ComboFix 16-06-01.01 - admin 03/06/2016 11:55:45.2.4 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.12286.9081 [GMT 2:00] Lancé depuis: c:\users\admin\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\admin\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . ((((((((((((((((((((((((((((( Fichiers créés du 2016-05-03 au 2016-06-03 )))))))))))))))))))))))))))))))))))) . . 2016-06-03 10:02 . 2016-06-03 10:02 -------- d-----w- c:\users\Invité\AppData\Local\temp 2016-06-03 10:02 . 2016-06-03 10:02 -------- d-----w- c:\users\FMDK7412\AppData\Local\temp 2016-06-03 10:02 . 2016-06-03 10:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-06-03 10:02 . 2016-06-03 10:02 -------- d-----w- c:\users\CLMENC~1\AppData\Local\temp 2016-06-03 10:02 . 2016-06-03 10:02 -------- d-----w- c:\users\Administrateur\AppData\Local\temp 2016-06-02 14:38 . 2016-06-02 14:38 -------- d-----w- c:\program files (x86)\ZHPFix 2016-06-02 12:26 . 2016-06-02 12:35 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-06-02 12:26 . 2016-06-02 12:26 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2016-06-02 12:26 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-06-02 12:26 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-06-02 12:26 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-06-02 12:17 . 2016-06-02 12:19 -------- d-----w- C:\AdwCleaner 2016-06-02 09:36 . 2016-06-02 14:52 -------- d-----w- c:\users\admin\AppData\Roaming\ZHP 2016-05-31 04:51 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92E921F7-E19F-4985-858E-80EDF1E1833A}\mpengine.dll 2016-05-28 20:14 . 2016-05-28 20:14 398152 ----a-w- c:\windows\system32\aswBoot.exe 2016-05-28 20:14 . 2016-05-28 20:14 52184 ----a-w- c:\windows\avastSS.scr 2016-05-22 16:39 . 2016-05-22 16:40 -------- d-----w- c:\users\admin\AppData\Local\tkdata 2016-05-22 16:37 . 2016-05-22 16:46 -------- d-----w- c:\program files\Intel 2016-05-22 16:37 . 2016-05-22 16:45 -------- d-----w- c:\program files\Common Files\McAfee 2016-05-06 14:44 . 2016-05-06 14:44 -------- d-----w- c:\programdata\Epubsoft 2016-05-06 14:44 . 2016-05-06 14:44 -------- d-----w- c:\program files (x86)\EPUBSOFT 2016-05-05 11:02 . 2016-05-05 15:30 -------- d-----w- c:\users\admin\AppData\Roaming\dacia 2016-05-05 11:02 . 2016-05-05 11:02 -------- d-----w- c:\program files (x86)\Dacia Media Nav 2016-05-04 10:46 . 2016-05-04 10:46 -------- d-----w- c:\users\admin\AppData\Local\Adobe_Systems_Incorporate . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2016-05-28 20:14 . 2014-06-19 22:00 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2016-05-28 20:14 . 2013-12-24 15:56 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys 2016-05-28 20:14 . 2013-12-24 15:33 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2016-05-28 20:14 . 2013-12-24 15:33 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2016-05-28 20:14 . 2013-12-24 15:33 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2016-05-28 20:14 . 2013-09-09 16:53 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys 2016-05-28 20:14 . 2013-09-09 16:52 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2016-05-28 20:14 . 2016-02-17 18:34 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2016-05-28 20:14 . 2013-12-24 15:33 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2016-05-13 13:27 . 2013-09-09 16:56 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2016-05-13 13:27 . 2013-09-09 16:56 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2016-04-22 18:13 . 2015-05-21 07:11 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2016-04-21 13:05 . 2013-09-09 17:07 453288 ------w- c:\windows\system32\MpSigStub.exe 2016-04-12 15:23 . 2014-11-25 10:55 642336 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2016-04-09 06:54 . 2016-05-11 05:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2016-04-04 18:14 . 2016-04-13 07:21 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe 2016-04-04 18:02 . 2016-04-13 07:21 1169408 ----a-w- c:\windows\system32\aeinv.dll 2016-04-02 13:08 . 2016-04-13 07:21 1386496 ----a-w- c:\windows\system32\appraiser.dll 2016-03-23 14:02 . 2016-04-13 07:21 215040 ----a-w- c:\windows\system32\aepic.dll 2016-03-17 22:56 . 2016-04-13 07:21 2084864 ----a-w- c:\windows\system32\ole32.dll 2016-03-17 22:28 . 2016-04-13 07:21 1414144 ----a-w- c:\windows\SysWow64\ole32.dll 2016-03-17 18:04 . 