ComboFix.txt

Document joint : HAinVUGUqSP_ComboFix.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

ComboFix 17-12-11.01 - VICTOR-LOUIS 08/01/2018 14:12:42.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4061.1150 [GMT 1:00]
Lancé depuis: c:\users\VICTOR-LOUIS\Desktop\ComboFix.exe
AV: Bitdefender Antivirus Free Antimalware *Disabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371}
SP: Bitdefender Antivirus Free Antimalware *Disabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\VICTOR-LOUIS\ZHPCleaner.exe
c:\users\Wise Disk Cleaner\1c.ico
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-12-08 au 2018-01-08 ))))))))))))))))))))))))))))))))))))
.
.
2018-01-08 13:32 . 2018-01-08 13:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2018-01-08 13:32 . 2018-01-08 13:32 -------- d-----w- c:\users\Invité\AppData\Local\temp
2018-01-08 13:32 . 2018-01-08 13:32 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2018-01-08 13:32 . 2018-01-08 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-01-08 13:32 . 2018-01-08 13:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2018-01-08 08:41 . 2018-01-08 09:39 -------- d-----w- C:\FRST
2018-01-05 14:57 . 2018-01-05 14:57 -------- d-----w- c:\program files (x86)\Microsoft
2018-01-05 07:36 . 2017-12-29 09:15 25737728 ----a-w- c:\windows\system32\mshtml.dll
2018-01-05 07:36 . 2017-12-29 08:04 15284224 ----a-w- c:\windows\system32\ieframe.dll
2018-01-05 07:36 . 2018-01-01 02:21 5581544 ----a-w- c:\windows\system32\ntoskrnl.exe
2018-01-05 07:36 . 2017-12-29 17:45 4508160 ----a-w- c:\windows\SysWow64\jscript9.dll
2018-01-05 07:36 . 2017-12-29 08:51 5796352 ----a-w- c:\windows\system32\jscript9.dll
2018-01-05 07:36 . 2017-12-29 08:52 2900480 ----a-w- c:\windows\system32\iertutil.dll
2018-01-05 07:36 . 2017-12-29 07:50 3241472 ----a-w- c:\windows\system32\wininet.dll
2018-01-04 12:56 . 2018-01-04 13:13 -------- d-----w- c:\users\VICTOR-LOUIS\AppData\Roaming\uTorrent
2018-01-02 12:26 . 2018-01-02 16:37 -------- d-----w- C:\AdsFix
2017-12-27 18:33 . 2017-12-27 18:49 -------- d-----w- c:\users\VICTOR-LOUIS\AppData\Local\Unity
2017-12-23 14:14 . 2017-12-26 12:26 253880 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2017-12-17 17:46 . 2017-12-17 17:46 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-12-15 06:26 . 2017-12-15 06:26 155488 ----a-w- c:\windows\system32\drivers\bddci.sys
2017-12-11 20:47 . 2017-12-11 20:47 -------- d-----w- c:\program files\Synaptics
2017-12-11 20:46 . 2017-12-11 20:46 1804688 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2017-12-11 20:46 . 2017-12-11 20:46 51808 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2017-12-11 20:16 . 2017-12-11 20:16 50808 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-12-11 13:32 . 2017-12-28 16:48 -------- d-----w- c:\users\VICTOR-LOUIS\AppData\Local\FSDART
2017-12-11 13:32 . 2017-12-11 13:32 -------- d-----w- c:\users\VICTOR-LOUIS\AppData\Local\F-Secure
2017-12-11 13:32 . 2017-12-28 11:36 -------- d-----w- c:\programdata\F-Secure
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-01-02 18:26 . 2015-06-17 12:35 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-01-01 16:12 . 2018-01-05 07:35 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2018-01-01 01:59 . 2018-01-05 07:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-12-13 14:56 . 2017-10-11 08:01 133326408 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2017-12-13 14:55 . 2015-06-14 11:06 133326408 -c--a-w- c:\windows\system32\MRT.exe
2017-12-13 07:42 . 2017-11-22 18:46 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-12-13 07:42 . 2017-11-22 18:46 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-12-07 17:35 . 2017-11-27 18:45 77432 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-11-22 10:37 . 2017-11-22 10:35 47672 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys
2017-11-21 19:43 . 2017-11-21 19:43 30243 ----a-w- c:\programdata\agent.update.1511293357.bdinstall.bin
2017-10-18 02:34 . 2017-11-15 04:49 134376 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-10-18 02:30 . 2017-11-15 04:49 605184 ----a-w- c:\windows\system32\aeinv.dll
