ComboFix 15-10-28.01 - SERVEUR 04/11/2015 8:50.1.2 - x86 Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2038.350 [GMT 0:00] Lancé depuis: c:\users\SERVEUR\Downloads\ComboFix.exe AV: Baidu Antivirus *Enabled/Updated* {0B023102-4312-4570-585A-1BAAA3570E16} SP: Baidu Antivirus *Disabled/Updated* {B063D0E6-6528-4AFE-62EA-20D8D8D044AB} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\WinPCap c:\program files\WinPCap\rpcapd.exe c:\programdata\1446626405.bdinstall.bin c:\programdata\mszdujfs.exe c:\programdata\ntuser.pol c:\users\SERVEUR\Documents\~WRL2547.tmp c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF -------\Legacy_SPDRIVER_1.42.1.2433 -------\Service_SPDRIVER_1.42.1.2433 . . ((((((((((((((((((((((((((((( Fichiers créés du 2015-10-04 au 2015-11-04 )))))))))))))))))))))))))))))))))))) . . 2015-11-04 09:16 . 2015-11-04 09:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.3484.dll 2015-11-04 09:11 . 2015-11-04 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-11-04 08:40 . 2015-11-04 08:50 -------- d-----w- c:\program files\Bitdefender Agent 2015-11-04 08:40 . 2015-11-04 08:40 -------- d-----w- c:\programdata\Bitdefender Agent 2015-11-04 07:51 . 2015-11-04 07:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.5160.dll 2015-11-03 08:30 . 2015-11-03 08:30 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.5084.dll 2015-11-01 08:10 . 2015-11-01 08:10 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.4704.dll 2015-10-31 09:01 . 2015-10-31 09:01 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.5096.dll 2015-10-30 07:52 . 2015-10-30 07:52 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.3772.dll 2015-10-29 08:41 . 2015-10-29 08:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.5324.dll 2015-10-28 13:24 . 2015-10-28 13:24 -------- d-----w- c:\program files\SimpleFiles 2015-10-28 13:21 . 2015-10-28 13:21 -------- d-----w- c:\program files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77 2015-10-28 13:21 . 2015-10-28 13:21 -------- d-----w- c:\programdata\4f596ec3-77fb-4fc3-82cb-691c42c71d77 2015-10-28 13:21 . 2015-10-28 13:21 -------- d-----w- c:\program files\Discover Treasure 2015-10-28 08:23 . 2015-10-28 08:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.4960.dll 2015-10-27 12:36 . 2015-10-28 09:15 -------- d-----w- c:\users\SERVEUR\AppData\Local\Adobe 2015-10-27 07:26 . 2015-10-27 07:26 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.5404.dll 2015-10-26 08:49 . 2015-10-26 08:49 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.4492.dll 2015-10-26 08:39 . 2015-10-26 08:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.5356.dll 2015-10-26 08:30 . 2015-10-26 08:30 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.5496.dll 2015-10-25 13:09 . 2015-10-25 13:30 -------- d-----w- c:\users\SERVEUR\AppData\Roaming\Notepad++ 2015-10-25 13:09 . 2015-10-25 13:10 -------- d-----w- c:\program files\Notepad++ 2015-10-25 08:50 . 2015-10-25 08:50 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.4408.dll 2015-10-24 09:06 . 2015-10-24 09:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.2460.dll 2015-10-23 09:47 . 2015-11-02 06:55 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.5432.dll 2015-10-22 20:53 . 2015-10-22 20:53 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.2680.dll 2015-10-22 07:32 . 2015-10-22 07:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.4852.dll 2015-10-21 08:41 . 2015-06-30 02:50 44712 ----a-w- c:\windows\system32\drivers\iSafeNetFilter.sys 2015-10-21 08:40 . 