2016-04-13 07:21 698368 ----a-w- c:\windows\system32\generaltel.dll 2016-03-17 18:04 . 2016-04-13 07:21 499200 ----a-w- c:\windows\system32\devinv.dll 2016-03-17 18:04 . 2016-04-13 07:21 279040 ----a-w- c:\windows\system32\invagent.dll 2016-03-17 18:04 . 2016-04-13 07:21 76800 ----a-w- c:\windows\system32\acmigration.dll 2016-03-16 18:50 . 2016-04-13 07:21 156672 ----a-w- c:\windows\system32\mtxoci.dll 2016-03-16 18:28 . 2016-04-13 07:21 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll 2016-03-16 18:28 . 2016-04-13 07:21 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll 2016-03-16 00:16 . 2016-04-13 07:21 760320 ----a-w- c:\windows\system32\samsrv.dll 2016-03-16 00:16 . 2016-04-13 07:21 106496 ----a-w- c:\windows\system32\samlib.dll 2016-03-15 23:53 . 2016-04-13 07:21 60416 ----a-w- c:\windows\SysWow64\samlib.dll 2016-03-06 18:53 . 2016-04-13 07:21 2048 ----a-w- c:\windows\system32\msxml3r.dll 2016-03-06 18:53 . 2016-04-13 07:21 1885696 ----a-w- c:\windows\system32\msxml3.dll 2016-03-06 18:38 . 2016-04-13 07:21 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2016-03-06 18:38 . 2016-04-13 07:21 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll 2011-03-30 10:40 . 2011-03-30 10:40 517976 ----a-w- c:\program files (x86)\DXSETUP.exe 2011-03-30 10:40 . 2011-03-30 10:40 95576 ----a-w- c:\program files (x86)\DSETUP.dll 2011-03-30 10:40 . 2011-03-30 10:40 1566040 ----a-w- c:\program files (x86)\dsetup32.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2] @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}" [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}] 2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3] @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}] 2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OrangeInside"="c:\users\admin\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe" [2016-05-12 0] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2016-05-28 7400576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Dedicarz Service;Dedicarz Service;c:\program files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe;c:\program files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe [x] R2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe [x] R2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x] R2 Orange update Core Service;Orange update Core Service;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [x] R2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x] R3 BthAudioHF;Service BthAudioHF;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x] R3 cpuz134;cpuz134;c:\users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x] R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x] R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x] R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys;c:\windows\SYSNATIVE\DRIVERS\CESG64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver;c:\windows\system32\DRIVERS\SamsungRapidDiskFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidDiskFltr.sys [x] S0 SamsungRapidFSFltr;SamsungRapidFSFltr;c:\windows\system32\DRIVERS\SamsungRapidFSFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidFSFltr.sys [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] S2 BtSwitcherService;Service Bluetooth Switcher;c:\program files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [x] S2 ClickToRunSvc;Service Démarrer en clic Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 CSRBtAudioService;Service audio Bluetooth CSR;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [x] S2 CsrBtOBEXService;CSR OBEX Service;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [x] S2 CsrBtService;Service Bluetooth CSR;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 GamingApp_Service;GamingApp_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [x] S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 SamsungRapidSvc;Samsung RAPID Mode Service;c:\windows\system32\RAPID\SamsungRapidSvc.exe;c:\windows\SYSNATIVE\RAPID\SamsungRapidSvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 cmudaxp;ASUS Xonar DGX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x] S3 csr_bthav;Profil AV Bluetooth;c:\windows\system32\drivers\csrbthav.sys;c:\windows\SYSNATIVE\drivers\csrbthav.sys [x] S3 csravrcp;Profil AVRCP