ComboFix 17-12-11.01 - VICTOR-LOUIS 08/01/2018 14:12:42.1.2 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4061.1150 [GMT 1:00] Lancé depuis: c:\users\VICTOR-LOUIS\Desktop\ComboFix.exe AV: Bitdefender Antivirus Free Antimalware *Disabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371} SP: Bitdefender Antivirus Free Antimalware *Disabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\VICTOR-LOUIS\ZHPCleaner.exe c:\users\Wise Disk Cleaner\1c.ico c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\wpcap.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((((((( Fichiers créés du 2017-12-08 au 2018-01-08 )))))))))))))))))))))))))))))))))))) . . 2018-01-08 13:32 . 2018-01-08 13:32 -------- d-----w- c:\users\Public\AppData\Local\temp 2018-01-08 13:32 . 2018-01-08 13:32 -------- d-----w- c:\users\Invité\AppData\Local\temp 2018-01-08 13:32 . 2018-01-08 13:32 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2018-01-08 13:32 . 2018-01-08 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2018-01-08 13:32 . 2018-01-08 13:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2018-01-08 08:41 . 2018-01-08 09:39 -------- d-----w- C:\FRST 2018-01-05 14:57 . 2018-01-05 14:57 -------- d-----w- c:\program files (x86)\Microsoft 2018-01-05 07:36 . 2017-12-29 09:15 25737728 ----a-w- c:\windows\system32\mshtml.dll 2018-01-05 07:36 . 2017-12-29 08:04 15284224 ----a-w- c:\windows\system32\ieframe.dll 2018-01-05 07:36 . 2018-01-01 02:21 5581544 ----a-w- c:\windows\system32\ntoskrnl.exe 2018-01-05 07:36 . 2017-12-29 17:45 4508160 ----a-w- c:\windows\SysWow64\jscript9.dll 2018-01-05 07:36 . 2017-12-29 08:51 5796352 ----a-w- c:\windows\system32\jscript9.dll 2018-01-05 07:36 . 2017-12-29 08:52 2900480 ----a-w- c:\windows\system32\iertutil.dll 2018-01-05 07:36 . 2017-12-29 07:50 3241472 ----a-w- c:\windows\system32\wininet.dll 2018-01-04 12:56 . 2018-01-04 13:13 -------- d-----w- c:\users\VICTOR-LOUIS\AppData\Roaming\uTorrent 2018-01-02 12:26 . 2018-01-02 16:37 -------- d-----w- C:\AdsFix 2017-12-27 18:33 . 2017-12-27 18:49 -------- d-----w- c:\users\VICTOR-LOUIS\AppData\Local\Unity 2017-12-23 14:14 . 2017-12-26 12:26 253880 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2017-12-17 17:46 . 2017-12-17 17:46 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2017-12-15 06:26 . 2017-12-15 06:26 155488 ----a-w- c:\windows\system32\drivers\bddci.sys 2017-12-11 20:47 . 2017-12-11 20:47 -------- d-----w- c:\program files\Synaptics 2017-12-11 20:46 . 2017-12-11 20:46 1804688 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll 2017-12-11 20:46 . 2017-12-11 20:46 51808 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys 2017-12-11 20:16 . 2017-12-11 20:16 50808 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2017-12-11 13:32 . 2017-12-28 16:48 -------- d-----w- c:\users\VICTOR-LOUIS\AppData\Local\FSDART 2017-12-11 13:32 . 2017-12-11 13:32 -------- d-----w- c:\users\VICTOR-LOUIS\AppData\Local\F-Secure 2017-12-11 13:32 . 2017-12-28 11:36 -------- d-----w- c:\programdata\F-Secure . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2018-01-02 18:26 . 2015-06-17 12:35 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2018-01-01 16:12 . 2018-01-05 07:35 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2018-01-01 01:59 . 2018-01-05 07:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2017-12-13 14:56 . 2017-10-11 08:01 133326408 -c--a-w- c:\windows\system32\MRT-KB890830.exe 2017-12-13 14:55 . 2015-06-14 11:06 133326408 -c--a-w- c:\windows\system32\MRT.exe 2017-12-13 07:42 . 2017-11-22 18:46 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2017-12-13 07:42 . 2017-11-22 18:46 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2017-12-07 17:35 . 2017-11-27 18:45 77432 ----a-w- c:\windows\system32\drivers\mbae64.sys 2017-11-22 10:37 . 2017-11-22 10:35 47672 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys 2017-11-21 19:43 . 2017-11-21 19:43 30243 ----a-w- c:\programdata\agent.update.1511293357.bdinstall.bin 2017-10-18 02:34 . 2017-11-15 04:49 134376 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-10-18 02:30 . 2017-11-15 04:49 605184 ----a-w- c:\windows\system32\aeinv.dll 2017-10-18 02:06 . 2017-11-15 04:51 344064 ----a-w- c:\windows\system32\drivers\usbhub.sys 2017-10-18 02:06 . 