Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-05-09.01 - PAOLINI 12/05/2017 13:43:13.1.4 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8136.6230 [GMT 2:00]
Lancé depuis: c:\users\PAOLINI\Desktop\paul.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
SP: Kaspersky Anti-Virus *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\PAOLINI\AppData\Roaming\5743774261_1026
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\config.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_locales\en\messages.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_locales\ru\messages.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_metadata\computed_hashes.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_metadata\verified_contents.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\background.html
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\favicon.png
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\icon128.png
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\icon32.png
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\icon48.png
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\manifest.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\occulee.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\options.html
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\options.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\ping.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\cu.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\emul.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\frs.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\mcsh-loader.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\prcr.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\rpst.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\rtr.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\cp.bat
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\hardcode.csv
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\main.ini
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\myeasylog.log
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-04-12 au 2017-05-12 ))))))))))))))))))))))))))))))))))))
.
.
2017-05-12 11:51 . 2017-05-12 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-05-10 10:33 . 2017-05-10 18:47 -------- d-----w- c:\users\PAOLINI\AppData\Roaming\ZHP
2017-05-10 10:33 . 2017-05-10 18:45 -------- d-----w- c:\users\PAOLINI\AppData\Local\ZHP
2017-05-10 10:26 . 2017-04-28 01:09 880640 ----a-w- c:\windows\system32\advapi32.dll
2017-05-09 20:07 . 2017-05-10 10:54 -------- d-----w- C:\FRST
2017-05-01 18:36 . 2017-05-01 18:36 -------- d-----w- c:\users\PAOLINI\AppData\Roaming\Skype
2017-05-01 18:21 . 2017-04-21 00:44 88256 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\msointl30.fr-fr.dll
2017-05-01 18:21 . 2017-04-21 00:38 1020104 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\C2RUI.fr-fr.dll
2017-05-01 18:21 . 2017-04-13 06:38 2422992 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
2017-05-01 17:52 . 2017-05-05 16:35 -------- d-----r- c:\users\PAOLINI\OneDrive
2017-05-01 17:52 . 2017-05-01 17:52 -------- d-----w- c:\programdata\Microsoft OneDrive
2017-05-01 17:48 . 2017-05-01 18:25 3248832 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2017-04-28 12:17 . 2017-04-06 23:10 12993592 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C702995-92AC-420D-B242-2328E165B08E}\mpengine.dll
2017-04-25 12:55 . 2017-04-25 12:55 14440 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\TEXTCONV\WPEQU532.DLL
2017-04-23 19:12 . 2017-04-23 19:12 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2017-04-21 00:31 . 2017-04-21 00:31 28352 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-04-21 00:02 . 2017-04-21 00:02 446144 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-04-20 23:46 . 2017-04-20 23:46 207040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-04-20 17:27 . 2017-04-20 17:27 1274456 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pidgenx.dll
