Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-06-01.01 - admin 03/06/2016 11:04:19.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.12286.9072 [GMT 2:00]
Lancé depuis: c:\users\admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\435695158131052185UL
c:\programdata\435695158131052185UL\7b454519bbfb9c523c7e5e362a27801c.ini
c:\windows\msdownld.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-05-03 au 2016-06-03 ))))))))))))))))))))))))))))))))))))
.
.
2016-06-03 09:11 . 2016-06-03 09:11 -------- d-----w- c:\users\FMDK7412\AppData\Local\temp
2016-06-02 14:38 . 2016-06-02 14:38 -------- d-----w- c:\program files (x86)\ZHPFix
2016-06-02 12:26 . 2016-06-02 12:35 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-02 12:26 . 2016-06-02 12:26 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-06-02 12:26 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-06-02 12:26 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-06-02 12:26 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-06-02 12:17 . 2016-06-02 12:19 -------- d-----w- C:\AdwCleaner
2016-06-02 09:36 . 2016-06-02 14:52 -------- d-----w- c:\users\admin\AppData\Roaming\ZHP
2016-05-31 04:51 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92E921F7-E19F-4985-858E-80EDF1E1833A}\mpengine.dll
2016-05-28 20:14 . 2016-05-28 20:14 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-05-28 20:14 . 2016-05-28 20:14 52184 ----a-w- c:\windows\avastSS.scr
2016-05-22 16:39 . 2016-05-22 16:40 -------- d-----w- c:\users\admin\AppData\Local\tkdata
2016-05-22 16:37 . 2016-05-22 16:46 -------- d-----w- c:\program files\Intel
2016-05-22 16:37 . 2016-05-22 16:45 -------- d-----w- c:\program files\Common Files\McAfee
2016-05-06 14:44 . 2016-05-06 14:44 -------- d-----w- c:\programdata\Epubsoft
2016-05-06 14:44 . 2016-05-06 14:44 -------- d-----w- c:\program files (x86)\EPUBSOFT
2016-05-05 11:02 . 2016-05-05 15:30 -------- d-----w- c:\users\admin\AppData\Roaming\dacia
2016-05-05 11:02 . 2016-05-05 11:02 -------- d-----w- c:\program files (x86)\Dacia Media Nav
2016-05-04 10:46 . 2016-05-04 10:46 -------- d-----w- c:\users\admin\AppData\Local\Adobe_Systems_Incorporate
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-28 20:14 . 2014-06-19 22:00 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-05-28 20:14 . 2013-12-24 15:56 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-05-28 20:14 . 2013-12-24 15:33 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-05-28 20:14 . 2013-12-24 15:33 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-05-28 20:14 . 2013-12-24 15:33 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-05-28 20:14 . 2013-09-09 16:53 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-05-28 20:14 . 2013-09-09 16:52 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-05-28 20:14 . 2016-02-17 18:34 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-05-28 20:14 . 2013-12-24 15:33 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-05-13 13:27 . 2013-09-09 16:56 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-13 13:27 . 2013-09-09 16:56 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-22 18:13 . 2015-05-21 07:11 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-04-21 13:05 . 2013-09-09 17:07 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-12 15:23 . 2014-11-25 10:55 642336 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-04-09 06:54 . 2016-05-11 05:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-13 07:21 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-13 07:21 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-13 07:21 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-03-23 14:02 . 2016-04-13 07:21 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-13 07:21 2084864 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-13 07:21 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-13 07:21 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-13 07:21 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-13 07:21 279040 ----a-w- c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-13 07:21 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-13 07:21 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-13 07:21 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-13 07:21 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-03-16 00:16 . 2016-04-13 07:21 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-03-16 00:16 . 2016-04-13 07:21 106496 ----a-w- c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-13 07:21 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-03-06 18:53 . 2016-04-13 07:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-03-06 18:53 . 2016-04-13 07:21 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-03-06 18:38 . 2016-04-13 07:21 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-03-06 18:38 . 2016-04-13 07:21 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
2011-03-30 10:40 . 2011-03-30 10:40 517976 ----a-w- c:\program files (x86)\DXSETUP.exe
2011-03-30 10:40 . 2011-03-30 10:40 95576 ----a-w- c:\program files (x86)\DSETUP.dll