2017-11-15 04:51 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2017-10-18 02:06 . 2017-11-15 04:51 327168 ----a-w- c:\windows\system32\drivers\usbport.sys 2017-10-18 02:06 . 2017-11-15 04:51 56320 ----a-w- c:\windows\system32\drivers\usbehci.sys 2017-10-18 02:06 . 2017-11-15 04:51 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2017-10-18 02:06 . 2017-11-15 04:51 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2017-10-18 02:06 . 2017-11-15 04:51 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2017-10-16 23:04 . 2017-12-05 20:27 1001984 ----a-w- c:\windows\system32\gpedit.dll 2017-10-16 22:46 . 2017-12-05 20:27 953344 ----a-w- c:\windows\SysWow64\gpedit.dll 2017-10-16 21:55 . 2017-11-15 04:51 339968 ----a-w- c:\windows\SysWow64\msexcl40.dll 2017-10-15 22:04 . 2017-11-15 04:49 407392 ----a-w- c:\windows\system32\centel.dll 2017-10-13 08:57 . 2017-10-02 13:31 1019880 ----a-w- c:\windows\system32\drivers\atc.sys 2017-10-12 00:55 . 2017-11-15 04:51 12574720 ----a-w- c:\windows\system32\wmploc.DLL 2017-10-12 00:55 . 2017-11-15 04:51 14635008 ----a-w- c:\windows\system32\wmp.dll 2017-10-12 00:55 . 2017-11-15 04:51 2319872 ----a-w- c:\windows\system32\tquery.dll 2017-10-12 00:55 . 2017-11-15 04:51 151552 ----a-w- c:\windows\system32\t2embed.dll 2017-10-12 00:55 . 2017-11-15 04:51 5120 ----a-w- c:\windows\system32\msdxm.ocx 2017-10-12 00:55 . 2017-11-15 04:51 5120 ----a-w- c:\windows\system32\dxmasf.dll 2017-10-12 00:55 . 2017-11-15 04:51 2058240 ----a-w- c:\windows\system32\Query.dll 2017-10-12 00:55 . 2017-11-15 04:51 9728 ----a-w- c:\windows\system32\spwmp.dll 2017-10-12 00:55 . 2017-11-15 04:51 2222080 ----a-w- c:\windows\system32\mssrch.dll 2017-10-12 00:55 . 2017-11-15 04:51 778240 ----a-w- c:\windows\system32\mssvp.dll 2017-10-12 00:55 . 2017-11-15 04:51 491520 ----a-w- c:\windows\system32\mssph.dll 2017-10-12 00:55 . 2017-11-15 04:51 99840 ----a-w- c:\windows\system32\mssprxy.dll 2017-10-12 00:55 . 2017-11-15 04:51 288256 ----a-w- c:\windows\system32\mssphtb.dll 2017-10-12 00:55 . 2017-11-15 04:51 115200 ----a-w- c:\windows\system32\mssitlb.dll 2017-10-12 00:55 . 2017-11-15 04:51 75264 ----a-w- c:\windows\system32\msscntrs.dll 2017-10-12 00:55 . 2017-11-15 04:51 14336 ----a-w- c:\windows\system32\msshooks.dll 2017-10-12 00:39 . 2017-11-15 04:51 591872 ----a-w- c:\windows\system32\SearchIndexer.exe 2017-10-12 00:38 . 2017-11-15 04:51 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2017-10-12 00:38 . 2017-11-15 04:51 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe 2017-10-12 00:37 . 2017-11-15 04:51 12574208 ----a-w- c:\windows\SysWow64\wmploc.DLL 2017-10-12 00:37 . 2017-11-15 04:51 1549824 ----a-w- c:\windows\SysWow64\tquery.dll 2017-10-12 00:37 . 2017-11-15 04:51 111104 ----a-w- c:\windows\SysWow64\t2embed.dll 2017-10-12 00:37 . 2017-11-15 04:51 1363968 ----a-w- c:\windows\SysWow64\Query.dll 2017-10-12 00:37 . 2017-11-15 04:51 666624 ----a-w- c:\windows\SysWow64\mssvp.dll 2017-10-12 00:37 . 2017-11-15 04:51 1400320 ----a-w- c:\windows\SysWow64\mssrch.dll 2017-10-12 00:37 . 2017-11-15 04:51 337408 ----a-w- c:\windows\SysWow64\mssph.dll 2017-10-12 00:37 . 2017-11-15 04:51 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll 2017-10-12 00:37 . 2017-11-15 04:51 104448 ----a-w- c:\windows\SysWow64\mssitlb.dll 2017-10-12 00:37 . 2017-11-15 04:51 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll 2017-10-12 00:37 . 2017-11-15 04:51 34816 ----a-w- c:\windows\SysWow64\mssprxy.dll 2017-10-12 00:26 . 2017-11-15 04:51 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe 2017-10-12 00:26 . 2017-11-15 04:51 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe 2017-10-12 00:25 . 2017-11-15 04:51 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe 2017-10-12 00:25 . 2017-11-15 04:51 9728 ----a-w- c:\windows\SysWow64\msshooks.dll 2017-10-12 00:24 . 2017-11-15 04:51 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx 2017-10-12 00:24 . 2017-11-15 04:51 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll 2017-10-12 00:24 . 2017-11-15 04:51 8192 ----a-w- c:\windows\SysWow64\spwmp.dll 2017-10-12 00:20 . 2017-12-05 20:27 317440 ----a-w- c:\windows\system32\drivers\rdbss.sys 2017-10-12 00:20 . 2017-11-15 04:51 113152 ----a-w- c:\windows\system32\drivers\luafv.sys 2003-03-21 11:45 . 