2015-10-21 08:40 -------- d-----w- c:\program files\Elex-tech 2015-10-21 08:40 . 2015-10-21 08:40 -------- d-----w- c:\users\SERVEUR\AppData\Roaming\Elex-tech 2015-10-21 08:13 . 2015-10-21 08:13 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.3108.dll 2015-10-20 07:54 . 2015-10-20 07:54 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.3952.dll 2015-10-19 13:27 . 2015-10-19 13:27 -------- d-----w- c:\program files\Rene.E Laboratory 2015-10-19 13:01 . 2015-10-19 13:01 -------- d-----w- c:\users\SERVEUR\AppData\Local\rocherdigital 2015-10-19 13:01 . 2015-10-19 13:02 -------- d-----w- c:\program files\FactureModelePro 2015-10-19 08:18 . 2015-10-19 08:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.3548.dll 2015-10-18 12:46 . 2015-10-18 12:46 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.3664.dll 2015-10-17 03:06 . 2015-10-17 03:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\offreg.5544.dll 2015-10-16 11:44 . 2015-10-16 11:44 -------- d-----w- C:\BavSandboxRoot 2015-10-15 22:19 . 2014-06-17 03:51 552224 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp170.dll 2015-10-12 08:52 . 2015-11-04 09:14 -------- d-----w- c:\program files\WinZipper 2015-10-12 08:52 . 2015-10-21 08:39 -------- d-----w- c:\users\SERVEUR\AppData\Roaming\WinZipper 2015-10-12 08:51 . 2015-10-12 08:51 -------- d-----w- c:\users\SERVEUR\AppData\Roaming\TSv 2015-10-12 08:49 . 2015-10-12 08:51 -------- d-----w- c:\programdata\2WdsManPro2 2015-10-09 15:38 . 2015-10-09 15:38 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys 2015-10-09 08:36 . 2015-10-09 08:36 -------- d-----w- c:\programdata\Cache 2015-10-09 08:19 . 2015-10-09 08:19 122544 ----a-w- c:\windows\system32\drivers\msdjhttps.sys 2015-10-09 08:19 . 2015-10-09 08:19 122544 ----a-w- c:\programdata\msdjhttps.sys 2015-10-09 08:19 . 2015-10-09 08:19 411776 ----a-w- c:\programdata\NUBTYJRQLGWY.dat 2015-10-09 08:19 . 2015-10-09 08:19 122544 ----a-w- c:\programdata\RRKNODROOFTP.dat 2015-10-08 21:31 . 2015-10-08 21:31 -------- d-----w- c:\users\SERVEUR\AppData\Local\Foxit Reader 2015-10-07 19:49 . 2015-10-07 19:49 -------- d-----w- c:\users\SERVEUR\AppData\Roaming\EurekaLog 2015-10-07 13:38 . 2015-10-28 13:20 -------- d-----w- C:\UsbFix 2015-10-07 09:19 . 2015-10-07 09:19 -------- d-----w- c:\programdata\Database Server 2015-10-07 09:15 . 2015-10-07 09:15 28200 ----a-w- c:\windows\system32\drivers\ndisah.sys 2015-10-07 08:56 . 2015-10-07 09:19 -------- d-----w- C:\Antamedia 2015-10-06 14:25 . 2004-03-09 00:00 152848 ----a-w- c:\windows\system32\comdlg32.ocx 2015-10-06 14:25 . 2015-10-06 14:25 -------- d-----w- c:\program files\Database Password Sleuth 2015-10-06 14:25 . 2004-03-01 13:55 561179 ----a-w- c:\windows\system32\dao360.dll 2015-10-06 14:02 . 2015-03-09 03:07 57344 ----a-w- c:\windows\system32\absSnapPic.dll 2015-10-06 14:02 . 2015-03-09 03:07 105472 ----a-w- c:\windows\system32\ezVidCap.ocx 2015-10-06 14:02 . 2015-03-09 03:06 372736 ----a-w- c:\windows\system32\ijl15.dll 2015-10-06 14:02 . 2015-03-09 03:06 114688 ----a-w- c:\windows\system32\ezVidC60.ocx 2015-10-06 10:55 . 2012-12-07 10:34 25416 ----a-w- c:\windows\system32\drivers\ndiskhaz.sys 2015-10-06 10:55 . 2015-10-06 11:00 -------- d-----w- c:\program files\MyHotspot 2015-10-05 12:59 . 2015-10-05 12:59 -------- d-----w- C:\ExplorerBackup 2015-10-05 12:39 . 2015-10-05 12:39 -------- d-----w- c:\users\SERVEUR\AppData\Local\Softvision 2015-10-05 12:36 . 