2017-04-14 18:52 . 2017-05-08 11:59 -------- d-----w- c:\users\PAOLINI\AppData\Roaming\GTAV Enhanced Native Trainer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-10 11:47 . 2015-07-24 15:37 156335152 -c--a-w- c:\windows\system32\MRT.exe
2017-04-28 00:32 . 2017-05-10 10:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-04-10 20:33 . 2016-06-26 14:10 1035480 ----a-w- c:\windows\system32\drivers\klif.sys
2017-04-10 20:33 . 2016-06-26 14:10 195296 ----a-w- c:\windows\system32\drivers\klflt.sys
2017-04-10 20:33 . 2016-06-20 16:51 314864 ----a-w- c:\windows\system32\drivers\klhk.sys
2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-03-26 18:29 . 2017-03-26 18:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-03-22 15:32 . 2017-04-12 10:21 3165184 ----a-w- c:\windows\system32\wucltux.dll
2017-03-22 15:32 . 2017-04-12 10:21 98816 ----a-w- c:\windows\system32\wudriver.dll
2017-03-22 15:32 . 2017-04-12 10:21 192512 ----a-w- c:\windows\system32\wuwebv.dll
2017-03-22 15:30 . 2017-04-12 10:21 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2017-03-22 15:24 . 2017-04-12 10:21 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2017-03-22 15:17 . 2017-04-12 10:21 2651136 ----a-w- c:\windows\system32\wuaueng.dll
2017-03-22 15:15 . 2017-04-12 10:21 709120 ----a-w- c:\windows\system32\wuapi.dll
2017-03-22 15:15 . 2017-04-12 10:21 37888 ----a-w- c:\windows\system32\wuapp.exe
2017-03-22 15:15 . 2017-04-12 10:21 140288 ----a-w- c:\windows\system32\wuauclt.exe
2017-03-22 15:15 . 2017-04-12 10:21 36864 ----a-w- c:\windows\system32\wups.dll
2017-03-22 15:15 . 2017-04-12 10:21 37888 ----a-w- c:\windows\system32\wups2.dll
2017-03-22 15:15 . 2017-04-12 10:21 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2017-03-22 15:05 . 2017-04-12 10:21 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2017-03-22 15:05 . 2017-04-12 10:21 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2017-03-22 15:05 . 2017-04-12 10:21 30208 ----a-w- c:\windows\SysWow64\wups.dll
2017-03-22 15:05 . 2017-04-12 10:21 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2017-03-16 17:29 . 2017-03-16 17:29 119808 ----a-r- c:\users\PAOLINI\AppData\Roaming\Microsoft\Installer\{5F8683B5-5056-411C-B808-B289E29E9BBB}\icons.exe
2017-03-13 12:57 . 2016-06-14 16:47 199392 ----a-w- c:\windows\system32\drivers\kneps.sys
2017-03-13 12:57 . 2016-06-02 21:39 135904 ----a-w- c:\windows\system32\drivers\klwtp.sys
2017-03-10 16:35 . 2017-04-12 10:21 382696 ----a-w- c:\windows\system32\atmfd.dll
2017-03-10 16:31 . 2017-04-12 10:21 41472 ----a-w- c:\windows\system32\lpk.dll
2017-03-10 16:31 . 2017-04-12 10:21 100864 ----a-w- c:\windows\system32\fontsub.dll
2017-03-10 16:31 . 2017-04-12 10:21 14336 ----a-w- c:\windows\system32\dciman32.dll
2017-03-10 16:31 . 2017-04-12 10:21 46080 ----a-w- c:\windows\system32\atmlib.dll
2017-03-10 16:27 . 2017-04-12 10:21 308456 ----a-w- c:\windows\SysWow64\atmfd.dll
2017-03-10 16:20 . 2017-04-12 10:21 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2017-03-10 16:19 . 2017-04-12 10:21 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2017-03-10 16:19 . 2017-04-12 10:21 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2017-03-10 15:53 . 2017-04-12 10:21 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2017-03-07 16:30 . 2017-04-12 10:21 85504 ----a-w- c:\windows\system32\asycfilt.dll
2017-03-07 16:17 . 2017-04-12 10:21 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2017-03-04 01:27 . 2017-04-12 10:21 1574912 ----a-w- c:\windows\system32\quartz.dll
2017-03-04 01:27 . 2017-04-12 10:21 93696 ----a-w- c:\windows\system32\mfmjpegdec.dll
2017-03-04 01:14 . 2017-04-12 10:21 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2017-03-04 01:14 . 2017-04-12 10:21 77312 ----a-w- c:\windows\SysWow64\mfmjpegdec.dll
2017-02-23 18:32 . 2017-03-24 16:44 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-02-23 18:32 . 2017-03-24 16:44 156608 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-02-23 18:32 . 2017-03-24 16:44 124352 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2017-02-22 23:42 . 2017-03-16 17:29 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-02-22 23:37 . 2017-03-16 17:29 1285632 ----a-w- c:\windows\system32\aeinv.dll
