ComboFix 16-03-07.01 - fanny 07/03/2016 9:42.1.2 - x86 Microsoft Windows 7 Édition Familiale Basique 6.1.7601.1.1252.33.1036.18.2037.844 [GMT 1:00] Lancé depuis: c:\users\fanny\Desktop\Downloads\ComboFix.exe AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D} FW: Bitdefender Pare-feu *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46} SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . [i] ADS - Windows: deleted 24 bytes in 1 streams. [/i] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Windows Searchqu Toolbar c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-showalert-over.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png c:\programdata\1436021394.bdinstall.bin c:\programdata\17470002380575711363 c:\programdata\17470002380575711363\cd5b15e575e1c3d029dc65c107aaaf3f.ini c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\background.html c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\crossriderManifest.json c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\icons\actions\1.png c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\icons\icon128.png c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\icons\icon16.png c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\icons\icon48.png c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\api\chrome.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\api\cookie.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\api\message.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\app\background.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\app\extension.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\background.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\app_api.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\async_api.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\bg_app_api.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\cookie_store.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\crossriderAPI.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\data_store.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\delegate.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\events.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\installer.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\logging.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\onBGDocumentLoad.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\popupResource\newPopup.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\popupResource\popup.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\reports.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\util.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\js\lib\xhr.js c:\users\fanny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\popup.html c:\users\fanny\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\fanny\AppData\Local\TempDIR c:\windows\system32\2 c:\windows\system32\2\bdsandboxuh.dll c:\windows\system32\2\bdsandboxuiskin.dll c:\windows\system32\2\drivers\avc3.sys c:\windows\system32\2\drivers\avchv.sys c:\windows\system32\2\drivers\avckf.sys c:\windows\system32\2\drivers\bdsandbox.sys c:\windows\system32\2\drivers\bdvedisk.sys c:\windows\system32\2\drivers\gzflt.sys c:\windows\system32\2\drivers\trufos.sys c:\windows\system32\sysdir c:\windows\system32\sysdir\sycd6.dll c:\windows\XSxS . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_IO.SYS -------\Service_io.sys . . ((((((((((((((((((((((((((((( Fichiers créés du 2016-02-07 au 2016-03-07 )))))))))))))))))))))))))))))))))))) . . 2016-03-07 08:52 . 2016-03-07 08:57 -------- d-----w- c:\users\fanny\AppData\Local\temp 2016-03-07 08:52 . 2016-03-07 08:52 -------- d-----w- c:\users\Invité\AppData\Local\temp 2016-03-07 08:52 . 2016-03-07 08:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-03-07 08:52 . 2016-03-07 08:52 -------- d-----w- c:\users\boby\AppData\Local\temp 2016-03-04 08:00 . 2016-03-04 08:00 -------- d-----w- c:\users\fanny\AppData\Local\Mega Limited 2016-03-03 23:05 . 2016-03-03 23:19 -------- d--h--w- c:\programdata\{827D21CC-A22D-45D6-23CA-451DDAC769BA} 2016-03-03 22:40 . 2016-03-03 22:57 -------- d-----w- c:\programdata\ukprfree 2016-03-03 22:26 . 2016-03-04 06:57 -------- d-----w- c:\users\Public\local 2016-03-02 08:09 . 2016-03-02 08:09 -------- d-----w- c:\programdata\Ralink 2016-03-01 23:04 . 