2011-03-30 10:40 . 2011-03-30 10:40 1566040 ----a-w- c:\program files (x86)\dsetup32.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrangeInside"="c:\users\admin\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe" [2016-05-12 0]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2016-05-28 7400576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Dedicarz Service;Dedicarz Service;c:\program files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe;c:\program files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe [x]
R2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
R3 BthAudioHF;Service BthAudioHF;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]
R3 cpuz134;cpuz134;c:\users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys;c:\windows\SYSNATIVE\DRIVERS\CESG64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver;c:\windows\system32\DRIVERS\SamsungRapidDiskFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidDiskFltr.sys [x]
S0 SamsungRapidFSFltr;SamsungRapidFSFltr;c:\windows\system32\DRIVERS\SamsungRapidFSFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidFSFltr.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BtSwitcherService;Service Bluetooth Switcher;c:\program files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [x]
S2 ClickToRunSvc;Service Démarrer en clic Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CSRBtAudioService;Service audio Bluetooth CSR;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [x]
S2 CsrBtOBEXService;CSR OBEX Service;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [x]
S2 CsrBtService;Service Bluetooth CSR;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GamingApp_Service;GamingApp_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Orange update Core Service;Orange update Core Service;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [x]
S2 SamsungRapidSvc;Samsung RAPID Mode Service;c:\windows\system32\RAPID\SamsungRapidSvc.exe;c:\windows\SYSNATIVE\RAPID\SamsungRapidSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cmudaxp;ASUS Xonar DGX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 csr_bthav;Profil AV Bluetooth;c:\windows\system32\drivers\csrbthav.sys;c:\windows\SYSNATIVE\drivers\csrbthav.sys [x]
S3 csravrcp;Profil AVRCP Bluetooth;c:\windows\system32\DRIVERS\csravrcp.sys;c:\windows\SYSNATIVE\DRIVERS\csravrcp.sys [x]
S3 CsrBthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\CsrBthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\CsrBthAudioHF.sys [x]
S3 CsrBtPort;Lecteur de périphérique Bluetooth CRS;c:\windows\system32\DRIVERS\CsrBtPort.sys;c:\windows\SYSNATIVE\DRIVERS\CsrBtPort.sys [x]
S3 csrhfgcc;Profil de commande d'appel HFG Bluetooth;c:\windows\system32\DRIVERS\csrhfgcc.sys;c:\windows\SYSNATIVE\DRIVERS\csrhfgcc.sys [x]
S3 csrpan;Bluetooth Personal Area Network Device Driver;c:\windows\system32\DRIVERS\csrpan.sys;c:\windows\SYSNATIVE\DRIVERS\csrpan.sys [x]
S3 csrserial;Lecteur de périphérique SPP;c:\windows\system32\DRIVERS\csrserial.sys;c:\windows\SYSNATIVE\DRIVERS\csrserial.sys [x]
S3 csrusb;Driver USB CSR pour dongle Bluetooth;c:\windows\system32\Drivers\csrusb.sys;c:\windows\SYSNATIVE\Drivers\csrusb.sys [x]
S3 csrusbfilter;CSR USB filter driver;c:\windows\system32\Drivers\csrusbfilter.sys;c:\windows\SYSNATIVE\Drivers\csrusbfilter.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 04:19 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-09 13:27]
.
2016-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-09 11:33]
.
2016-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-09 11:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-04-12 16:56 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-04-12 16:56 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-04-12 16:56 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-05-28 20:14 920784 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"SamsungRapidApp"="c:\program files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe" [2014-09-16 281776]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: Accéder au portail Orange - c:\users\admin\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Envoyer par SMS Orange le texte sélectionné - c:\users\admin\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: Rechercher le texte sélectionné - c:\users\admin\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: com\*.Wondershare
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\admin\
FF - prefs.js: browser.search.selectedEngine - Lasaoren
FF - user.js: extensions.srchlsrn.aflt - lrn_frmr_14_38_ff
FF - user.js: extensions.srchlsrn.instlRef - 142905_a
FF - user.js: extensions.srchlsrn.cr - 1820695780
FF - user.js: extensions.srchlsrn.cd - 2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FzzyDtByEtAzz0CyDyByCtN0D0Tzu0SzyzytCtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtB0EyBtC0CtCyCtG0C0ByByCtGzzzzyB0DtGyB0DtCtDtGtD0AtCyEyDzy0A0D0DyEtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0A0D0EtB0F0EyCtGtAyE0CzztGyE0F0AyEtGzzyBzz0AtG0FtA0CyCtA0AtD0A0ByDyEyC2Q
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{c9a6357b-25cc-4bcf-96c1-78736985d412} - (no file)
Wow6432Node-HKLM-Run- - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Orange\ma Livebox\maLivebox.exe
c:\program files (x86)\Orange\Orange Installer\OrangeInstaller.exe
c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
.
**************************************************************************
.
Heure de fin: 2016-06-03 11:22:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-06-03 09:22
.
Avant-CF: 98 849 460 224 octets libres
Après-CF: 98 437 488 640 octets libres
.