2015-10-05 12:36 -------- d-----w- c:\users\SERVEUR\AppData\Roaming\Softvision 2015-10-05 12:34 . 2015-10-05 12:36 -------- d-----w- c:\program files\Softvision . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2015-10-16 19:39 . 2015-09-05 01:48 780488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-10-16 19:39 . 2015-09-05 01:48 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-09-26 08:04 . 2015-09-26 08:04 414488 ----a-w- c:\windows\system32\drivers\b57nd60x.sys 2015-09-21 16:22 . 2009-07-13 23:42 51167232 ----a-w- c:\windows\system32\imageres.dll 2015-09-21 16:22 . 2009-07-13 23:42 3848192 ----a-w- c:\windows\system32\authui.dll 2015-09-21 16:16 . 2015-09-21 16:16 23369581 ----a-w- c:\windows\system32\SkinPack Windows10 V4.0.exe 2015-09-05 07:21 . 2015-09-05 07:21 715038 ----a-w- c:\windows\unins000.exe 2015-09-05 07:19 . 2015-09-05 07:19 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2015-09-05 07:13 . 2015-09-05 07:14 75400 ----a-w- c:\windows\system32\drivers\bnbasex.sys 2015-09-05 07:13 . 2015-09-05 07:14 461192 ----a-w- c:\windows\system32\drivers\bndef.sys 2015-09-05 07:13 . 2015-09-05 07:13 195528 ----a-w- c:\windows\system32\drivers\Bprotect.sys 2015-09-05 07:13 . 2015-09-05 07:13 31176 ----a-w- c:\windows\system32\drivers\Bfmon.sys 2015-09-05 07:13 . 2015-09-05 07:13 51144 ----a-w- c:\windows\system32\drivers\Bfilter.sys 2015-09-05 07:13 . 2015-09-05 07:13 138184 ----a-w- c:\windows\system32\drivers\BHipsEx.sys 2015-09-05 07:13 . 2015-09-05 07:13 74888 ----a-w- c:\windows\system32\drivers\Bhbase.sys 2015-09-05 07:04 . 2015-09-05 07:04 69408 ----a-w- c:\windows\system32\hpmco170.dll 2015-09-05 07:04 . 2015-09-05 07:04 379168 ----a-w- c:\windows\system32\hpmprein.dll 2015-09-05 07:04 . 2015-09-05 07:04 26136 ----a-w- c:\windows\system32\drivers\hpfxgen.sys 2015-09-05 07:04 . 2015-09-05 07:04 194848 ----a-w- c:\windows\system32\hpmews01.dll 2015-09-05 07:04 . 2015-09-05 07:04 17432 ----a-w- c:\windows\system32\drivers\hpfxbulk.sys 2015-09-05 07:03 . 2015-09-05 07:03 1002008 ----a-w- c:\windows\system32\igxpun.exe 2015-09-05 07:03 . 2015-09-05 07:03 8198680 ----a-w- c:\windows\system32\TVWSetup.exe 2015-09-05 07:03 . 2015-09-05 07:03 59392 ----a-w- c:\windows\system32\oemdspif.dll 2015-09-05 07:03 . 2015-09-05 07:03 155648 ----a-w- c:\windows\system32\igfxCoIn_v1930.dll 2015-09-05 07:03 . 2015-09-05 07:03 51712 ----a-w- c:\windows\system32\igfxsrvc.dll 2015-09-05 07:03 . 2015-09-05 07:03 304640 ----a-w- c:\windows\system32\igfxrita.lrc 2015-09-05 07:03 . 2015-09-05 07:03 303616 ----a-w- c:\windows\system32\igfxrfra.lrc 2015-09-05 07:03 . 2015-09-05 07:03 299520 ----a-w- c:\windows\system32\igfxrnld.lrc 2015-09-05 07:03 . 2015-09-05 07:03 294912 ----a-w- c:\windows\system32\igfxrptg.lrc 2015-09-05 07:03 . 2015-09-05 07:03 291328 ----a-w- c:\windows\system32\igfxrrus.lrc 2015-09-05 07:03 . 2015-09-05 07:03 289280 ----a-w- c:\windows\system32\igfxrptb.lrc 2015-09-05 07:03 . 2015-09-05 07:03 288256 ----a-w- c:\windows\system32\igfxrhun.lrc 2015-09-05 07:03 . 2015-09-05 07:03 287744 ----a-w- c:\windows\system32\igfxrplk.lrc 2015-09-05 07:03 . 2015-09-05 07:03 282624 ----a-w- c:\windows\system32\igfxrsve.lrc 2015-09-05 07:03 . 2015-09-05 07:03 282624 ----a-w- c:\windows\system32\igfxrsky.lrc 2015-09-05 07:03 . 2015-09-05 07:03 281088 ----a-w- c:\windows\system32\igfxrfin.lrc 2015-09-05 07:03 . 2015-09-05 07:03 280064 ----a-w- c:\windows\system32\igfxrnor.lrc 2015-09-05 07:03 . 2015-09-05 07:03 279040 ----a-w- c:\windows\system32\igfxrtrk.lrc 2015-09-05 07:03 . 