2016-03-01 23:04 -------- d-----w- c:\users\fanny\AppData\Local\Remove_Empty_Directories 2016-02-28 00:07 . 2016-02-28 00:07 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2016-02-28 00:07 . 2016-02-28 00:07 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2016-02-27 23:53 . 2016-02-27 23:53 95840 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2016-02-27 23:46 . 2016-02-27 23:46 -------- d-----w- c:\users\fanny\AppData\Local\CEF 2016-02-27 22:22 . 2016-02-27 22:22 -------- d-----w- c:\users\fanny\.oracle_jre_usage 2016-02-22 23:29 . 2016-02-22 23:31 -------- d-----w- c:\program files\CCleaner 2016-02-22 13:21 . 2012-07-23 23:00 342016 ----a-w- c:\windows\system32\esw2ud.dll 2016-02-22 13:21 . 2011-12-11 23:00 122000 ----a-w- c:\windows\system32\escsvc.exe 2016-02-19 17:57 . 2016-02-19 17:57 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2016-02-19 17:55 . 2016-02-19 17:55 -------- d-----w- c:\users\fanny\AppData\Roaming\Drivers et Pilotes 2016-02-10 12:47 . 2016-01-22 05:12 2973184 ----a-w- c:\windows\explorer.exe 2016-02-10 12:47 . 2016-01-22 06:00 1498624 ----a-w- c:\windows\system32\ExplorerFrame.dll 2016-02-10 12:47 . 2016-01-22 05:59 1805824 ----a-w- c:\windows\system32\authui.dll 2016-02-10 12:46 . 2016-01-11 14:07 1198080 ----a-w- c:\windows\system32\appraiser.dll 2016-02-10 12:46 . 2016-01-16 18:42 22464 ----a-w- c:\windows\system32\CompatTelRunner.exe 2016-02-10 12:46 . 2016-01-16 18:34 949760 ----a-w- c:\windows\system32\aeinv.dll 2016-02-10 12:46 . 2016-01-11 14:07 65536 ----a-w- c:\windows\system32\acmigration.dll 2016-02-10 12:46 . 2016-01-11 14:07 591360 ----a-w- c:\windows\system32\invagent.dll 2016-02-10 12:46 . 2016-01-11 14:07 544768 ----a-w- c:\windows\system32\generaltel.dll 2016-02-10 12:46 . 2016-01-11 14:07 424960 ----a-w- c:\windows\system32\devinv.dll 2016-02-10 12:46 . 2016-01-16 18:36 1413632 ----a-w- c:\windows\system32\ole32.dll 2016-02-10 12:32 . 2016-01-11 18:47 2956288 ----a-w- c:\windows\system32\wucltux.dll 2016-02-10 12:32 . 2016-01-11 18:17 2062848 ----a-w- c:\windows\system32\wuaueng.dll 2016-02-10 12:32 . 2016-01-11 18:14 573440 ----a-w- c:\windows\system32\wuapi.dll 2016-02-10 12:32 . 2016-01-11 18:47 174080 ----a-w- c:\windows\system32\wuwebv.dll 2016-02-10 12:32 . 2016-01-11 18:35 73728 ----a-w- c:\windows\system32\WinSetupUI.dll 2016-02-10 12:32 . 2016-01-11 18:14 93696 ----a-w- c:\windows\system32\wudriver.dll 2016-02-10 12:32 . 2016-01-11 18:14 30208 ----a-w- c:\windows\system32\wups.dll 2016-02-10 12:32 . 2016-01-11 18:14 35840 ----a-w- c:\windows\system32\wups2.dll 2016-02-10 12:32 . 2016-01-11 18:14 136192 ----a-w- c:\windows\system32\wuauclt.exe 2016-02-10 12:32 . 2016-01-11 18:14 35328 ----a-w- c:\windows\system32\wuapp.exe 2016-02-10 12:32 . 2016-01-11 18:14 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2016-02-10 08:53 . 2016-02-10 08:53 8817344 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2016-03-07 08:55 . 2008-01-01 00:36 16608 ----a-w- c:\windows\gdrv.sys 2015-12-09 18:58 . 2015-12-09 18:58 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2015-12-08 21:54 . 2016-01-13 10:24 902144 ----a-w- c:\windows\system32\WMADMOD.DLL 2015-12-08 21:54 . 2016-01-13 10:24 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2015-12-08 21:54 . 2016-01-13 10:24 815616 ----a-w- c:\windows\system32\WMADMOE.DLL 2015-12-08 21:54 . 2016-01-13 10:24 740352 ----a-w- c:\windows\system32\wmpmde.dll 2015-12-08 21:54 . 2016-01-13 10:24 739328 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2015-12-08 21:54 . 2016-01-13 10:24 665088 ----a-w- c:\windows\system32\WMVXENCD.DLL 2015-12-08 21:54 . 2016-01-13 10:24 541184 ----a-w- c:\windows\system32\WMVSDECD.DLL 2015-12-08 21:54 . 2016-01-13 10:24 1568768 ----a-w- c:\windows\system32\WMVENCOD.DLL 2015-12-08 21:54 . 2016-01-13 10:24 358400 ----a-w- c:\windows\system32\WMVSENCD.DLL 2015-12-08 21:54 . 2016-01-13 10:24 1325056 ----a-w- c:\windows\system32\WMSPDMOE.DLL 2015-12-08 21:54 . 2016-01-13 10:24 1202688 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll 2015-12-08 21:54 . 2016-01-13 10:24 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2015-12-08 21:54 . 2016-01-13 10:24 154112 ----a-w- c:\windows\system32\VIDRESZR.DLL 2015-12-08 21:53 . 2016-01-13 10:24 338944 ----a-w- c:\windows\system32\SysFxUI.dll 2015-12-08 21:53 . 2016-01-13 10:24 206848 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL 2015-12-08 21:53 . 