- - End Of File - - 764FD36AE6BEAB1FAB6ECB6B4AB2622F
B1F7D7F6E4FBE98E578562A22A94D02C
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.12286.9072 [GMT 2:00]
Lancé depuis: c:\users\admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\435695158131052185UL
c:\programdata\435695158131052185UL\7b454519bbfb9c523c7e5e362a27801c.ini
c:\windows\msdownld.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-05-03 au 2016-06-03 ))))))))))))))))))))))))))))))))))))
.
.
2016-06-03 09:11 . 2016-06-03 09:11 -------- d-----w- c:\users\FMDK7412\AppData\Local\temp
2016-06-02 14:38 . 2016-06-02 14:38 -------- d-----w- c:\program files (x86)\ZHPFix
2016-06-02 12:26 . 2016-06-02 12:35 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-02 12:26 . 2016-06-02 12:26 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-06-02 12:26 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-06-02 12:26 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-06-02 12:26 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-06-02 12:17 . 2016-06-02 12:19 -------- d-----w- C:\AdwCleaner
2016-06-02 09:36 . 2016-06-02 14:52 -------- d-----w- c:\users\admin\AppData\Roaming\ZHP
2016-05-31 04:51 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92E921F7-E19F-4985-858E-80EDF1E1833A}\mpengine.dll
2016-05-28 20:14 . 2016-05-28 20:14 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-05-28 20:14 . 2016-05-28 20:14 52184 ----a-w- c:\windows\avastSS.scr
2016-05-22 16:39 . 2016-05-22 16:40 -------- d-----w- c:\users\admin\AppData\Local\tkdata
2016-05-22 16:37 . 2016-05-22 16:46 -------- d-----w- c:\program files\Intel
2016-05-22 16:37 . 2016-05-22 16:45 -------- d-----w- c:\program files\Common Files\McAfee
2016-05-06 14:44 . 2016-05-06 14:44 -------- d-----w- c:\programdata\Epubsoft
2016-05-06 14:44 . 2016-05-06 14:44 -------- d-----w- c:\program files (x86)\EPUBSOFT
2016-05-05 11:02 . 2016-05-05 15:30 -------- d-----w- c:\users\admin\AppData\Roaming\dacia
2016-05-05 11:02 . 2016-05-05 11:02 -------- d-----w- c:\program files (x86)\Dacia Media Nav
2016-05-04 10:46 . 2016-05-04 10:46 -------- d-----w- c:\users\admin\AppData\Local\Adobe_Systems_Incorporate
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-28 20:14 . 2014-06-19 22:00 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-05-28 20:14 . 2013-12-24 15:56 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-05-28 20:14 . 2013-12-24 15:33 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-05-28 20:14 . 2013-12-24 15:33 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-05-28 20:14 . 2013-12-24 15:33 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-05-28 20:14 . 2013-09-09 16:53 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-05-28 20:14 . 2013-09-09 16:52 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-05-28 20:14 . 2016-02-17 18:34 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-05-28 20:14 . 2013-12-24 15:33 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-05-13 13:27 . 2013-09-09 16:56 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-13 13:27 . 2013-09-09 16:56 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-22 18:13 . 2015-05-21 07:11 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-04-21 13:05 . 2013-09-09 17:07 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-12 15:23 . 2014-11-25 10:55 642336 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-04-09 06:54 . 2016-05-11 05:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-13 07:21 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-13 07:21 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-13 07:21 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-03-23 14:02 . 2016-04-13 07:21 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-13 07:21 2084864 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-13 07:21 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-13 07:21 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-13 07:21 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-13 07:21 279040 ----a-w- c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-13 07:21 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-13 07:21 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-13 07:21 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-13 07:21 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-03-16 00:16 . 2016-04-13 07:21 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-03-16 00:16 . 2016-04-13 07:21 106496 ----a-w- c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-13 07:21 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-03-06 18:53 . 2016-04-13 07:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-03-06 18:53 . 2016-04-13 07:21 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-03-06 18:38 . 2016-04-13 07:21 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-03-06 18:38 . 2016-04-13 07:21 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
2011-03-30 10:40 . 2011-03-30 10:40 517976 ----a-w- c:\program files (x86)\DXSETUP.exe
2011-03-30 10:40 . 2011-03-30 10:40 95576 ----a-w- c:\program files (x86)\DSETUP.dll
2011-03-30 10:40 . 2011-03-30 10:40 1566040 ----a-w- c:\program files (x86)\dsetup32.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-11-05 20:20 1587400 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrangeInside"="c:\users\admin\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe" [2016-05-12 0]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2016-05-28 7400576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Dedicarz Service;Dedicarz Service;c:\program files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe;c:\program files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe [x]