2017-02-18 14:05 . 2017-03-16 17:29 646656 ----a-w- c:\windows\system32\generaltel.dll
2017-02-18 14:05 . 2017-03-16 17:29 1609216 ----a-w- c:\windows\system32\appraiser.dll
2017-02-16 14:45 . 2017-02-16 14:45 87224 ----a-w- c:\windows\system32\vcruntime140.dll
2017-02-16 14:45 . 2017-02-16 14:45 627368 ----a-w- c:\windows\system32\msvcp140.dll
2017-02-16 14:45 . 2017-02-16 14:45 391344 ----a-w- c:\windows\system32\vccorlib140.dll
2017-02-16 14:45 . 2017-02-16 14:45 332456 ----a-w- c:\windows\system32\concrt140.dll
2017-02-16 14:39 . 2017-02-16 14:39 83792 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2017-02-16 14:39 . 2017-02-16 14:39 438080 ----a-w- c:\windows\SysWow64\msvcp140.dll
2017-02-16 14:39 . 2017-02-16 14:39 264368 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2017-02-16 14:39 . 2017-02-16 14:39 243016 ----a-w- c:\windows\SysWow64\concrt140.dll
2017-02-14 16:33 . 2017-04-12 10:21 757248 ----a-w- c:\windows\system32\win32spl.dll
2017-02-14 16:19 . 2017-04-12 10:21 497664 ----a-w- c:\windows\SysWow64\win32spl.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-05-01 18:29 2071856 ----a-w- e:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-05-01 18:29 2071856 ----a-w- e:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-05-01 18:29 2071856 ----a-w- e:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="e:\program files\CCleaner\CCleaner64.exe" [2017-04-10 9532120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-01-29 594992]
.
c:\users\PAOLINI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Envoyer à OneNote.lnk - e:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2017-5-1 172736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
3;4 MBAMService;Malwarebytes Service;e:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;e:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;e:\program files (x86)\Origin\OriginWebHelperService.exe;e:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 klvssbrigde64;klvssbrigde64;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Origin Client Service;Origin Client Service;e:\program files (x86)\Origin\OriginClientService.exe;e:\program files (x86)\Origin\OriginClientService.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 AtherosSvc;AtherosSvc;e:\program files (x86)\Bluetooth Suite\adminservice.exe;e:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 LucidSvc;LucidSvc;e:\program files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe;e:\program files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;e:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;e:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x]
S4 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys;c:\windows\SYSNATIVE\drivers\MBAMChameleon.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-04-07 16:04 1319256 ----a-w- c:\program files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-05-01 18:32 3073328 ----a-w- e:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-05-01 18:32 3073328 ----a-w- e:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-05-01 18:32 3073328 ----a-w- e:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIRTU MVP 2.0"="e:\program files\Lucidlogix Technologies\VIRTU MVP 2.0\MVPControlPanel20.Exe" [2013-11-26 1239272]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"AtherosBtStack"="e:\program files (x86)\Bluetooth Suite\btvstack.exe" [2012-09-28 1023104]
"AthBtTray"="e:\program files (x86)\Bluetooth Suite\athbttray.exe" [2012-09-28 801920]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: &Envoyer à OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{793C2BF7-A4FE-4608-91C9-9282C5801C21} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-31214933-3041228913-4108588116-1000\Software\SecuROM\License information*]
"datasecu"=hex:ef,4a,6a,27,49,8e,10,42,e7,7c,3c,62,97,a2,a8,57,ce,eb,ed,b9,73,
96,d0,00,80,2a,dc,95,fd,1b,ba,82,cf,bf,62,c9,01,74,b1,0f,0c,20,81,30,08,b1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-05-12 13:54:30
ComboFix-quarantined-files.txt 2017-05-12 11:54
.
Avant-CF: 2 194 202 624 octets libres
Après-CF: 2 034 896 896 octets libres
.
