ComboFix 16-03-19.01 - lyane 20/03/2016 23:17:18.1.2 - x86 NETWORK Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.1237.694 [GMT 1:00] Lancé depuis: c:\users\lyane\Desktop\ComboFix.exe AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AV: Panda GOLD Protection *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Panda Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628} SP: Panda GOLD Protection *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0410.exe c:\windows\msdownld.tmp c:\windows\Tasks\JkDefragCmd.exe . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NETHFDRV . . ((((((((((((((((((((((((((((( Fichiers créés du 2016-02-20 au 2016-03-20 )))))))))))))))))))))))))))))))))))) . . 2016-03-20 18:46 . 2016-03-02 14:59 9067696 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D76483AF-CE70-43BD-B03D-CD331DCED754}\mpengine.dll 2016-03-20 00:38 . 2016-03-02 14:59 9067696 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2016-03-19 06:23 . 2016-03-19 18:28 -------- d-----w- C:\FRST 2016-03-15 20:14 . 2016-03-15 20:58 -------- d-----w- c:\program files\AdwCleaner 2016-03-13 13:05 . 2015-07-01 06:57 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56CB1D95-3FF6-4EA6-A50B-95F4B0AC3075}\gapaengine.dll 2016-03-13 10:07 . 2016-03-13 10:07 -------- d-----w- c:\windows\TempCA2F1383-3388-015B-7A94-C28A68900863-Signatures 2016-03-13 03:36 . 2016-02-06 02:11 802304 ----a-w- c:\windows\system32\advapi32.dll 2016-03-13 03:36 . 2016-02-06 02:12 783872 ----a-w- c:\windows\system32\rpcrt4.dll 2016-03-13 03:36 . 2016-02-06 02:11 49664 ----a-w- c:\windows\system32\csrsrv.dll 2016-03-13 03:36 . 2016-02-06 00:32 64000 ----a-w- c:\windows\system32\smss.exe 2016-03-13 03:36 . 2016-02-19 21:34 1208776 ----a-w- c:\windows\system32\ntdll.dll 2016-03-13 03:36 . 2016-02-06 02:17 3609024 ----a-w- c:\windows\system32\ntkrnlpa.exe 2016-03-13 03:36 . 2016-02-06 02:17 3556800 ----a-w- c:\windows\system32\ntoskrnl.exe 2016-03-13 03:32 . 2015-11-20 14:15 13664 ----a-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-03-13 03:32 . 2015-11-20 14:15 12640 ----a-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-03-13 03:32 . 2015-11-20 14:15 15200 ----a-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-03-13 03:32 . 2015-11-20 14:15 15712 ----a-w- c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2016-03-13 03:32 . 2015-11-20 14:15 11616 ----a-w- c:\windows\system32\api-ms-win-core-file-l1-2-0.dll 2016-03-13 03:32 . 2015-11-20 14:15 12128 ----a-w- c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll 2016-03-13 03:32 . 2015-11-20 14:15 19808 ----a-w- c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-13 03:32 . 2015-11-20 14:15 66400 ----a-w- c:\windows\system32\api-ms-win-crt-private-l1-1-0.dll 2016-03-13 03:32 . 2015-11-20 14:15 922432 ----a-w- c:\windows\system32\ucrtbase.dll 2016-03-13 03:30 . 2016-02-06 02:12 19968 ----a-w- c:\windows\system32\seclogon.dll 2016-03-13 03:28 . 2016-02-06 02:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2016-03-13 03:28 . 2016-02-06 00:33 297472 ----a-w- c:\windows\system32\atmfd.dll 2016-03-13 03:22 . 2016-02-06 02:12 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll 2016-03-13 03:22 . 2016-02-06 02:12 41984 ----a-w- c:\program files\Windows Mail\wabimp.dll 2016-03-13 03:22 . 2016-02-06 00:37 65536 ----a-w- c:\program files\Windows Mail\wabmig.exe 2016-03-13 03:22 . 2016-02-06 02:12 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2016-03-13 03:22 . 2016-02-06 00:37 515584 ----a-w- c:\program files\Windows Mail\wab.exe 2016-03-13 03:20 . 2016-02-03 17:05 67072 ----a-w- c:\windows\system32\asycfilt.dll 2016-03-13 03:20 . 2016-02-03 17:06 89600 ----a-w- c:\windows\system32\olepro32.dll 2016-03-13 03:20 . 2016-02-03 17:06 564736 ----a-w- c:\windows\system32\oleaut32.dll 2016-03-13 02:55 . 2016-02-04 15:25 2068992 ----a-w- c:\windows\system32\win32k.sys 2016-03-13 02:49 . 2016-03-13 02:49 -------- d-----w- c:\windows\TempAEFB8FBA-FEF3-FCA9-D8F7-1DBAAE97D2D3-Signatures 2016-03-13 00:29 . 2016-03-14 11:29 -------- d-----w- c:\users\lyane\AppData\Local\panda 2016-03-13 00:27 . 2016-03-13 00:29 -------- d-----w- c:\program files\Panda Security URL Filtering 2016-03-12 05:32 . 2016-02-09 00:17 1815552 ----a-w- c:\windows\system32\jscript9.dll 2016-03-12 05:32 . 2016-02-09 00:10 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2016-03-12 05:32 . 2016-02-09 00:13 367616 ----a-w- c:\windows\system32\html.iec 2016-03-12 05:32 . 