R2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
R3 BthAudioHF;Service BthAudioHF;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]
R3 cpuz134;cpuz134;c:\users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\admin\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys;c:\windows\SYSNATIVE\DRIVERS\CESG64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver;c:\windows\system32\DRIVERS\SamsungRapidDiskFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidDiskFltr.sys [x]
S0 SamsungRapidFSFltr;SamsungRapidFSFltr;c:\windows\system32\DRIVERS\SamsungRapidFSFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidFSFltr.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BtSwitcherService;Service Bluetooth Switcher;c:\program files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [x]
S2 ClickToRunSvc;Service Démarrer en clic Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CSRBtAudioService;Service audio Bluetooth CSR;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [x]
S2 CsrBtOBEXService;CSR OBEX Service;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [x]
S2 CsrBtService;Service Bluetooth CSR;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe;c:\program files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GamingApp_Service;GamingApp_Service;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe;c:\program files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Orange update Core Service;Orange update Core Service;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [x]
S2 SamsungRapidSvc;Samsung RAPID Mode Service;c:\windows\system32\RAPID\SamsungRapidSvc.exe;c:\windows\SYSNATIVE\RAPID\SamsungRapidSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cmudaxp;ASUS Xonar DGX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 csr_bthav;Profil AV Bluetooth;c:\windows\system32\drivers\csrbthav.sys;c:\windows\SYSNATIVE\drivers\csrbthav.sys [x]
S3 csravrcp;Profil AVRCP Bluetooth;c:\windows\system32\DRIVERS\csravrcp.sys;c:\windows\SYSNATIVE\DRIVERS\csravrcp.sys [x]
S3 CsrBthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\CsrBthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\CsrBthAudioHF.sys [x]
S3 CsrBtPort;Lecteur de périphérique Bluetooth CRS;c:\windows\system32\DRIVERS\CsrBtPort.sys;c:\windows\SYSNATIVE\DRIVERS\CsrBtPort.sys [x]
S3 csrhfgcc;Profil de commande d'appel HFG Bluetooth;c:\windows\system32\DRIVERS\csrhfgcc.sys;c:\windows\SYSNATIVE\DRIVERS\csrhfgcc.sys [x]
S3 csrpan;Bluetooth Personal Area Network Device Driver;c:\windows\system32\DRIVERS\csrpan.sys;c:\windows\SYSNATIVE\DRIVERS\csrpan.sys [x]
S3 csrserial;Lecteur de périphérique SPP;c:\windows\system32\DRIVERS\csrserial.sys;c:\windows\SYSNATIVE\DRIVERS\csrserial.sys [x]
S3 csrusb;Driver USB CSR pour dongle Bluetooth;c:\windows\system32\Drivers\csrusb.sys;c:\windows\SYSNATIVE\Drivers\csrusb.sys [x]
S3 csrusbfilter;CSR USB filter driver;c:\windows\system32\Drivers\csrusbfilter.sys;c:\windows\SYSNATIVE\Drivers\csrusbfilter.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 04:19 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-09 13:27]
.
2016-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-09 11:33]
.
2016-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-09 11:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-11-05 20:21 1639112 ----a-w- c:\users\admin\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-04-12 16:56 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-04-12 16:56 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-04-12 16:56 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-05-28 20:14 920784 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2014-05-19 3100440]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"SamsungRapidApp"="c:\program files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe" [2014-09-16 281776]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
IE: Accéder au portail Orange - c:\users\admin\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Envoyer par SMS Orange le texte sélectionné - c:\users\admin\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: Rechercher le texte sélectionné - c:\users\admin\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: com\*.Wondershare
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\admin\
FF - prefs.js: browser.search.selectedEngine - Lasaoren
FF - user.js: extensions.srchlsrn.aflt - lrn_frmr_14_38_ff
FF - user.js: extensions.srchlsrn.instlRef - 142905_a
FF - user.js: extensions.srchlsrn.cr - 1820695780
FF - user.js: extensions.srchlsrn.cd - 2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FzzyDtByEtAzz0CyDyByCtN0D0Tzu0SzyzytCtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtB0EyBtC0CtCyCtG0C0ByByCtGzzzzyB0DtGyB0DtCtDtGtD0AtCyEyDzy0A0D0DyEtC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0A0D0EtB0F0EyCtGtAyE0CzztGyE0F0AyEtGzzyBzz0AtG0FtA0CyCtA0AtD0A0ByDyEyC2Q
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{c9a6357b-25cc-4bcf-96c1-78736985d412} - (no file)
Wow6432Node-HKLM-Run-
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Orange\ma Livebox\maLivebox.exe
c:\program files (x86)\Orange\Orange Installer\OrangeInstaller.exe
c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
c:\program files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
.
**************************************************************************
.
Heure de fin: 2016-06-03 11:22:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-06-03 09:22
.
Avant-CF: 98 849 460 224 octets libres
Après-CF: 98 437 488 640 octets libres
.
- - End Of File - - 764FD36AE6BEAB1FAB6ECB6B4AB2622F
B1F7D7F6E4FBE98E578562A22A94D02C