2017-10-18 02:06 . 2017-11-15 04:51 344064 ----a-w- c:\windows\system32\drivers\usbhub.sys
2017-10-18 02:06 . 2017-11-15 04:51 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2017-10-18 02:06 . 2017-11-15 04:51 327168 ----a-w- c:\windows\system32\drivers\usbport.sys
2017-10-18 02:06 . 2017-11-15 04:51 56320 ----a-w- c:\windows\system32\drivers\usbehci.sys
2017-10-18 02:06 . 2017-11-15 04:51 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2017-10-18 02:06 . 2017-11-15 04:51 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2017-10-18 02:06 . 2017-11-15 04:51 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2017-10-16 23:04 . 2017-12-05 20:27 1001984 ----a-w- c:\windows\system32\gpedit.dll
2017-10-16 22:46 . 2017-12-05 20:27 953344 ----a-w- c:\windows\SysWow64\gpedit.dll
2017-10-16 21:55 . 2017-11-15 04:51 339968 ----a-w- c:\windows\SysWow64\msexcl40.dll
2017-10-15 22:04 . 2017-11-15 04:49 407392 ----a-w- c:\windows\system32\centel.dll
2017-10-13 08:57 . 2017-10-02 13:31 1019880 ----a-w- c:\windows\system32\drivers\atc.sys
2017-10-12 00:55 . 2017-11-15 04:51 12574720 ----a-w- c:\windows\system32\wmploc.DLL
2017-10-12 00:55 . 2017-11-15 04:51 14635008 ----a-w- c:\windows\system32\wmp.dll
2017-10-12 00:55 . 2017-11-15 04:51 2319872 ----a-w- c:\windows\system32\tquery.dll
2017-10-12 00:55 . 2017-11-15 04:51 151552 ----a-w- c:\windows\system32\t2embed.dll
2017-10-12 00:55 . 2017-11-15 04:51 5120 ----a-w- c:\windows\system32\msdxm.ocx
2017-10-12 00:55 . 2017-11-15 04:51 5120 ----a-w- c:\windows\system32\dxmasf.dll
2017-10-12 00:55 . 2017-11-15 04:51 2058240 ----a-w- c:\windows\system32\Query.dll
2017-10-12 00:55 . 2017-11-15 04:51 9728 ----a-w- c:\windows\system32\spwmp.dll
2017-10-12 00:55 . 2017-11-15 04:51 2222080 ----a-w- c:\windows\system32\mssrch.dll
2017-10-12 00:55 . 2017-11-15 04:51 778240 ----a-w- c:\windows\system32\mssvp.dll
2017-10-12 00:55 . 2017-11-15 04:51 491520 ----a-w- c:\windows\system32\mssph.dll
2017-10-12 00:55 . 2017-11-15 04:51 99840 ----a-w- c:\windows\system32\mssprxy.dll
2017-10-12 00:55 . 2017-11-15 04:51 288256 ----a-w- c:\windows\system32\mssphtb.dll
2017-10-12 00:55 . 2017-11-15 04:51 115200 ----a-w- c:\windows\system32\mssitlb.dll
2017-10-12 00:55 . 2017-11-15 04:51 75264 ----a-w- c:\windows\system32\msscntrs.dll
2017-10-12 00:55 . 2017-11-15 04:51 14336 ----a-w- c:\windows\system32\msshooks.dll
2017-10-12 00:39 . 2017-11-15 04:51 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2017-10-12 00:38 . 2017-11-15 04:51 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2017-10-12 00:38 . 2017-11-15 04:51 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2017-10-12 00:37 . 2017-11-15 04:51 12574208 ----a-w- c:\windows\SysWow64\wmploc.DLL
2017-10-12 00:37 . 2017-11-15 04:51 1549824 ----a-w- c:\windows\SysWow64\tquery.dll
2017-10-12 00:37 . 2017-11-15 04:51 111104 ----a-w- c:\windows\SysWow64\t2embed.dll
2017-10-12 00:37 . 2017-11-15 04:51 1363968 ----a-w- c:\windows\SysWow64\Query.dll
2017-10-12 00:37 . 2017-11-15 04:51 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2017-10-12 00:37 . 2017-11-15 04:51 1400320 ----a-w- c:\windows\SysWow64\mssrch.dll
2017-10-12 00:37 . 2017-11-15 04:51 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2017-10-12 00:37 . 2017-11-15 04:51 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2017-10-12 00:37 . 2017-11-15 04:51 104448 ----a-w- c:\windows\SysWow64\mssitlb.dll
2017-10-12 00:37 . 2017-11-15 04:51 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2017-10-12 00:37 . 2017-11-15 04:51 34816 ----a-w- c:\windows\SysWow64\mssprxy.dll
2017-10-12 00:26 . 2017-11-15 04:51 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2017-10-12 00:26 . 2017-11-15 04:51 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2017-10-12 00:25 . 2017-11-15 04:51 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2017-10-12 00:25 . 2017-11-15 04:51 9728 ----a-w- c:\windows\SysWow64\msshooks.dll