2017-12-04 21:17 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x] R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x] R3 dc3d;Pilote de détection des périphériques Microsoft Hardware;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x] R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x] R3 ETDSMBus;ETDSMBus;c:\windows\system32\DRIVERS\ETDSMBus.sys;c:\windows\SYSNATIVE\DRIVERS\ETDSMBus.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x] R3 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x] R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x] R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x] R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys;c:\windows\SYSNATIVE\DRIVERS\VX6000Xp.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x] R4 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x] R4 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x] S0 atc;atc;c:\windows\system32\DRIVERS\atc.sys;c:\windows\SYSNATIVE\DRIVERS\atc.sys [x] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x] S0 BdDci;BdDci Service;c:\windows\system32\DRIVERS\bddci.sys;c:\windows\SYSNATIVE\DRIVERS\bddci.sys [x] S0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys;c:\windows\SYSNATIVE\drivers\gzflt.sys [x] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 ProductAgentService;ProductAgentService;c:\program files\Bitdefender Agent\ProductAgentService.exe;c:\program files\Bitdefender Agent\ProductAgentService.exe [x] S2 updatesrv;Bitdefender Update Service;c:\program files\Bitdefender Antivirus Free\updatesrv.exe;c:\program files\Bitdefender Antivirus Free\updatesrv.exe [x] S2 vsservppl;Bitdefender Correlation Service;c:\program files\Bitdefender Antivirus Free\vsservppl.exe;c:\program files\Bitdefender Antivirus Free\vsservppl.exe [x] S3 edrsensor;edrsensor;c:\windows\system32\DRIVERS\edrsensor.sys;c:\windows\SYSNATIVE\DRIVERS\edrsensor.sys [x] S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys;c:\windows\SYSNATIVE\DRIVERS\hidshim.sys [x] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys;c:\windows\SYSNATIVE\DRIVERS\nuvotoncir.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\DRIVERS\winbondhidcir.sys;c:\windows\SYSNATIVE\DRIVERS\winbondhidcir.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . . --------- X64 Entries ----------- . . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm uSearchMigratedDefaultURL = https://www.google.com/ uStart Page = https://www.google.com/ mLocal Page = c:\windows\System32\blank.htm mSearch Bar = https://www.google.com/ mSearchMigratedDefaultURL = https://www.google.com/ mStart Page = https://www.google.com/ uInternet Settings,ProxyOverride = *.local uCustomizeSearch = https://www.google.com/ mCustomizeSearch = https://www.google.com/ IE: {{d8f67242-b229-4065-95fa-391b077ed6ca} - {d8f67242-b229-4065-95fa-391b077ed6ca} - mscoree.dll Trusted Zone: localhost TCP: DhcpNameServer = 89.2.0.1 89.2.0.2 TCP: Interfaces\{7D6A0DBB-57E0-4F13-8D9F-AB5F19CBE6EE}: NameServer = 208.67.220.220,89.2.0.1 Handler: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - c:\windows\System32\mscoree.dll . . ------- Associations de fichier ------- . inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1 txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1 . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) SafeBoot-24968103.sys SafeBoot-93549668.sys SafeBoot-MBAMSwissArmy SafeBoot-AppXSvc SafeBoot-camsvc SafeBoot-ClipSvc SafeBoot-lfsvc SafeBoot-semgrsvc SafeBoot-TokenBroker SafeBoot-TweakingRemoveSafeBoot SafeBoot-WSService Toolbar-Locked - (no file) . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,2f,4b,52,ce,3d,9f,42,bf,74,c3,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,2f,4b,52,ce,3d,9f,42,bf,74,c3,\ . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1514622647-1234394215-4269887999-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DACL=(02 0012) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2018-01-08 14:44:16 - La machine a redémarré ComboFix-quarantined-files.txt 2018-01-08 13:44 . Avant-CF: 374 946 099 200 octets libres Après-CF: 374 515 286 016 octets libres . - - End Of File - - 283273EFBB52C8E0C5019E9AC6D33BD2 5C616939100B85E558DA92B899A0FC36