ComboFix 17-12-11.01 - ziwass 30/12/2017 23:33:15.1.4 - x64 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.3893.1573 [GMT 0:00] Lancé depuis: c:\users\ziwass\Desktop\ComboFix.exe AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B} SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\ziwass\AppData\Local\Temp\_MEI23522\_ctypes.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\_elementtree.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\_hashlib.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\_multiprocessing.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\_psutil_windows.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\_socket.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\_ssl.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\_yappi.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\common.time34.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\hashobjs_ext.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\PIL._imaging.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\pyexpat.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\pysqlite2._sqlite.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\python27.dll c:\users\ziwass\AppData\Local\Temp\_MEI23522\pythoncom27.dll c:\users\ziwass\AppData\Local\Temp\_MEI23522\pywintypes27.dll c:\users\ziwass\AppData\Local\Temp\_MEI23522\select.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\thumbnails_ext.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\unicodedata.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\usb_ext.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32api.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32com.shell.shell.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32crypt.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32event.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32file.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32gui.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32inet.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32pdh.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32pipe.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32process.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32profile.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32security.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\win32ts.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\windows._lib_cacheinvalidation.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\windows.conditional.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\windows.device_monitor.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\windows.volumes.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\windows.winwrap.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\wx._controls_.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\wx._core_.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\wx._gdi_.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\wx._html2.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\wx._misc_.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\wx._windows_.pyd c:\users\ziwass\AppData\Local\Temp\_MEI23522\wxbase30u_net_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI23522\wxbase30u_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI23522\wxmsw30u_adv_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI23522\wxmsw30u_core_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI23522\wxmsw30u_html_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI23522\wxmsw30u_webview_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI57722\_ctypes.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\_elementtree.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\_hashlib.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\_multiprocessing.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\_psutil_windows.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\_socket.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\_ssl.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\_yappi.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\common.time34.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\hashobjs_ext.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\PIL._imaging.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\pyexpat.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\pysqlite2._sqlite.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\python27.dll c:\users\ziwass\AppData\Local\Temp\_MEI57722\pythoncom27.dll c:\users\ziwass\AppData\Local\Temp\_MEI57722\pywintypes27.dll c:\users\ziwass\AppData\Local\Temp\_MEI57722\select.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\thumbnails_ext.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\unicodedata.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\usb_ext.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32api.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32com.shell.shell.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32crypt.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32event.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32file.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32gui.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32inet.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32pdh.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32pipe.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32process.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32profile.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32security.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\win32ts.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\windows._lib_cacheinvalidation.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\windows.conditional.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\windows.device_monitor.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\windows.volumes.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\windows.winwrap.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\wx._controls_.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\wx._core_.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\wx._gdi_.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\wx._html2.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\wx._misc_.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\wx._windows_.pyd c:\users\ziwass\AppData\Local\Temp\_MEI57722\wxbase30u_net_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI57722\wxbase30u_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI57722\wxmsw30u_adv_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI57722\wxmsw30u_core_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI57722\wxmsw30u_html_vc90.dll c:\users\ziwass\AppData\Local\Temp\_MEI57722\wxmsw30u_webview_vc90.dll c:\users\ziwass\AppData\Localtransition_1ed9d0755f791400de69c8bc97e7cbc4.ini c:\users\ziwass\AppData\Localtransition_a9cae97cfa45c01149c644af97455aa8.ini c:\users\ziwass\AppData\Roaming\app c:\users\ziwass\AppData\Roaming\app\Jerakine_lang.dat c:\users\ziwass\AppData\Roaming\app\Jerakine_lang_vesrion.dat c:\windows\security\logs\scecomp.log D:\Autorun.inf . . ((((((((((((((((((((((((((((( Fichiers créés du 2017-11-28 au 2017-12-30 )))))))))))))))))))))))))))))))))))) . . 