2015-09-05 07:03 277504 ----a-w- c:\windows\system32\igfxrslv.lrc 2015-09-05 07:03 . 2015-09-05 07:03 262656 ----a-w- c:\windows\system32\igfxrtha.lrc 2015-09-05 07:03 . 2015-09-05 07:03 257536 ----a-w- c:\windows\system32\igfxTMM.dll 2015-09-05 07:03 . 2015-09-05 07:03 252952 ----a-w- c:\windows\system32\igfxsrvc.exe 2015-09-05 07:03 . 2015-09-05 07:03 249856 ----a-w- c:\windows\system32\igfxrheb.lrc 2015-09-05 07:03 . 2015-09-05 07:03 206848 ----a-w- c:\windows\system32\igfxrjpn.lrc 2015-09-05 07:03 . 2015-09-05 07:03 205312 ----a-w- c:\windows\system32\igfxrkor.lrc 2015-09-05 07:03 . 2015-09-05 07:03 141848 ----a-w- c:\windows\system32\igfxtray.exe 2015-09-05 07:03 . 2015-09-05 07:03 5702656 ----a-w- c:\windows\system32\igfxress.dll 2015-09-05 07:03 . 2015-09-05 07:03 94208 ----a-w- c:\windows\system32\hccutils.dll 2015-09-05 07:03 . 2015-09-05 07:03 672792 ----a-w- c:\windows\system32\igfxcfg.exe 2015-09-05 07:03 . 2015-09-05 07:03 536576 ----a-w- c:\windows\system32\igdumdx32.dll 2015-09-05 07:03 . 2015-09-05 07:03 4808192 ----a-w- c:\windows\system32\drivers\igdkmd32.sys 2015-09-05 07:03 . 2015-09-05 07:03 4104192 ----a-w- c:\windows\system32\ig4icd32.dll 2015-09-05 07:03 . 2015-09-05 07:03 310784 ----a-w- c:\windows\system32\igfxrell.lrc 2015-09-05 07:03 . 2015-09-05 07:03 303616 ----a-w- c:\windows\system32\igfxrdeu.lrc 2015-09-05 07:03 . 2015-09-05 07:03 303104 ----a-w- c:\windows\system32\igfxresp.lrc 2015-09-05 07:03 . 2015-09-05 07:03 282624 ----a-w- c:\windows\system32\igfxrcsy.lrc 2015-09-05 07:03 . 2015-09-05 07:03 280576 ----a-w- c:\windows\system32\igfxrdan.lrc 2015-09-05 07:03 . 2015-09-05 07:03 275968 ----a-w- c:\windows\system32\igfxrenu.lrc 2015-09-05 07:03 . 2015-09-05 07:03 2686976 ----a-w- c:\windows\system32\ig4dev32.dll 2015-09-05 07:03 . 2015-09-05 07:03 252416 ----a-w- c:\windows\system32\igfxrara.lrc 2015-09-05 07:03 . 2015-09-05 07:03 23552 ----a-w- c:\windows\system32\igfxexps.dll 2015-09-05 07:03 . 2015-09-05 07:03 218112 ----a-w- c:\windows\system32\igfxdev.dll 2015-09-05 07:03 . 2015-09-05 07:03 199680 ----a-w- c:\windows\system32\igfxpph.dll 2015-09-05 07:03 . 2015-09-05 07:03 179712 ----a-w- c:\windows\system32\igfxrcht.lrc 2015-09-05 07:03 . 2015-09-05 07:03 178176 ----a-w- c:\windows\system32\igfxrchs.lrc 2015-09-05 07:03 . 2015-09-05 07:03 173592 ----a-w- c:\windows\system32\hkcmd.exe 2015-09-05 07:03 . 2015-09-05 07:03 173080 ----a-w- c:\windows\system32\igfxext.exe 2015-09-05 07:03 . 2015-09-05 07:03 150552 ----a-w- c:\windows\system32\igfxpers.exe 2015-09-05 07:03 . 2015-09-05 07:03 130048 ----a-w- c:\windows\system32\igfxdo.dll 2015-09-05 07:03 . 2015-09-05 07:03 119296 ----a-w- c:\windows\system32\igfxcpl.cpl 2015-09-05 07:03 . 2009-07-13 22:09 3829760 ----a-w- c:\windows\system32\igdumd32.dll 2015-09-05 06:56 . 2015-09-05 06:56 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS 2015-08-20 04:18 . 2015-09-05 00:45 9234960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2D9106B-4C8D-46A4-BAA7-E6482868E138}\mpengine.dll 2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files\AntiDust.