- - End Of File - - 171123373A272F4115C05314B67EDBAF
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8136.6230 [GMT 2:00]
Lancé depuis: c:\users\PAOLINI\Desktop\paul.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
SP: Kaspersky Anti-Virus *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\PAOLINI\AppData\Roaming\5743774261_1026
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\config.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_locales\en\messages.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_locales\ru\messages.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_metadata\computed_hashes.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_metadata\verified_contents.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\background.html
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\favicon.png
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\icon128.png
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\icon32.png
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\icon48.png
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\manifest.json
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\occulee.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\options.html
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\options.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\ping.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\cu.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\emul.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\frs.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\mcsh-loader.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\prcr.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\rpst.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\rtr.js
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\cp.bat
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\hardcode.csv
c:\users\PAOLINI\AppData\Roaming\5743774261_1026\main.ini
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\myeasylog.log
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-04-12 au 2017-05-12 ))))))))))))))))))))))))))))))))))))
.
.
2017-05-12 11:51 . 2017-05-12 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-05-10 10:33 . 2017-05-10 18:47 -------- d-----w- c:\users\PAOLINI\AppData\Roaming\ZHP
2017-05-10 10:33 . 2017-05-10 18:45 -------- d-----w- c:\users\PAOLINI\AppData\Local\ZHP
2017-05-10 10:26 . 2017-04-28 01:09 880640 ----a-w- c:\windows\system32\advapi32.dll
2017-05-09 20:07 . 2017-05-10 10:54 -------- d-----w- C:\FRST
2017-05-01 18:36 . 2017-05-01 18:36 -------- d-----w- c:\users\PAOLINI\AppData\Roaming\Skype
2017-05-01 18:21 . 2017-04-21 00:44 88256 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\msointl30.fr-fr.dll
2017-05-01 18:21 . 2017-04-21 00:38 1020104 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\C2RUI.fr-fr.dll
2017-05-01 18:21 . 2017-04-13 06:38 2422992 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
2017-05-01 17:52 . 2017-05-05 16:35 -------- d-----r- c:\users\PAOLINI\OneDrive
2017-05-01 17:52 . 2017-05-01 17:52 -------- d-----w- c:\programdata\Microsoft OneDrive
2017-05-01 17:48 . 2017-05-01 18:25 3248832 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2017-04-28 12:17 . 2017-04-06 23:10 12993592 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C702995-92AC-420D-B242-2328E165B08E}\mpengine.dll
2017-04-25 12:55 . 2017-04-25 12:55 14440 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\TEXTCONV\WPEQU532.DLL
2017-04-23 19:12 . 2017-04-23 19:12 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2017-04-21 00:31 . 2017-04-21 00:31 28352 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-04-21 00:02 . 2017-04-21 00:02 446144 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-04-20 23:46 . 2017-04-20 23:46 207040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-04-20 17:27 . 2017-04-20 17:27 1274456 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pidgenx.dll
2017-04-14 18:52 . 2017-05-08 11:59 -------- d-----w- c:\users\PAOLINI\AppData\Roaming\GTAV Enhanced Native Trainer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-10 11:47 . 2015-07-24 15:37 156335152 -c--a-w- c:\windows\system32\MRT.exe