Bluetooth;c:\windows\system32\DRIVERS\csravrcp.sys;c:\windows\SYSNATIVE\DRIVERS\csravrcp.sys [x] S3 CsrBthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\CsrBthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\CsrBthAudioHF.sys [x] S3 CsrBtPort;Lecteur de périphérique Bluetooth CRS;c:\windows\system32\DRIVERS\CsrBtPort.sys;c:\windows\SYSNATIVE\DRIVERS\CsrBtPort.sys [x] S3 csrhfgcc;Profil de commande d'appel HFG Bluetooth;c:\windows\system32\DRIVERS\csrhfgcc.sys;c:\windows\SYSNATIVE\DRIVERS\csrhfgcc.sys [x] S3 csrpan;Bluetooth Personal Area Network Device Driver;c:\windows\system32\DRIVERS\csrpan.sys;c:\windows\SYSNATIVE\DRIVERS\csrpan.sys [x] S3 csrserial;Lecteur de périphérique SPP;c:\windows\system32\DRIVERS\csrserial.sys;c:\windows\SYSNATIVE\DRIVERS\csrserial.sys [x] S3 csrusb;Driver USB CSR pour dongle Bluetooth;c:\windows\system32\Drivers\csrusb.sys;c:\windows\SYSNATIVE\Drivers\csrusb.sys [x] S3 csrusbfilter;CSR USB filter driver;c:\windows\system32\Drivers\csrusbfilter.sys;c:\windows\SYSNATIVE\Drivers\csrusbfilter.sys [x] S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x] S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-05-13 04:19 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe . Contenu du dossier 'Tâches planifiées' . 2016-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-09 13:27] . 2016-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-09 11:33] . 2016-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-09 11:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2] @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}" [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}] 2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3] @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}] 2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2016-04-12 16:56 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2016-04-12 16:56 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2016-04-12 16:56 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2016-05-28 20:14 920784 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440] "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536] "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704] "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112] "SamsungRapidApp"="c:\program files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe" [2014-09-16 281776] . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm mDefault_Search_URL = www.google.com mDefault_Page_URL = www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = www.google.com uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms} IE: Accéder au portail Orange - c:\users\admin\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Envoyer par SMS Orange le texte sélectionné - c:\users\admin\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html IE: Rechercher le texte sélectionné - c:\users\admin\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 Trusted Zone: com\*.Wondershare Trusted Zone: dell.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\admin\ FF - prefs.js: browser.search.selectedEngine - Lasaoren FF - user.js: extensions.srchlsrn.aflt - lrn_frmr_14_38_ff FF - user.js: extensions.srchlsrn.instlRef - 142905_a FF - user.js: extensions.srchlsrn.cr - 1820695780 FF - user.js: extensions.srchlsrn.cd - 2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FzzyDtByEtAzz0CyDyByCtN0D0Tzu0SzyzytCtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtB0EyBtC0CtCyCtG0C0ByByCtGzzzzyB0DtGyB0DtCtDtGtD0AtCyEyDzy0A0D0DyEtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0A0D0EtB0F0EyCtGtAyE0CzztGyE0F0AyEtGzzyBzz0AtG0FtA0CyCtA0AtD0A0ByDyEyC2Q . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-{c9a6357b-25cc-4bcf-96c1-78736985d412} - (no file) Wow6432Node-HKLM-Run- - (no file) . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Orange\ma Livebox\maLivebox.exe c:\program files (x86)\Orange\Orange Installer\OrangeInstaller.exe c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe . ************************************************************************** . Heure de fin: 2016-06-03 12:06:15 - La machine a redémarré ComboFix-quarantined-files.txt 2016-06-03 10:06 . Avant-CF: 98 548 723 712 octets libres Après-CF: 98 312 032 256 octets libres . - - End Of File - - 2EDB4D3A5EF7A3C33A3D59593223E734 B1F7D7F6E4FBE98E578562A22A94D02C