti-Malware\mbamservice.exe;d:\utilitaires\Anti-Malware\mbamservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MajIndexEducationService;Mise à jour automatique - Index Education;c:\program files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe;c:\program files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1259235147-3347209182-4082495589-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_27_0_0_130_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_27_0_0_130_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
.
**************************************************************************
.
Heure de fin: 2017-10-10 10:57:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-10-10 08:57
ComboFix2.txt 2017-10-09 22:30
.
Avant-CF: 4 676 354 048 octets libres
Après-CF: 4 583 960 576 octets libres
.
- - End Of File - - 2AB3D443E34BC2FB4FF501C2C0BA59D7
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.4077.2483 [GMT 2:00]
Lancé depuis: c:\users\CYRIL\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\CYRIL\Desktop\CFScript.txt
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-09-10 au 2017-10-10 ))))))))))))))))))))))))))))))))))))
.
.
2017-10-10 08:46 . 2017-10-10 08:52 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2017-10-10 08:46 . 2017-10-10 08:46 -------- d-----w- c:\users\Invité\AppData\Local\temp
2017-10-07 13:30 . 2017-10-08 14:23 -------- d-----w- C:\FRST
2017-10-05 17:05 . 2017-10-05 18:43 -------- d-----w- c:\users\CYRIL\AppData\Roaming\ZHP
2017-10-05 17:05 . 2017-10-05 18:16 -------- d-----w- c:\users\CYRIL\AppData\Local\ZHP
2017-10-02 17:52 . 2017-10-07 17:39 77440 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-10-02 17:45 . 2017-10-02 17:45 -------- d-----w- c:\program files\Common Files\AV
2017-10-02 17:27 . 2013-09-20 08:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2017-09-19 17:12 . 2017-09-19 17:12 -------- d-----w- c:\program files (x86)\Index Education
2017-09-16 01:51 . 2017-09-16 01:52 -------- d-----w- c:\windows\rescache
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-09-13 11:48 . 2013-09-21 11:01 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-09-13 11:48 . 2013-09-21 11:01 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-08-11 06:19 . 2017-09-13 11:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-07-29 14:56 . 2017-08-25 17:53 117248 ----a-w- c:\windows\system32\drivers\tdx.sys
2017-07-21 14:26 . 2017-08-25 17:53 282624 ----a-w- c:\windows\SysWow64\mstext40.dll
2017-07-21 14:26 . 2017-08-25 17:53 518144 ----a-w- c:\windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26 . 2017-08-25 17:53 290816 ----a-w- c:\windows\SysWow64\msjtes40.dll
2017-07-21 14:26 . 2017-08-25 17:53 409600 ----a-w- c:\windows\SysWow64\msexch40.dll
2017-07-14 15:29 . 2017-08-25 17:53 486400 ----a-w- c:\windows\system32\wer.dll
2017-07-14 15:29 . 2017-08-25 17:53 34304 ----a-w- c:\windows\system32\werdiagcontroller.dll
2017-07-14 15:29 . 2017-08-25 17:53 2319872 ----a-w- c:\windows\system32\tquery.dll
2017-07-14 15:29 . 2017-08-25 17:53 2058240 ----a-w- c:\windows\system32\Query.dll
2017-07-14 15:29 . 2017-08-25 17:53 778240 ----a-w- c:\windows\system32\mssvp.dll
2017-07-14 15:29 . 2017-08-25 17:53 2222080 ----a-w- c:\windows\system32\mssrch.dll
2017-07-14 15:29 . 2017-08-25 17:53 491520 ----a-w- c:\windows\system32\mssph.dll
2017-07-14 15:29 . 2017-08-25 17:53 99840 ----a-w- c:\windows\system32\mssprxy.dll
2017-07-14 15:29 . 2017-08-25 17:53 288256 ----a-w- c:\windows\system32\mssphtb.dll
2017-07-14 15:29 . 2017-08-25 17:53 115200 ----a-w- c:\windows\system32\mssitlb.dll
2017-07-14 15:29 . 2017-08-25 17:53 75264 ----a-w- c:\windows\system32\msscntrs.dll
2017-07-14 15:29 . 2017-08-25 17:53 14336 ----a-w- c:\windows\system32\msshooks.dll
2017-07-14 15:12 . 2017-08-25 17:53 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-07-14 15:12 . 2017-08-25 17:53 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-07-14 15:11 . 2017-08-25 17:53 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-07-14 15:10 . 2017-08-25 17:53 382976 ----a-w- c:\windows\SysWow64\wer.dll
2017-07-14 15:10 . 2017-08-25 17:53 1549824 ----a-w- c:\windows\SysWow64\tquery.dll
2017-07-14 15:10 . 2017-08-25 17:53 1363968 ----a-w- c:\windows\SysWow64\Query.dll
2017-07-14 15:10 . 2017-08-25 17:53 1400320 ----a-w- c:\windows\SysWow64\mssrch.dll
2017-07-14 15:10 . 2017-08-25 17:53 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2017-07-14 15:10 . 2017-08-25 17:53 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2017-07-14 15:10 . 2017-08-25 17:53 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2017-07-14 15:10 . 2017-08-25 17:53 104448 ----a-w- c:\windows\SysWow64\mssitlb.dll
2017-07-14 15:10 . 2017-08-25 17:53 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2017-07-14 15:10 . 2017-08-25 17:53 34816 ----a-w- c:\windows\SysWow64\mssprxy.dll
2017-07-14 15:00 . 2017-08-25 17:53 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2017-07-14 15:00 . 2017-08-25 17:53 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2017-07-14 14:59 . 2017-08-25 17:53 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2017-07-14 14:59 . 2017-08-25 17:53 9728 ----a-w- c:\windows\SysWow64\msshooks.dll
2017-07-14 14:57 . 2017-08-25 17:53 50688 ----a-w- c:\windows\system32\wermgr.exe
2017-07-14 14:50 . 2017-08-25 17:53 54272 ----a-w- c:\windows\SysWow64\wermgr.exe
2017-07-14 14:50 . 2017-08-25 17:53 28672 ----a-w- c:\windows\SysWow64\werdiagcontroller.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 230728 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.16.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="d:\utilitaires\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-12 393216]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-12-08 8590760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSPanel.exe" [2011-04-11 734544]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-25 766208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-22 598552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMService;Malwarebytes Service;d:\utilitaires\Anti-Malware\mbamservice.exe;d:\utilitaires\Anti-Malware\mbamservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe;c:\windows\SYSNATIVE\DbxSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MajIndexEducationService;Mise à jour automatique - Index Education;c:\program files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe;c:\program files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt01]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt02]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt03]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt04]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt05]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt06]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt07]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt08]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt09]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2017-05-01 14:39 278344 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-04-11 03:35 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.94.193\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1259235147-3347209182-4082495589-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_27_0_0_130_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_27_0_0_130_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
.
**************************************************************************
.
Heure de fin: 2017-10-10 10:57:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-10-10 08:57
ComboFix2.txt 2017-10-09 22:30
.
Avant-CF: 4 676 354 048 octets libres
Après-CF: 4 583 960 576 octets libres
.
- - End Of File - - 2AB3D443E34BC2FB4FF501C2C0BA59D7
A36C5E4F47E84449FF07ED3517B43A31