2017-04-28 00:32 . 2017-05-10 10:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-04-10 20:33 . 2016-06-26 14:10 1035480 ----a-w- c:\windows\system32\drivers\klif.sys
2017-04-10 20:33 . 2016-06-26 14:10 195296 ----a-w- c:\windows\system32\drivers\klflt.sys
2017-04-10 20:33 . 2016-06-20 16:51 314864 ----a-w- c:\windows\system32\drivers\klhk.sys
2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-03-26 18:29 . 2017-03-26 18:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2017-03-22 15:32 . 2017-04-12 10:21 3165184 ----a-w- c:\windows\system32\wucltux.dll
2017-03-22 15:32 . 2017-04-12 10:21 98816 ----a-w- c:\windows\system32\wudriver.dll
2017-03-22 15:32 . 2017-04-12 10:21 192512 ----a-w- c:\windows\system32\wuwebv.dll
2017-03-22 15:30 . 2017-04-12 10:21 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2017-03-22 15:24 . 2017-04-12 10:21 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2017-03-22 15:17 . 2017-04-12 10:21 2651136 ----a-w- c:\windows\system32\wuaueng.dll
2017-03-22 15:15 . 2017-04-12 10:21 709120 ----a-w- c:\windows\system32\wuapi.dll
2017-03-22 15:15 . 2017-04-12 10:21 37888 ----a-w- c:\windows\system32\wuapp.exe
2017-03-22 15:15 . 2017-04-12 10:21 140288 ----a-w- c:\windows\system32\wuauclt.exe
2017-03-22 15:15 . 2017-04-12 10:21 36864 ----a-w- c:\windows\system32\wups.dll
2017-03-22 15:15 . 2017-04-12 10:21 37888 ----a-w- c:\windows\system32\wups2.dll
2017-03-22 15:15 . 2017-04-12 10:21 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2017-03-22 15:05 . 2017-04-12 10:21 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2017-03-22 15:05 . 2017-04-12 10:21 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2017-03-22 15:05 . 2017-04-12 10:21 30208 ----a-w- c:\windows\SysWow64\wups.dll
2017-03-22 15:05 . 2017-04-12 10:21 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2017-03-16 17:29 . 2017-03-16 17:29 119808 ----a-r- c:\users\PAOLINI\AppData\Roaming\Microsoft\Installer\{5F8683B5-5056-411C-B808-B289E29E9BBB}\icons.exe
2017-03-13 12:57 . 2016-06-14 16:47 199392 ----a-w- c:\windows\system32\drivers\kneps.sys
2017-03-13 12:57 . 2016-06-02 21:39 135904 ----a-w- c:\windows\system32\drivers\klwtp.sys
2017-03-10 16:35 . 2017-04-12 10:21 382696 ----a-w- c:\windows\system32\atmfd.dll
2017-03-10 16:31 . 2017-04-12 10:21 41472 ----a-w- c:\windows\system32\lpk.dll
2017-03-10 16:31 . 2017-04-12 10:21 100864 ----a-w- c:\windows\system32\fontsub.dll
2017-03-10 16:31 . 2017-04-12 10:21 14336 ----a-w- c:\windows\system32\dciman32.dll
2017-03-10 16:31 . 2017-04-12 10:21 46080 ----a-w- c:\windows\system32\atmlib.dll
2017-03-10 16:27 . 2017-04-12 10:21 308456 ----a-w- c:\windows\SysWow64\atmfd.dll
2017-03-10 16:20 . 2017-04-12 10:21 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2017-03-10 16:19 . 2017-04-12 10:21 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2017-03-10 16:19 . 2017-04-12 10:21 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2017-03-10 15:53 . 2017-04-12 10:21 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2017-03-07 16:30 . 2017-04-12 10:21 85504 ----a-w- c:\windows\system32\asycfilt.dll
2017-03-07 16:17 . 2017-04-12 10:21 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2017-03-04 01:27 . 2017-04-12 10:21 1574912 ----a-w- c:\windows\system32\quartz.dll
2017-03-04 01:27 . 2017-04-12 10:21 93696 ----a-w- c:\windows\system32\mfmjpegdec.dll
2017-03-04 01:14 . 2017-04-12 10:21 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2017-03-04 01:14 . 2017-04-12 10:21 77312 ----a-w- c:\windows\SysWow64\mfmjpegdec.dll
2017-02-23 18:32 . 2017-03-24 16:44 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2017-02-23 18:32 . 2017-03-24 16:44 156608 ----a-w- c:\windows\system32\nvaudcap64v.dll
2017-02-23 18:32 . 2017-03-24 16:44 124352 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2017-02-22 23:42 . 2017-03-16 17:29 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe
2017-02-22 23:37 . 2017-03-16 17:29 1285632 ----a-w- c:\windows\system32\aeinv.dll
2017-02-18 14:05 . 2017-03-16 17:29 646656 ----a-w- c:\windows\system32\generaltel.dll
