ComboFix 15-07-12.01 - pc 14/07/2015 18:11:59.1.4 - x64 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.3971.2256 [GMT 1:00] Lancé depuis: c:\users\pc\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\DFX\DFX.exe c:\programdata\ntuser.pol c:\users\pc\48bf6a68510f56836d3b7ffd199d6e98.jpg c:\users\pc\AppData\Roaming\DRPSu c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Alcor-FORCED-Allx64-Storage_1.0.38.141-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Allx64-Toshiba_nb-11.8.41.2-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-7x64-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Atheros-FORCED-7x64-WiFi_10.0.0.313-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\dpinst.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-Audio-NTx64-2807-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-Chipset-7x64-USB-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-Chipset-NTx64-1.2.3.2005-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Intel-FORCED-NTx64-12.9.4.1000_rste-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Intel-WinAll-Chipset-9.3.0.1011_HDA-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Intel-WinAll-Chipset-9.3.2.1020_NEW-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\Intel_1.0.10.255-STRICT-7x64-drp.zip c:\users\pc\AppData\Roaming\DRPSu\DRIVERS\NTx64-Toshiba_6.10.6491-drp.zip c:\users\pc\AppData\Roaming\DRPSu\Logs\DRP-Lite-Status.txt c:\users\pc\AppData\Roaming\DRPSu\Logs\log___2015-07-13-13-59-55.html c:\users\pc\AppData\Roaming\DRPSu\Logs\log___2015-07-13-14-10-54.html c:\users\pc\AppData\Roaming\Faces c:\users\pc\AppData\Roaming\Faces\Faces.prf c:\users\pc\AppData\Roaming\KW c:\users\pc\AppData\Roaming\KW\bl0001.dat c:\users\pc\AppData\Roaming\KW\bl0002.dat c:\users\pc\AppData\Roaming\KW\bl0003.dat c:\users\pc\AppData\Roaming\KW\bl0004.dat c:\users\pc\AppData\Roaming\KW\bl0005.dat c:\users\pc\AppData\Roaming\KW\bl0006.dat c:\users\pc\AppData\Roaming\KW\bl0007.dat c:\users\pc\AppData\Roaming\KW\bl0008.dat c:\users\pc\AppData\Roaming\KW\bl0009.dat c:\users\pc\AppData\Roaming\KW\bl0010.dat c:\users\pc\AppData\Roaming\KW\bl0011.dat c:\users\pc\AppData\Roaming\KW\bl0012.dat c:\users\pc\AppData\Roaming\KW\bl0013.dat c:\users\pc\AppData\Roaming\KW\bl0014.dat c:\users\pc\AppData\Roaming\KW\bl0015.dat c:\users\pc\AppData\Roaming\KW\bl0016.dat c:\users\pc\AppData\Roaming\KW\bl0017.dat c:\users\pc\AppData\Roaming\KW\bl0018.dat c:\users\pc\AppData\Roaming\KW\bl0019.dat c:\users\pc\AppData\Roaming\KW\bl0020.dat c:\users\pc\AppData\Roaming\KW\bl0021.dat c:\users\pc\AppData\Roaming\KW\bl0022.dat c:\users\pc\AppData\Roaming\KW\bl0023.dat c:\users\pc\AppData\Roaming\KW\bl0024.dat c:\users\pc\AppData\Roaming\KW\bl0025.dat c:\users\pc\AppData\Roaming\KW\bl0026.dat c:\users\pc\AppData\Roaming\KW\bl0027.dat c:\users\pc\AppData\Roaming\KW\bl0028.dat c:\users\pc\AppData\Roaming\KW\bl0029.dat c:\users\pc\AppData\Roaming\KW\bl0030.dat c:\users\pc\AppData\Roaming\KW\bl0031.dat c:\users\pc\AppData\Roaming\KW\bl0032.dat c:\users\pc\AppData\Roaming\KW\bl0033.dat c:\users\pc\AppData\Roaming\KW\bl0034.dat c:\users\pc\AppData\Roaming\KW\bl0035.dat c:\users\pc\AppData\Roaming\KW\bl0036.dat c:\users\pc\AppData\Roaming\KW\bl0037.dat c:\users\pc\AppData\Roaming\KW\bl0038.dat c:\users\pc\AppData\Roaming\KW\bl0039.dat c:\users\pc\AppData\Roaming\KW\bl0040.dat c:\users\pc\AppData\Roaming\KW\black.lst c:\users\pc\AppData\Roaming\KW\bonus.kkll c:\users\pc\AppData\Roaming\KW\unrar.dll c:\users\Public\Documents\pre_fileassoc.tmp c:\windows\XSxS . . ((((((((((((((((((((((((((((( Fichiers créés du 2015-06-14 au 2015-07-14 )))))))))))))))))))))))))))))))))))) . . 2015-07-14 16:16 . 2015-07-14 16:16 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B36A243-86B7-4192-81F6-FDB4E8731FE6}\offreg.dll 2015-07-14 16:06 . 2015-07-14 16:11 -------- d-----w- c:\users\pc\AppData\Roaming\ZHP 2015-07-14 14:24 . 