2016-02-09 00:10 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2016-03-07 12:42 . 2016-03-07 12:42 -------- d-----w- c:\windows\TempE299FB8A-1929-DB24-AB15-F49EAE3611B4-Signatures 2016-03-07 10:30 . 2016-03-11 23:47 -------- d-----w- C:\a74966993be5e235b6763c7e97138028 2016-03-06 17:14 . 2016-03-06 17:14 -------- d-----w- C:\KVRT_Data 2016-03-06 00:16 . 2016-03-06 18:50 -------- d-----w- c:\windows\Microsoft Antimalware 2016-03-04 19:29 . 2016-03-04 19:30 -------- d-----w- c:\windows\Temp3B1470FB-57DA-F4AB-AF6E-25EF45DB9A1F-Signatures 2016-03-04 18:50 . 2016-03-04 18:51 -------- d-----w- c:\windows\TempEFAB1593-6AEE-86F5-649F-C8DB617911FE-Signatures 2016-03-04 17:56 . 2016-03-04 17:56 -------- d-----w- c:\windows\TempDB92D67B-9FBA-B250-73F5-CD911967296F-Signatures 2016-03-04 17:14 . 2016-03-04 17:14 -------- d-----w- c:\windows\TempCDF36B89-8E54-61D7-8E39-3A001160088F-Signatures 2016-03-03 22:38 . 2016-03-03 22:38 -------- d-----w- C:\found.006 2016-03-03 11:44 . 2016-03-03 11:44 -------- d-----w- c:\program files\Windows Password Recovery Tool Ultimate 2016-03-03 02:01 . 2016-03-03 02:02 -------- d-----w- c:\windows\Temp0A851DF9-62FB-4A22-CEFA-119F94467E80-Signatures 2016-02-29 02:18 . 2016-02-29 02:19 -------- d-----w- c:\windows\TempB554B050-6108-3B7E-353C-A75BF00F1B7E-Signatures 2016-02-27 00:44 . 2016-02-27 00:44 -------- d-----w- c:\windows\Temp9C269653-A90F-C890-6A05-10F56235A406-Signatures 2016-02-26 22:31 . 2016-03-20 08:40 -------- d-----w- c:\users\lyane\AppData\Roaming\Panda Security 2016-02-26 22:11 . 2016-03-20 08:41 -------- d-----w- c:\program files\Panda Security 2016-02-26 22:02 . 2016-03-20 08:41 -------- d-----w- c:\programdata\Panda Security 2016-02-26 11:41 . 2016-03-07 20:02 -------- d-----w- c:\program files\Avira 2016-02-26 11:41 . 2016-03-17 22:25 -------- d-----w- c:\programdata\Avira 2016-02-26 11:31 . 2016-03-11 23:44 -------- d-----w- c:\programdata\Package Cache 2016-02-26 08:58 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-02-26 08:58 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-02-26 08:50 . 2016-02-26 08:50 -------- d-----w- c:\windows\TempD0345791-CF07-FA9A-91DD-F0287DCD0C28-Signatures 2016-02-26 08:42 . 2016-02-28 11:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2016-02-25 18:08 . 2016-02-25 18:08 -------- d-----w- c:\users\lyane\AppData\Local\Skype 2016-02-25 18:06 . 2016-02-25 18:06 -------- d-----r- c:\program files\Skype . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2016-03-13 20:02 . 2014-09-21 18:46 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-02-15 20:08 . 2015-01-28 10:49 95840 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2016-01-30 03:09 . 2016-02-10 02:44 324608 ----a-w- c:\windows\system32\sdohlp.dll 2016-01-30 03:09 . 2016-02-10 02:44 153088 ----a-w- c:\windows\system32\sbeio.dll 2016-01-30 03:09 . 2016-02-10 02:44 323072 ----a-w- c:\windows\system32\sbe.dll 2016-01-30 03:09 . 2016-02-10 02:44 293376 ----a-w- c:\windows\system32\psisdecd.dll 2016-01-30 03:09 . 2016-02-10 02:44 217600 ----a-w- c:\windows\system32\psisrndr.ax 2016-01-30 03:09 . 2016-02-10 02:44 429056 ----a-w- c:\windows\system32\EncDec.dll 2016-01-30 03:09 . 2016-02-10 02:40 1316864 ----a-w- c:\windows\system32\ole32.dll 2016-01-30 03:08 . 2016-02-10 02:44 107520 ----a-w- c:\windows\system32\mtxoci.dll 2016-01-30 03:08 . 2016-02-10 02:44 80896 ----a-w- c:\windows\system32\MSNP.ax 2016-01-30 03:08 . 2016-02-10 02:44 180224 ----a-w- c:\windows\system32\msorcl32.dll 2016-01-30 03:08 . 2016-02-10 02:44 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2016-01-30 03:08 . 2016-02-10 02:44 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2016-01-30 03:08 . 2016-02-10 02:44 48128 ----a-w- c:\windows\system32\iasdatastore.dll 2016-01-30 03:08 . 2016-02-10 02:44 57344 ----a-w- c:\windows\system32\iasads.dll 2016-01-30 03:08 . 2016-02-10 02:44 119296 ----a-w- c:\windows\system32\iasrecst.dll 2016-01-30 01:32 . 2016-02-10 02:44 17408 ----a-w- c:\windows\system32\iashost.exe 2016-01-28 17:52 . 2014-11-13 03:32 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2016-01-28 17:52 . 2014-11-13 03:32 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2016-01-09 17:06 . 2016-02-10 02:01 501760 ----a-w- c:\windows\system32\kerberos.dll 2016-01-07 15:18 . 