2017-02-18 14:05 . 2017-03-16 17:29 1609216 ----a-w- c:\windows\system32\appraiser.dll
2017-02-16 14:45 . 2017-02-16 14:45 87224 ----a-w- c:\windows\system32\vcruntime140.dll
2017-02-16 14:45 . 2017-02-16 14:45 627368 ----a-w- c:\windows\system32\msvcp140.dll
2017-02-16 14:45 . 2017-02-16 14:45 391344 ----a-w- c:\windows\system32\vccorlib140.dll
2017-02-16 14:45 . 2017-02-16 14:45 332456 ----a-w- c:\windows\system32\concrt140.dll
2017-02-16 14:39 . 2017-02-16 14:39 83792 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2017-02-16 14:39 . 2017-02-16 14:39 438080 ----a-w- c:\windows\SysWow64\msvcp140.dll
2017-02-16 14:39 . 2017-02-16 14:39 264368 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2017-02-16 14:39 . 2017-02-16 14:39 243016 ----a-w- c:\windows\SysWow64\concrt140.dll
2017-02-14 16:33 . 2017-04-12 10:21 757248 ----a-w- c:\windows\system32\win32spl.dll
2017-02-14 16:19 . 2017-04-12 10:21 497664 ----a-w- c:\windows\SysWow64\win32spl.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-05-01 18:29 2071856 ----a-w- e:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-05-01 18:29 2071856 ----a-w- e:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-05-01 18:29 2071856 ----a-w- e:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="e:\program files\CCleaner\CCleaner64.exe" [2017-04-10 9532120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-01-29 594992]
.
c:\users\PAOLINI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Envoyer à OneNote.lnk - e:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2017-5-1 172736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
3;4 MBAMService;Malwarebytes Service;e:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;e:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;e:\program files (x86)\Origin\OriginWebHelperService.exe;e:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 klvssbrigde64;klvssbrigde64;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Origin Client Service;Origin Client Service;e:\program files (x86)\Origin\OriginClientService.exe;e:\program files (x86)\Origin\OriginClientService.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 AtherosSvc;AtherosSvc;e:\program files (x86)\Bluetooth Suite\adminservice.exe;e:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 LucidSvc;LucidSvc;e:\program files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe;e:\program files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;e:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;e:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x]
S4 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys;c:\windows\SYSNATIVE\drivers\MBAMChameleon.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-04-07 16:04 1319256 ----a-w- c:\program files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-05-01 18:32 3073328 ----a-w- e:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-05-01 18:32 3073328 ----a-w- e:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-05-01 18:32 3073328 ----a-w- e:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIRTU MVP 2.0"="e:\program files\Lucidlogix Technologies\VIRTU MVP 2.0\MVPControlPanel20.Exe" [2013-11-26 1239272]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"AtherosBtStack"="e:\program files (x86)\Bluetooth Suite\btvstack.exe" [2012-09-28 1023104]
"AthBtTray"="e:\program files (x86)\Bluetooth Suite\athbttray.exe" [2012-09-28 801920]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: &Envoyer à OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{793C2BF7-A4FE-4608-91C9-9282C5801C21} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-31214933-3041228913-4108588116-1000\Software\SecuROM\License information*]
"datasecu"=hex:ef,4a,6a,27,49,8e,10,42,e7,7c,3c,62,97,a2,a8,57,ce,eb,ed,b9,73,
96,d0,00,80,2a,dc,95,fd,1b,ba,82,cf,bf,62,c9,01,74,b1,0f,0c,20,81,30,08,b1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2017-05-12 13:54:30
ComboFix-quarantined-files.txt 2017-05-12 11:54
.
Avant-CF: 2 194 202 624 octets libres
Après-CF: 2 034 896 896 octets libres
.
- - End Of File - - 171123373A272F4115C05314B67EDBAF
A36C5E4F47E84449FF07ED3517B43A31