2015-07-14 14:24 457824 ----a-w- c:\windows\system32\drivers\6C23552461.sys 2015-07-14 14:17 . 2015-07-14 14:17 457824 ----a-w- c:\windows\system32\drivers\6C2355246.sys 2015-07-14 14:05 . 2015-07-14 16:27 -------- d-----w- C:\KVRT_Data 2015-07-14 12:06 . 2015-07-14 17:20 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-07-14 12:06 . 2015-07-14 12:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-07-14 12:06 . 2015-07-14 12:06 -------- d-----w- c:\programdata\Malwarebytes 2015-07-14 12:06 . 2015-06-18 07:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-07-14 12:06 . 2015-06-18 07:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-07-14 12:06 . 2015-06-18 07:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-07-14 10:25 . 2015-07-14 11:28 -------- d-----w- c:\program files (x86)\Common Files\Java 2015-07-14 10:25 . 2015-07-14 10:25 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2015-07-13 14:01 . 2015-07-13 14:01 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2015-07-13 13:03 . 2013-12-10 14:15 795632 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys 2015-07-13 13:03 . 2015-03-05 19:32 4137472 ----a-w- c:\windows\system32\drivers\athrx.sys 2015-07-13 13:03 . 2014-09-09 05:13 454416 ----a-w- c:\windows\system32\drivers\IntcDAud.sys 2015-07-13 13:03 . 2014-04-24 17:34 633704 ----a-w- c:\windows\system32\drivers\iaStorA.sys 2015-07-13 13:03 . 2014-04-24 17:34 28008 ----a-w- c:\windows\system32\drivers\iaStorF.sys 2015-07-13 13:03 . 2014-03-18 20:55 21784 ----a-w- c:\windows\system32\AmUStor.dll 2015-07-13 13:03 . 2014-03-18 20:55 91928 ----a-w- c:\windows\system32\drivers\AmUStor.sys 2015-07-13 13:03 . 2013-11-21 20:53 1077248 ----a-w- c:\windows\system32\AmRdrIco.icl 2015-07-11 22:51 . 2015-07-11 22:51 -------- d-----w- c:\users\pc\AppData\Roaming\com.prezi.PreziDesktop 2015-07-11 13:21 . 2015-07-11 13:25 -------- d-----w- c:\users\pc\AppData\Local\NVIDIA Corporation 2015-07-11 13:21 . 2015-07-11 13:25 -------- d-----w- c:\users\pc\AppData\Local\NVIDIA 2015-07-10 08:17 . 2015-06-12 02:00 197616 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2015-06-27 11:15 . 2014-11-14 11:21 5073256 ----a-w- c:\windows\SysWow64\d3dx9_35.dll 2015-06-18 09:02 . 2015-06-18 09:02 -------- d-----w- c:\program files\TAP-Windows . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-14 10:18 . 2014-05-04 10:22 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-07-14 10:18 . 2014-05-04 10:22 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-01-22 03:11 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-01-22 03:11 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-01-22 03:11 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 8"="c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-04-08 2429728] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-07-11 3907152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-12-20 291280] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896] . c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ C-cleaner.lnk - c:\windows\system32\wscript.exe /e:VBScript.Encode d:\$recyclebin\Adobe.rar [2014-5-28 168960] VideoLAN.lnk - c:\windows\system32\wscript.exe /e:VBScript.Encode d:\$recyclebin\Vlc.rar [2014-5-28 168960] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\6C2355246.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\6C23552461.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] R3 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x] R3 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x] R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x] R3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0; [x] S0 6C2355246;6C2355246;c:\windows\system32\drivers\6C2355246.sys;c:\windows\SYSNATIVE\drivers\6C2355246.sys [x] S0 6C23552461;6C23552461;c:\windows\system32\drivers\6C23552461.sys;c:\windows\SYSNATIVE\drivers\6C23552461.sys [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x] S2 AVP15.0.0;Kaspersky Anti-Virus Service 15.