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BaiduAntivirusIconLock] @="{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}" [HKEY_CLASSES_ROOT\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}] 2015-09-05 07:13 255472 ----a-w- c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavShx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Antamedia DBServer AsService"="0 (0x0)" [X] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] "USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2015-02-03 695528] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-04-15 337432] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-09-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-09-05 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2015-09-05 150552] "Baidu Antivirus"="c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavTray.exe" [2015-09-05 1997296] "Able2Extract Professional 9.0 Print Dispatcher"="c:\program files\Investintech.com Inc\Able2Extract Professional 9.0\Able2ExtractPro.PrnDisp.exe" [2015-07-20 9109352] . c:\users\SERVEUR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Alertes de surveillance de l'encre - HP Deskjet 2540 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 2540 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3CB2FMS90604;CONNECTION=USB;MONITOR=1; [2009-7-13 44544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFileUrl"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\skinpack\ThemeResourceChanger.dll" [2014-09-30 90624] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImmersiveExplorer.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ImmersiveExplorer.lnk backup=c:\windows\pss\ImmersiveExplorer.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MetroSidebar.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MetroSidebar.lnk backup=c:\windows\pss\MetroSidebar.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^StartMenu.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StartMenu.lnk backup=c:\windows\pss\StartMenu.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antamedia DBServer] 2015-10-07 09:19 2965984 ----a-w- c:\antamedia\DBServer\ADBServer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntamediaHotSpot] 2015-10-07 09:14 29088224 ----a-w- c:\antamedia\HotSpot\AHotSpot.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExplorerClient] 2011-03-02 09:37 5432832 ----a-w- c:\program files\Softvision\Softvision Explorer 3\ExplorerClient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virtual WiFi Router] 2013-09-25 20:47 583168 ----a-w- c:\program files\Virtual WiFi Router\Virtual WiFi Router.exe . R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192] R3 BdSandbox;Baidu BdSandbox Driver;c:\windows\System32\drivers\BdSandbox.sys [2015-03-05 197624] R3 BdSandboxSrv;Baidu BdSandbox Virtual Service;c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdSandboxSrv.exe [2015-03-05 391200] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2015-10-09 102784] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472] R3 SparkUpdater;Baidu Spark Updater;c:\program files\Baidu\SparkUpdate\Sparkupdate.exe [2015-08-06 1371960] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808] R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2014-01-22 184192] S0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [2013-05-07 26424] S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2015-09-05 74888] S1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys [2015-09-05 51144] S1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys [2015-09-05 31176] S1 Bnbase;Bnbase;c:\windows\system32\drivers\bnbasex.sys [2015-09-05 75400] S1 Bndef;Baidu NetDefense;c:\windows\System32\drivers\bndef.sys [2015-09-05 461192] S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys [2015-09-05 