2016-01-13 10:25 509952 ----a-w- c:\windows\system32\qedit.dll 2015-12-08 21:53 . 2016-01-13 10:24 1329664 ----a-w- c:\windows\system32\quartz.dll 2015-12-08 21:53 . 2016-01-13 10:24 519680 ----a-w- c:\windows\system32\qdvd.dll 2015-12-08 21:53 . 2016-01-13 10:24 206848 ----a-w- c:\windows\system32\qasf.dll 2015-12-08 21:53 . 2016-01-13 10:24 970240 ----a-w- c:\windows\system32\msmpeg2adec.dll 2015-12-08 21:53 . 2016-01-13 10:24 829952 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL 2015-12-08 21:53 . 2016-01-13 10:24 241152 ----a-w- c:\windows\system32\MPG4DECD.DLL 2015-12-08 21:53 . 2016-01-13 10:24 241152 ----a-w- c:\windows\system32\MP43DECD.DLL 2015-12-08 21:53 . 2016-01-13 10:24 79872 ----a-w- c:\windows\system32\MP3DMOD.DLL 2015-12-08 21:53 . 2016-01-13 10:24 415744 ----a-w- c:\windows\system32\MP4SDECD.DLL 2015-12-08 21:53 . 2016-01-13 10:24 3209728 ----a-w- c:\windows\system32\mf.dll 2015-12-08 21:53 . 2016-01-13 10:24 609280 ----a-w- c:\windows\system32\MFWMAAEC.DLL 2015-12-08 21:53 . 2016-01-13 10:24 354816 ----a-w- c:\windows\system32\mfplat.dll 2015-12-08 21:53 . 2016-01-13 10:24 53248 ----a-w- c:\windows\system32\mfvdsp.dll 2015-12-08 21:53 . 2016-01-13 10:24 4608 ----a-w- c:\windows\system32\ksuser.dll 2015-12-08 21:53 . 2016-01-13 10:24 103424 ----a-w- c:\windows\system32\mfps.dll 2015-12-08 21:53 . 2016-01-13 10:25 305664 ----a-w- c:\windows\system32\gdi32.dll 2015-12-08 21:53 . 2016-01-13 10:24 489984 ----a-w- c:\windows\system32\evr.dll 2015-12-08 21:53 . 2016-01-13 10:24 67584 ----a-w- c:\windows\system32\devenum.dll 2015-12-08 21:53 . 2016-01-13 10:24 153600 ----a-w- c:\windows\system32\COLORCNV.DLL 2015-12-08 21:53 . 2016-01-13 10:24 50176 ----a-w- c:\windows\system32\rrinstaller.exe 2015-12-08 21:53 . 2016-01-13 10:24 23040 ----a-w- c:\windows\system32\mfpmp.exe 2015-12-08 21:53 . 2016-01-13 10:24 193536 ----a-w- c:\windows\system32\ksproxy.ax 2015-12-08 21:50 . 2016-01-13 10:24 2048 ----a-w- c:\windows\system32\mferror.dll 2015-12-08 21:43 . 2016-01-13 10:24 81408 ----a-w- c:\windows\system32\drivers\drmk.sys 2015-12-08 21:11 . 2016-01-13 10:24 177152 ----a-w- c:\windows\system32\drivers\portcls.sys 2015-12-08 21:11 . 2016-01-13 10:24 5120 ----a-w- c:\windows\system32\drivers\drmkaud.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936] "Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-01-15 671400] "EPLTarget\P0000000000000002"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIIKE.EXE" [2012-02-29 249440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-13 6711840] "DHTray"="c:\windows\system32\DHTray.exe" [2007-05-25 331776] "A0380mon"="c:\windows\system32\A0380mon.exe" [2007-03-22 16384] "Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-03-12 1862056] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ USB Wifi Listo.lnk - c:\program files\Listo\Common\RaUI.exe -s [2011-8-7 11474272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) "HideShutdownScripts"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLogonScripts"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoColorChoice"= 0 (0x0) "HideLogonScripts"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "UseDefaultTile"= 0 (0x0) "NoWelcomeScreen"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "PreventItemCreationInUsersFilesFolder"= 0 (0x0) "NoReadingPane"= 0 (0x0) "NoPreviewPane"= 0 (0x0) "DontSetAutoplayCheckbox"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoDFSTab"= 0 (0x0) "DisableThumbnails"= 0 (0x0) "DisableThumbnailsOnNetworkFolders"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "NoWebView"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "AlwaysShowClassicMenu"= 0 (0x0) "ClearRecentProgForNewUserInStartMenu"= 0 (0x0) "NoUserFolderInStartMenu"= 0 (0x0) "NoSearchComputerLinkInStartMenu"= 0 (0x0) "NoSearchProgramsInStartMenu"= 0 (0x0) "NoSearchInternetInStartMenu"= 0 (0x0) "NoSearchFilesInStartMenu"= 0 (0x0) "NoSearchCommInStartMenu"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoStartMenuMyGames"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "HideSCAVolume"= 0 (0x0) "HideSCANetwork"= 0 (0x0) "HideSCAPower"= 0 (0x0) "HideSCABattery"= 0 (0x0) "TaskbarNoNotification"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "TaskbarNoThumbnail"= 0 (0x0) "TaskbarLockAll"= 0 (0x0) "TaskbarNoResize"= 0 (0x0) "TaskbarNoAddRemoveToolbar"= 0 (0x0) "TaskbarNoDragToolbar"= 0 (0x0) "TaskbarNoRedock"= 0 (0x0) "RestrictWelcomeCenter"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoInplaceSharing"= 0 (0x0) "UseFoldersInStartMenu"= 0 (0x0) "TurnOffSPIAnimations"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoThemesTab"= 0 (0x0) "RestrictCpl"= 0 (0x0) "DisallowCpl"= 0 (0x0) "RestrictRun"= 0 (0x0) "DisallowRun"= 0 (0x0) "NoRecycleFiles"= 0 (0x0) "PreventItemCreationInUsersFilesFolder"= 0 (0x0) "NoReadingPane"= 0 (0x0) "NoPreviewPane"= 0 (0x0) "DontSetAutoplayCheckbox"= 0 (0x0) "NoCustomizeWebView"= 0 (0x0) "NoDFSTab"= 0 (0x0) "DisableThumbnails"= 0 (0x0) "DisableThumbnailsOnNetworkFolders"= 0 (0x0) "NoCustomizeThisFolder"= 0 (0x0) "NoWebView"= 0 (0x0) "DontShowSuperHidden"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "NoPublishingWizard"= 0 (0x0) "AlwaysShowClassicMenu"= 0 (0x0) "ClearRecentProgForNewUserInStartMenu"= 0 (0x0) "NoUserFolderInStartMenu"= 0 (0x0) "NoSearchComputerLinkInStartMenu"= 0 (0x0) "NoSearchProgramsInStartMenu"= 0 (0x0) "NoSearchInternetInStartMenu"= 0 (0x0) "NoSearchFilesInStartMenu"= 0 (0x0) "NoSearchCommInStartMenu"= 0 (0x0) "NoSMConfigurePrograms"= 0 (0x0) "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoHelp"= 0 (0x0) "NoCommonGroups"= 0 (0x0) "NoStartMenuEjectPC"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) "NoDisconnect"= 0 (0x0) "NoNtSecurity"= 0 (0x0) "GreyMSIAds"= 0 (0x0) "ForceMaxRecentDocs"= 0 (0x0) "NoStartMenuMyGames"= 0 (0x0) "NoSMBalloonTip"= 0 (0x0) "NoSMBalloonTips"= 0 (0x0) "HideClock"= 0 (0x0) "HideSCAVolume"= 0 (0x0) "HideSCANetwork"= 0 (0x0) "HideSCAPower"= 0 (0x0) "HideSCABattery"= 0 (0x0) "TaskbarNoNotification"= 0 (0x0) "NoTaskGrouping"= 0 (0x0) "TaskbarNoThumbnail"= 0 (0x0) "TaskbarLockAll"= 0 (0x0) "TaskbarNoResize"= 0 (0x0) "TaskbarNoAddRemoveToolbar"= 0 (0x0) "TaskbarNoDragToolbar"= 0 (0x0) "TaskbarNoRedock"= 0 (0x0) "RestrictWelcomeCenter"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoFileUrl"= 0 (0x0) "SpecifyDefaultButtons"= 0 (0x0) "NoInplaceSharing"= 0 (0x0) "UseFoldersInStartMenu"= 0 (0x0) "TurnOffSPIAnimations"= 0 (0x0) "PromptRunasInstallNetPath"= 1 (0x1) "NoResolveTrack"= 0 (0x0) "NoThumbnailCache"= 0 (0x0) "ForceCopyAclwithFile"= 0 (0x0) "StartRunNoHOMEPATH"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKLM\~\startupfolder\C:^Users^fanny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SFR Cloud.lnk] path=c:\users\fanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SFR Cloud.lnk backup=c:\windows\pss\SFR Cloud.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitsBlender HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Selection Tools HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart File Advisor . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2015-12-14 07:48 1085656 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring] 2015-04-08 15:49 6276888 ----a-w- c:\program files\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2011-10-31 13:25 1058400 ----a-w- c:\program files\EPSON Software\Event Manager\EEventManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget\P0000000000000000] 2012-02-29 05:03 249440 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIIKE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPLTarget\P0000000000000001] 2012-02-29 05:03 249440 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIIKE.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAHConsole] 2014-01-28 10:16 616632 ----a-w- c:\program files\File Association Helper\FAHConsole.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe . 2;2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [x] R0 cdcono;cdcono;c:\windows\System32\drivers\gubxxvh.sys [x] R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624] R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-10-03 8192] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488] R3 A0380VID;USB2.0 PC Camera;c:\windows\system32\DRIVERS\A0380Vid.sys [2007-05-17 300480] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2015-01-14 548336] R3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [2014-12-09 69880] R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-07-02 108008] R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2015-01-09 66832] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-01-22 102912] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-06-24 119512] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2013-01-31 47360] R3 