Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-12-11.01 - Ludovic 08/01/2018 20:34:42.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4095.2477 [GMT 1:00]
Lancé depuis: c:\users\Ludovic\Desktop\LUDO.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ludovic\AppData\Local\assembly\tmp
c:\users\Ludovic\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system
c:\users\Ludovic\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\Offisync-UserSettings.config
c:\users\Ludovic\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\Offisync.config.old_backup
c:\users\Ludovic\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\ostelbuf.dat
c:\users\Ludovic\ZHPDiag3.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-12-08 au 2018-01-08 ))))))))))))))))))))))))))))))))))))
.
.
2018-01-08 19:43 . 2018-01-08 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-01-07 20:50 . 2018-01-08 00:38 -------- d-----w- c:\users\Ludovic\AppData\Local\Mozilla
2018-01-07 20:50 . 2018-01-07 20:50 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2018-01-07 18:26 . 2018-01-07 18:26 -------- d-----w- c:\program files (x86)\ESET
2018-01-05 16:49 . 2018-01-05 16:54 -------- d-----w- C:\AdwCleaner
2018-01-04 19:48 . 2018-01-05 17:18 -------- d-----w- c:\program files\CCleaner
2018-01-04 19:27 . 2018-01-05 16:59 -------- d-----w- c:\users\Ludovic\AppData\Local\ZHP
2018-01-04 16:54 . 2017-11-29 08:11 77432 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-01-04 16:54 . 2018-01-04 16:54 -------- d-----w- c:\programdata\Malwarebytes
2018-01-04 16:54 . 2018-01-04 16:54 -------- d-----w- c:\program files\Malwarebytes
2018-01-03 18:48 . 2018-01-05 23:17 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-20 20:32 . 2010-02-25 15:25 545440 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
c:\users\Ludovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSmobileSCAN II.lnk - c:\program files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe [2012-5-28 628224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [2010-1-17 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MSSQL$EBP;SQL Server (EBP);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe;c:\windows\SysWOW64\nvSCPAPISvr.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-11 16414824]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.google.fr/
mDefault_Page_URL = hxxp://www.google.fr/
mDefault_Search_URL = hxxp://www.google.fr/
mSearch Page = hxxp://www.google.fr/?q={searchTerms}
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Ludovic\AppData\Roaming\Mozilla\Firefox\Profiles\th4xjzdt.default-1484757855150-1515358299669\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe
AddRemove-3f10ea13-9a1f-4236-beae-206ba68c767a - c:\progra~3\INSTAL~1\{9BB3A~1\Setup.exe
AddRemove-4ecff384-ba61-4f80-81d4-d58bfc0d25e4 - c:\progra~3\INSTAL~1\{98E00~1\Setup.exe
AddRemove-c12393c3-4a0f-45fb-a068-91694251d909 - c:\progra~3\INSTAL~1\{754A3~1\Setup.exe
AddRemove-EBP Compta Classic Open Line 2011 3.0 - c:\programdata\{4932F8D7-FB73-4966-865D-3C3C1372C09B}\setup.exe
AddRemove-EBP Devis et Facturation Bâtiment Classic 2010 11.0 - c:\programdata\{5428908B-4203-4FFA-9A62-F36E4771A7BC}\setup.exe
AddRemove-EBP Utilitaire d'échanges 1.1 - c:\programdata\{4E8B28E9-7604-40D3-A02C-8E3AFD1703AC}\setup.exe
AddRemove-{3657B23B-4E07-4B42-BBEF-B024429431F2} - c:\programdata\{4932F8D7-FB73-4966-865D-3C3C1372C09B}\setup.exe
AddRemove-{5E39F2FB-0D5B-413E-903C-3F495017109C} - c:\programdata\{3FEAFE1E-B171-4F43-9D22-153B42A7D1BF}\setup.exe
AddRemove-{EAF8BEC9-B95F-4CAC-B04F-72D93139DA9C} - c:\programdata\{5428908B-4203-4FFA-9A62-F36E4771A7BC}\setup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2018-01-08 20:46:47
ComboFix-quarantined-files.txt 2018-01-08 19:46
.
Avant-CF: 21 720 571 904 octets libres
Après-CF: 21 290 151 936 octets libres
.