195528] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO32.SYS [2015-09-05 23840] S1 iSafeKrnl;YAC Mini-Filter Driver;c:\program files\Elex-tech\YAC\iSafeKrnl.sys [2015-05-14 225896] S1 iSafeKrnlKit;YAC Kit Driver;c:\program files\Elex-tech\YAC\iSafeKrnlKit.sys [2015-08-19 97912] S1 iSafeKrnlMon;YAC Monitor Driver;c:\program files\Elex-tech\YAC\iSafeKrnlMon.sys [2015-08-19 45032] S1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files\Elex-tech\YAC\iSafeKrnlR3.sys [2015-08-19 73232] S1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys [2015-06-30 44712] S2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys [2013-05-07 129720] S2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [2013-02-06 14392] S2 appszsech;appszsech;c:\windows\system32\drivers\msdjhttps.sys [2015-10-09 122544] S2 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files\AOMEI Backupper Standard Edition 2.0.1\ABService.exe [2014-06-18 29912] S2 BavSvc;Baidu Antivirus Service;c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavSvc.exe [2015-09-05 2572928] S2 BHipsSvc;Baidu Hips Service;c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BHipsSvc.exe [2015-09-05 531232] S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-29 99896] S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-09-28 25800] S2 IhPul;IhPul;c:\users\SERVEUR\AppData\Roaming\TSv\TSvr.exe [2015-09-21 396944] S2 iSafeService;YAC Service;c:\program files\Elex-tech\YAC\iSafeSvc.exe [2015-08-19 118048] S2 MyHotspotService;MyHotspot Service;c:\program files\MyHotspot\HotspotService.exe [2014-09-03 969984] S2 ProductAgentService;Product Agent Service;c:\program files\Bitdefender Agent\ProductAgentService.exe [2015-08-31 823840] S2 SHTUUpdate;SHTUUpdat;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 SparkSvc;Baidu Spark Service;c:\program files\baidu\Baidu Browser\sparkservice.exe [2015-10-27 97080] S2 srvTrueCafe;TrueCafe Server;c:\program files\TrueCafe\TrueCafeServer.exe [2014-10-28 2135552] S2 SSFK;SSFK;c:\program files\SFK\SSFK.exe [2015-10-10 169632] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 21096] S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 25448] S2 WdsManPro;WdsManPro Service;c:\programdata\2WdsManPro2\WdsManPro.exe [2015-10-10 435712] S2 winzipersvc;WinZiper service;c:\program files\WinZipper\winzipersvc.exe [2015-10-20 707760] S3 BdApiUtil;BdApiUtil;c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdApiUtil.sys [2015-09-05 101448] S3 bdark;bdark;c:\windows\system32\drivers\bdark.sys [2015-05-27 82376] S3 BdCameraProtect;BdCameraProtect;c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdCameraProtect.sys [2015-09-05 21384] S3 BHipsEx;Baidu HipsEx Driver;c:\windows\System32\drivers\BHipsEx.sys [2015-09-05 138184] S3 Bnmon;(Bnmon);c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\Bnmon.sys [2015-09-05 84936] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576] S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2015-09-05 17432] S3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-12-24 17408] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL *Deregistered* - BavR3base . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 SHTUUpdate REG_MULTI_SZ SHTUUpdate . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-10-23 21:02 997704 ----a-w- c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe . Contenu du dossier 'Tâches planifiées' . 2015-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-05 19:39] . 