RaMediaServer;RaMediaServer;c:\program files\Listo\Common\RaMediaServer.exe [2010-12-30 619872] R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136] R3 RtlProt;RtlProt;c:\windows\System32\Drivers\RtlProt.sys [2007-04-23 25896] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WSDScan;Prise en charge de la numérisation WSD via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-07-14 20480] R4 MyEpson Portal Service;MyEpson Portal Service;c:\program files\EPSON\MyEpson Portal\mepService.exe [2014-09-22 703984] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2015-01-14 1083448] S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2015-02-24 172936] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2014-12-15 77632] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2012-10-29 93648] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-01-08 1433216] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-01-08 1773696] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-11 122000] S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2008-12-24 68136] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S2 RealtekUSB;RealtekUSB;c:\program files\BlueStork\BS-WG-USB Wireless LAN Utility\RtlService.exe [2007-07-27 36864] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928] S2 SOFTLOK;SOFTLOK; [x] S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [2014-10-27 54424] S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2015-01-23 243456] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256] S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2010-12-28 1174880] S3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2004-07-14 2048] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc HPService REG_MULTI_SZ HPSLPSVC utcsvc REG_MULTI_SZ DiagTrack . Contenu du dossier 'Tâches planifiées' . 2016-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-28 00:07] . . ------- Examen supplémentaire ------- . uStart Page = https://www.google.fr/ mStart Page = about:blank uSearchAssistant = www.google.com IE: E&xporter vers Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{86FE1262-30CE-4737-BB0C-2730A122071B}\E4545564F524330343: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\fanny\AppData\Roaming\Mozilla\Firefox\Profiles\osfy5o1j.default-1435476110931\ user_pref(extensions.autoDisableScopes,14); . . ------- Associations de fichier ------- . inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1 txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1 . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-10 - (no file) WebBrowser-{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - (no file) ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file) ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - (no file) ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) HKLM-Run-kbdsprt - (no file) c:\users\fanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HWMonitor_x32 - Raccourci.lnk - c:\users\fanny\Desktop\Downloads\hwmonitor_1.22-32bit\HWMonitor_x32.exe AddRemove-360WAVESPATCHERCLT - c:\program files\360WavesPatcher\WDUNINST.EXE AddRemove-VisualBee for Microsoft PowerPoint - c:\users\fanny\AppData\Local\VisualBeeExe\uninst.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MWAC] "ImagePath"="\??\c:\windows\system32\drivers\" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="BrowserHTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="BrowserHTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="BrowserHTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="BrowserHTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="BrowserHTM" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files\Bitdefender\Bitdefender 2015\vsserv.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\system32\taskhost.exe c:\windows\system32\GWX\GWX.exe c:\program files\Listo\Common\RaRegistry.exe c:\program files\BlueStork\BS-WG-USB Wireless LAN Utility\RtWlan.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\sppsvc.exe c:\windows\system32\conhost.exe c:\program files\Listo\Common\RaUI.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2016-03-07 10:03:14 - La machine a redémarré ComboFix-quarantined-files.txt 2016-03-07 09:03 . Avant-CF: 140 064 595 968 octets libres Après-CF: 139 682 783 232 octets libres . - - End Of File - - C80DFCC8FFD8DA78B9D90B4906917E14 A36C5E4F47E84449FF07ED3517B43A31