- - End Of File - - CB8ED6916FF6CCE3D0B8A876A13B622A
5C616939100B85E558DA92B899A0FC36
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4095.2477 [GMT 1:00]
Lancé depuis: c:\users\Ludovic\Desktop\LUDO.exe
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ludovic\AppData\Local\assembly\tmp
c:\users\Ludovic\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system
c:\users\Ludovic\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\Offisync-UserSettings.config
c:\users\Ludovic\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\Offisync.config.old_backup
c:\users\Ludovic\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\ostelbuf.dat
c:\users\Ludovic\ZHPDiag3.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-12-08 au 2018-01-08 ))))))))))))))))))))))))))))))))))))
.
.
2018-01-08 19:43 . 2018-01-08 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-01-07 20:50 . 2018-01-08 00:38 -------- d-----w- c:\users\Ludovic\AppData\Local\Mozilla
2018-01-07 20:50 . 2018-01-07 20:50 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2018-01-07 18:26 . 2018-01-07 18:26 -------- d-----w- c:\program files (x86)\ESET
2018-01-05 16:49 . 2018-01-05 16:54 -------- d-----w- C:\AdwCleaner
2018-01-04 19:48 . 2018-01-05 17:18 -------- d-----w- c:\program files\CCleaner
2018-01-04 19:27 . 2018-01-05 16:59 -------- d-----w- c:\users\Ludovic\AppData\Local\ZHP
2018-01-04 16:54 . 2017-11-29 08:11 77432 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-01-04 16:54 . 2018-01-04 16:54 -------- d-----w- c:\programdata\Malwarebytes
2018-01-04 16:54 . 2018-01-04 16:54 -------- d-----w- c:\program files\Malwarebytes
2018-01-03 18:48 . 2018-01-05 23:17 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-11-20 20:32 . 2010-02-25 15:25 545440 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
c:\users\Ludovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSmobileSCAN II.lnk - c:\program files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe [2012-5-28 628224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [2010-1-17 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MSSQL$EBP;SQL Server (EBP);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe;c:\windows\SysWOW64\nvSCPAPISvr.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - MBAMFARFLT
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBPROTECTION
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMFarflt
*Deregistered* - MBAMProtection
*Deregistered* - MBAMSwissArmy
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-11 16414824]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.google.fr/
mDefault_Page_URL = hxxp://www.google.fr/
mDefault_Search_URL = hxxp://www.google.fr/
mSearch Page = hxxp://www.google.fr/?q={searchTerms}
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\Ludovic\AppData\Roaming\Mozilla\Firefox\Profiles\th4xjzdt.default-1484757855150-1515358299669\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\63.0.3239.132\Installer\chrmstp.exe
AddRemove-3f10ea13-9a1f-4236-beae-206ba68c767a - c:\progra~3\INSTAL~1\{9BB3A~1\Setup.exe
AddRemove-4ecff384-ba61-4f80-81d4-d58bfc0d25e4 - c:\progra~3\INSTAL~1\{98E00~1\Setup.exe
AddRemove-c12393c3-4a0f-45fb-a068-91694251d909 - c:\progra~3\INSTAL~1\{754A3~1\Setup.exe
AddRemove-EBP Compta Classic Open Line 2011 3.0 - c:\programdata\{4932F8D7-FB73-4966-865D-3C3C1372C09B}\setup.exe
AddRemove-EBP Devis et Facturation Bâtiment Classic 2010 11.0 - c:\programdata\{5428908B-4203-4FFA-9A62-F36E4771A7BC}\setup.exe
AddRemove-EBP Utilitaire d'échanges 1.1 - c:\programdata\{4E8B28E9-7604-40D3-A02C-8E3AFD1703AC}\setup.exe
AddRemove-{3657B23B-4E07-4B42-BBEF-B024429431F2} - c:\programdata\{4932F8D7-FB73-4966-865D-3C3C1372C09B}\setup.exe
AddRemove-{5E39F2FB-0D5B-413E-903C-3F495017109C} - c:\programdata\{3FEAFE1E-B171-4F43-9D22-153B42A7D1BF}\setup.exe
AddRemove-{EAF8BEC9-B95F-4CAC-B04F-72D93139DA9C} - c:\programdata\{5428908B-4203-4FFA-9A62-F36E4771A7BC}\setup.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2018-01-08 20:46:47
ComboFix-quarantined-files.txt 2018-01-08 19:46
.
Avant-CF: 21 720 571 904 octets libres
Après-CF: 21 290 151 936 octets libres
.
- - End Of File - - CB8ED6916FF6CCE3D0B8A876A13B622A
5C616939100B85E558DA92B899A0FC36