2016-02-10 02:08 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-05-08 6369048] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2016-03-03 6825888] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-01-29 986872] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-01-29 594992] "Avira SystrayStartTrigger"="c:\program files\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-01-27 66328] "Panda Security URL Filtering"="c:\program files\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2015-11-06 254472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO RAMDISK Tray Utility.lnk] backupExtension=.CommonStartup backup=c:\windows\pss\BUFFALO RAMDISK Tray Utility.lnk.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO RAMDISK Tray Utility.lnk . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BUFFALO RAMDISK Utility.lnk] backupExtension=.CommonStartup backup=c:\windows\pss\BUFFALO RAMDISK Utility.lnk.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO RAMDISK Utility.lnk . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^lyane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk] backupExtension=.Startup backup=c:\windows\pss\OpenOffice.org 2.0.lnk.Startup path=c:\users\lyane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring] 2015-05-08 19:49 6369048 ----a-w- c:\program files\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CollaborationHost] 2008-01-19 07:33 192000 ----a-w- c:\windows\System32\p2phost.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google+ Auto Backup] 2014-01-06 09:59 3619096 ----a-w- c:\program files\Google\Google+ Auto Backup\Google+ Auto Backup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2008-06-18 19:01 166424 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-06-18 19:01 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher] 2007-03-07 09:09 44168 ----a-w- c:\windows\SMINST\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2016-01-29 16:56 986872 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-06-18 19:01 133656 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-03-01 15:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2016-01-29 17:57 594992 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] 2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "tsiVideo"=rundll32.exe c:\users\lyane\AppData\Local\Temp\\mdi164.dll,runme . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-03-15 00:34 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.87\Installer\chrmstp.exe . Contenu du dossier 'Tâches planifiées' . 2016-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10 17:52] . 2016-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-10-18 00:55] . 2016-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-10-18 00:55] . 2016-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job - c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-08 00:49] . 2016-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job - c:\windows\system32\config\systemprofile\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-08 00:49] . 2016-03-15 c:\windows\Tasks\HPCeeScheduleForlyane.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-05-22 09:56] . 2014-12-21 c:\windows\Tasks\JkDefrag.job - c:\windows\tasks\JkDefragTask.cmd [2014-12-21 09:58] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com mStart Page = www.google.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.5.1 FF - ProfilePath - c:\users\lyane\AppData\Roaming\Mozilla\Firefox\Profiles\66d3jqg6.default-1457992238060\ . - - - - ORPHELINS SUPPRIMES - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2016-03-20 23:44 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-365918633-389627058-4226867446-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*èlŒQ:g] @Class="Shell" . [HKEY_USERS\S-1-5-21-365918633-389627058-4226867446-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*èlŒQ:g\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-365918633-389627058-4226867446-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*r*a*c*k*e*d*-*S*N*D*4xã‰eˆN\OpenWithList] @Class="Shell" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'Explorer.exe'(940) c:\windows\system32\btncopy.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\helppane.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Heure de fin: 2016-03-20 23:51:30 - La machine a redémarré ComboFix-quarantined-files.txt 2016-03-20 22:51 . Avant-CF: 108 495 323 136 octets libres Après-CF: 108 197 150 720 octets libres . - - End Of File - - D5A95409D4DE9FF7C0E116557928BE6F 8913823FF508CCF109DB74B636C301DA