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [x] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x] S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x] S3 IntcDAud;Son Intel(R) pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - WS2IFSL . Contenu du dossier 'Tâches planifiées' . 2015-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-04 10:18] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] 2015-06-18 09:16 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2014-01-23 15:05 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2014-01-23 15:05 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2014-01-23 15:05 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2014-04-21 08:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.fr/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: Télécharger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm TCP: DhcpNameServer = 192.168.1.1 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\70ocz6o5.default-1436892240091\ FF - prefs.js: browser.startup.homepage - www.google.fr FF - user.js: plugin.state.npcontentblocker - 2 FF - user.js: plugin.state.nponlinebanking - 2 FF - user.js: plugin.state.npvkplugin - 2 FF - user.js: plugin.state.anti_banner_native_proxy - 2 FF - user.js: plugin.state.url_advisor - 2 FF - user.js: plugin.state.npcontentblocker - 2 FF - user.js: plugin.state.nponlinebanking - 2 FF - user.js: plugin.state.npvkplugin - 2 FF - user.js: plugin.state.anti_banner_native_proxy - 2 FF - user.js: plugin.state.url_advisor - 2 . - - - - ORPHELINS SUPPRIMES - - - - . Wow6432Node-HKLM-Run-DFX - c:\program files (x86)\DFX\DFX.exe Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}"=hex:51,66,7a,6c,4c,1d,38,12,4d,0e,7e, 9a,40,73,fa,0f,d1,09,6e,56,73,7a,a7,cd "{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,38,12,1b,56,56, 77,3e,aa,52,06,e8,92,84,cd,c2,28,50,41 "{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}"=hex:51,66,7a,6c,4c,1d,38,12,1d,cf,77, 51,95,a1,d1,09,ee,9c,1f,b7,fe,e1,bb,5b "{310CA7B9-D56B-499A-B786-D9648270585E}"=hex:51,66,7a,6c,4c,1d,38,12,84,89,2e, 18,6c,b6,c5,34,9b,bd,ab,09,b2,03,2d,72 "{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f, be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2 "{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46, 04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f, e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec "{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3, 35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,55,34,6f,ac,06,7c,49,a5,96,3c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,55,34,6f,ac,06,7c,49,a5,96,3c,\ . [HKEY_USERS\S-1-5-21-2220946666-925636185-669906290-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):02,c0,d9,46,71,80,b6,2f,60,e0,de,5f,33,bf,35,c3,08,ce,c1,ac,9e, 9e,7c,26,14,9a,1b,f6,99,b4,9f,42,97,4a,aa,eb,e8,bd,49,75,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2220946666-925636185-669906290-1000_Classes\Wow6432Node\CLSID\{8b0dc281-8ddc-4ef6-a48d-f741308a984b}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000016b "Therad"=dword:00000019 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{6EF568F4-D437-4466-AA63-A3645136D93E}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\IObit\Advanced SystemCare 8\Monitor.exe c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe . ************************************************************************** . Heure de fin: 2015-07-14 18:28:36 - La machine a redémarré ComboFix-quarantined-files.txt 2015-07-14 17:28 . Avant-CF: 154 133 594 112 octets libres Après-CF: 153 835 876 352 octets libres . - - End Of File - - 1A4D5CE215823275F11ADECB3D269CD9 A36C5E4F47E84449FF07ED3517B43A31