2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-05 00:49] . 2015-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2015-09-05 00:49] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.v9.com/?type=hp&ts=1445849362&from=mych123&uid=st3160815as_9rx63rfv&z=526dc65c8ad153276fd2753gaz3zcw1b3z0tdceqco uDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445849362&from=mych123&uid=st3160815as_9rx63rfv&z=526dc65c8ad153276fd2753gaz3zcw1b3z0tdceqco mDefault_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445849362&from=mych123&uid=st3160815as_9rx63rfv&z=526dc65c8ad153276fd2753gaz3zcw1b3z0tdceqco mStart Page = hxxp://www.v9.com/?type=hp&ts=1445849362&from=mych123&uid=st3160815as_9rx63rfv&z=526dc65c8ad153276fd2753gaz3zcw1b3z0tdceqco IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\SERVEUR\AppData\Roaming\Mozilla\Firefox\Profiles\h3xfvy07.default\ FF - prefs.js: browser.search.selectedEngine - delta-homes FF - prefs.js: browser.startup.homepage - hxxp://www.delta-homes.com/?type=hp&ts=1444639806&z=0d734d3ca101ac14dc65f76gfzdzczaq6c6t9b7eac&from=wpm07163&uid=ST3160815AS_9RX63RFV user_pref(extensions.autoDisableScopes,14); . - - - - ORPHELINS SUPPRIMES - - - - . HKLM-Explorer_Run-1016356419 - c:\programdata\mszdujfs.exe MSConfigStartUp-WiFi Protector - c:\program files\WiFi Protector\WiFiProtLauncher.exe AddRemove-Reload Icons Cache 1.00 - c:\program files\Mr Blade Design's\Reload Icons Cache\Uninstall.exe AddRemove-{61EB474B-67A6-47F4-B1B7-386851BAB3D0} - c:\program files\InstallShield Installation Information\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}\setup.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,6c,01,d0,2d,a2,2e,48,ab,b9,7a,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,6c,01,d0,2d,a2,2e,48,ab,b9,7a,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'Explorer.exe'(6004) c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\Bavnt.dll c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\bavum.dll c:\program files\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavShx.dll c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFTaskbar.dll c:\skinpack\ThemeResourceChanger.dll c:\program files\PowerISO\PWRISOSH.DLL . ------------------------ Autres processus actifs ------------------------ . c:\program files\Elex-tech\YAC\iSafeSvc2.exe c:\program files\Elex-tech\YAC\iSafeTray.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\program files\Opera\launcher.exe c:\program files\Opera\32.0.1948.69\opera_autoupdate.exe c:\program files\Google\Chrome\Application\chrome.exe c:\program files\CyberCafePro Server\CCP_Server.exe c:\program files\CyberCafePro Server\ORMon.exe c:\program files\Google\Chrome\Application\chrome.exe c:\windows\system32\WUDFHost.exe c:\program files\Google\Chrome\Application\chrome.exe c:\program files\Google\Chrome\Application\chrome.exe c:\program files\Google\Chrome\Application\chrome.exe c:\program files\Google\Chrome\Application\chrome.exe c:\program files\Google\Chrome\Application\chrome.exe c:\program files\Google\Chrome\Application\chrome.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\windows\system32\DllHost.exe . ************************************************************************** . Heure de fin: 2015-11-04 09:25:41 - La machine a redémarré ComboFix-quarantined-files.txt 2015-11-04 09:25 . Avant-CF: 22 560 333 824 octets libres Après-CF: 22 417 006 592 octets libres . - - End Of File - - BF529EF8E976840A16184F2C2C3BEBBF A36C5E4F47E84449FF07ED3517B43A31