2017-10-12 00:24 . 2017-11-15 04:51 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2017-10-12 00:24 . 2017-11-15 04:51 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2017-10-12 00:24 . 2017-11-15 04:51 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2017-10-12 00:20 . 2017-12-05 20:27 317440 ----a-w- c:\windows\system32\drivers\rdbss.sys
2017-10-12 00:20 . 2017-11-15 04:51 113152 ----a-w- c:\windows\system32\drivers\luafv.sys
2003-03-21 11:45 . 2017-12-04 21:17 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 dc3d;Pilote de détection des périphériques Microsoft Hardware;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 ETDSMBus;ETDSMBus;c:\windows\system32\DRIVERS\ETDSMBus.sys;c:\windows\SYSNATIVE\DRIVERS\ETDSMBus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
R3 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys;c:\windows\SYSNATIVE\DRIVERS\VX6000Xp.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
R4 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R4 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x]
S0 atc;atc;c:\windows\system32\DRIVERS\atc.sys;c:\windows\SYSNATIVE\DRIVERS\atc.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 BdDci;BdDci Service;c:\windows\system32\DRIVERS\bddci.sys;c:\windows\SYSNATIVE\DRIVERS\bddci.sys [x]
S0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys;c:\windows\SYSNATIVE\drivers\gzflt.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ProductAgentService;ProductAgentService;c:\program files\Bitdefender Agent\ProductAgentService.exe;c:\program files\Bitdefender Agent\ProductAgentService.exe [x]
S2 updatesrv;Bitdefender Update Service;c:\program files\Bitdefender Antivirus Free\updatesrv.exe;c:\program files\Bitdefender Antivirus Free\updatesrv.exe [x]
S2 vsservppl;Bitdefender Correlation Service;c:\program files\Bitdefender Antivirus Free\vsservppl.exe;c:\program files\Bitdefender Antivirus Free\vsservppl.exe [x]
S3 edrsensor;edrsensor;c:\windows\system32\DRIVERS\edrsensor.sys;c:\windows\SYSNATIVE\DRIVERS\edrsensor.sys [x]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys;c:\windows\SYSNATIVE\DRIVERS\hidshim.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys;c:\windows\SYSNATIVE\DRIVERS\nuvotoncir.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\DRIVERS\winbondhidcir.sys;c:\windows\SYSNATIVE\DRIVERS\winbondhidcir.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
--------- X64 Entries -----------
.
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = https://www.google.com/
uStart Page = https://www.google.com/
mLocal Page = c:\windows\System32\blank.htm
mSearch Bar = https://www.google.com/
mSearchMigratedDefaultURL = https://www.google.com/
mStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
uCustomizeSearch = https://www.google.com/
mCustomizeSearch = https://www.google.com/
IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll
Trusted Zone: localhost
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
TCP: Interfaces\{7D6A0DBB-57E0-4F13-8D9F-AB5F19CBE6EE}: NameServer = 208.67.220.220,89.2.0.1
Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll
.
.
------- Associations de fichier -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
SafeBoot-24968103.sys
SafeBoot-93549668.sys
SafeBoot-MBAMSwissArmy
SafeBoot-AppXSvc
SafeBoot-camsvc
SafeBoot-ClipSvc
SafeBoot-lfsvc
SafeBoot-semgrsvc
SafeBoot-TokenBroker
SafeBoot-TweakingRemoveSafeBoot
SafeBoot-WSService
Toolbar-Locked - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,2f,4b,52,ce,3d,9f,42,bf,74,c3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,2f,4b,52,ce,3d,9f,42,bf,74,c3,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1514622647-1234394215-4269887999-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@DACL=(02 0012)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2018-01-08 14:44:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2018-01-08 13:44
.
Avant-CF: 374 946 099 200 octets libres
Après-CF: 374 515 286 016 octets libres
.
- - End Of File - - 283273EFBB52C8E0C5019E9AC6D33BD2
5C616939100B85E558DA92B899A0FC36

Signaler le contenu de ce document