2017-12-30 23:42 . 2017-12-30 23:42 46008 ----a-w- c:\windows\system32\drivers\mbam.sys 2017-12-30 23:42 . 2017-12-30 23:42 193968 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys 2017-12-30 23:42 . 2017-12-30 23:42 110016 ----a-w- c:\windows\system32\drivers\farflt.sys 2017-12-30 23:42 . 2017-12-30 23:42 84256 ----a-w- c:\windows\system32\drivers\mwac.sys 2017-12-30 23:42 . 2017-12-30 23:42 253880 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2017-12-24 23:15 . 2017-12-24 23:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DCB3F1B-D0D5-4664-9ACA-9152C4F9B657}\offreg.2880.dll 2017-12-24 23:14 . 2017-12-24 23:14 -------- d-----w- c:\users\ziwass\AppData\Local\CrashDumps 2017-12-24 23:05 . 2017-12-25 21:57 -------- d-----w- c:\users\ziwass\AppData\Roaming\ZHP 2017-12-24 23:05 . 2017-12-24 23:05 -------- d-----w- c:\users\ziwass\AppData\Local\ZHP 2017-12-24 13:28 . 2017-12-24 14:38 -------- d-----w- C:\FRST 2017-12-23 23:56 . 2017-11-29 09:11 77432 ----a-w- c:\windows\system32\drivers\mbae64.sys 2017-12-23 23:56 . 2017-12-23 23:56 -------- d-----w- c:\programdata\Malwarebytes 2017-12-23 23:56 . 2017-12-23 23:56 -------- d-----w- c:\program files\Malwarebytes 2017-12-22 23:38 . 2017-12-23 23:11 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2017-12-22 23:35 . 2017-12-22 23:35 -------- d-----w- c:\programdata\RogueKiller 2017-12-22 23:35 . 2017-12-22 23:35 -------- d-----w- c:\program files\RogueKiller 2017-12-16 02:17 . 2017-11-18 00:30 13899592 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DCB3F1B-D0D5-4664-9ACA-9152C4F9B657}\mpengine.dll 2017-12-15 14:23 . 2017-12-30 23:20 -------- d-----r- c:\users\ziwass\Google Drive 2017-12-07 14:25 . 2017-12-07 14:25 -------- d-----w- c:\users\ziwass\AppData\Local\Foxit PhantomPDF . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2010-11-21 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2015-11-13 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A}] 2017-10-21 00:32 4723776 ----a-w- c:\program files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-05-02 3487128] "GoogleChromeAutoLaunch_0AE31B4F8E820B2D8D16F4B1040B7242"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2017-12-06 1592664] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2017-11-20 41061856] "DellSystemDetect"="c:\users\ziwass\AppData\Local\Apps\2.0\QH42T5EL.049\PB7JH6LD.V13\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe" [2017-02-05 310728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x] R2 HPTouchpointAnalyticsService;HP Touchpoint Analytics;c:\program files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe;c:\program files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 dpK00701;Pilote supérieur de lecteur d'empreintes digitales, U.are.U®;c:\windows\system32\DRIVERS\dpK00701.sys;c:\windows\SYSNATIVE\DRIVERS\dpK00701.sys [x] R3 FoxitPhantomService;FoxitPhantomService;c:\program files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe;c:\program files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [x] R3 fwlanusb6_860;AVM FRITZ!WLAN AC 860;c:\windows\system32\DRIVERS\fwlanusb6_860.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb6_860.sys [x] R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 usbdpfp;Pilote de classe Lecteur d'empreintes digitales, U.are.U®;c:\windows\system32\DRIVERS\usbdpfp.sys;c:\windows\SYSNATIVE\DRIVERS\usbdpfp.sys [x] R3 wdm_usb;wdm_usb;c:\windows\system32\DRIVERS\usb2ser.sys;c:\windows\SYSNATIVE\DRIVERS\usb2ser.sys [x] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x] S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x] S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x] S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x] S3 NETw5s64;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 64 bits ;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - ESPROTECTIONDRIVER *NewlyCreated* - MBAMCHAMELEON *NewlyCreated* - MBAMFARFLT *NewlyCreated* - MBAMPROTECTION *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - MBAMWEBPROTECTION . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2017-07-31 22:31 324080 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Contenu du dossier 'Tâches planifiées' . 2017-12-29 c:\windows\Tasks\HPCeeScheduleForziwass.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22 21:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2017-11-20 15:27 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2017-11-20 15:27 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2017-11-20 15:27 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-28 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-28 416024] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424] . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: Télécharger avec IDM des videos FLV parmi les 10 dernières demandées - c:\program files (x86)\Internet Download Manager\IEGetVL2.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm Trusted Zone: dell.com Trusted Zone: localhost Trusted Zone: webcompanion.com TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5D5AB2D4-9DDB-4A85-830B-056445B2AE3E}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{5D5AB2D4-9DDB-4A85-830B-056445B2AE3E}\14E64627F696461405: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{5D5AB2D4-9DDB-4A85-830B-056445B2AE3E}\F42716E67656D214632313: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\ziwass\AppData\Roaming\Mozilla\Firefox\Profiles\sb6luiyl.default\ FF - prefs.js: browser.startup.homepage - about:homeabout:home . - - - - ORPHELINS SUPPRIMES - - - - . HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{78E2C850-ADA6-420D-BA35-2F4A9BE733CC} - c:\program files (x86)\InstallShield Installation Information\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}\setup.exe AddRemove-2744A393-554C-4E35-A24F-DEF0392B4484-2 - c:\users\ziwass\AppData\Local\Ankama\Dofus\Dofus.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-700845423-2606857621-1733508647-1000\@*Qr*] @Allowed: (Read) (RestrictedCode) "cl"=dword:00000003 . [HKEY_USERS\S-1-5-21-700845423-2606857621-1733508647-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):2b,a5,7f,b3,72,ab,20,6e,4a,b1,ad,5e,51,a8,05,d4,20,8f,ac,bf,a1, ea,82,ef,12,78,3d,89,b3,b4,b8,8f,e9,d6,86,44,1c,78,49,03,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-700845423-2606857621-1733508647-1000_Classes\Wow6432Node\CLSID\{981732b0-474c-4c36-9faf-58243b22a9ab}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000eb "Therad"=dword:0000001f "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Heure de fin: 2017-12-30 23:46:35 - La machine a redémarré ComboFix-quarantined-files.txt 2017-12-30 23:46 . Avant-CF: 12 820 643 840 octets libres Après-CF: 13 256 880 128 octets libres . - - End Of File - - 21FD03280DE8B0135026414FBB151EA7