ComboFix 17-05-09.01 - PAOLINI 12/05/2017 13:43:13.1.4 - x64 Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.8136.6230 [GMT 2:00] Lancé depuis: c:\users\PAOLINI\Desktop\paul.exe AV: Kaspersky Anti-Virus *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98} SP: Kaspersky Anti-Virus *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.pol c:\users\PAOLINI\AppData\Roaming\5743774261_1026 c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\config.json c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_locales\en\messages.json c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_locales\ru\messages.json c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_metadata\computed_hashes.json c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\_metadata\verified_contents.json c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\background.html c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\favicon.png c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\icon128.png c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\icon32.png c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\img\icon48.png c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\manifest.json c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\occulee.js c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\options.html c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\options.js c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\ping.js c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\cu.js c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\emul.js c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\frs.js c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\mcsh-loader.js c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\prcr.js c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\rpst.js c:\users\PAOLINI\AppData\Roaming\5743774261_1026\chrome\zeroplug\iggdmkkkjkjbmomhnaaglcjdmfmamkca\scripts\rtr.js c:\users\PAOLINI\AppData\Roaming\5743774261_1026\cp.bat c:\users\PAOLINI\AppData\Roaming\5743774261_1026\hardcode.csv c:\users\PAOLINI\AppData\Roaming\5743774261_1026\main.ini c:\windows\SysWow64\logs c:\windows\SysWow64\logs\myeasylog.log . . ((((((((((((((((((((((((((((( Fichiers créés du 2017-04-12 au 2017-05-12 )))))))))))))))))))))))))))))))))))) . . 2017-05-12 11:51 . 2017-05-12 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-05-10 10:33 . 2017-05-10 18:47 -------- d-----w- c:\users\PAOLINI\AppData\Roaming\ZHP 2017-05-10 10:33 . 2017-05-10 18:45 -------- d-----w- c:\users\PAOLINI\AppData\Local\ZHP 2017-05-10 10:26 . 2017-04-28 01:09 880640 ----a-w- c:\windows\system32\advapi32.dll 2017-05-09 20:07 . 2017-05-10 10:54 -------- d-----w- C:\FRST 2017-05-01 18:36 . 2017-05-01 18:36 -------- d-----w- c:\users\PAOLINI\AppData\Roaming\Skype 2017-05-01 18:21 . 2017-04-21 00:44 88256 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\msointl30.fr-fr.dll 2017-05-01 18:21 . 2017-04-21 00:38 1020104 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\C2RUI.fr-fr.dll 2017-05-01 18:21 . 2017-04-13 06:38 2422992 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll 2017-05-01 17:52 . 2017-05-05 16:35 -------- d-----r- c:\users\PAOLINI\OneDrive 2017-05-01 17:52 . 2017-05-01 17:52 -------- d-----w- c:\programdata\Microsoft OneDrive 2017-05-01 17:48 . 2017-05-01 18:25 3248832 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2017-04-28 12:17 . 2017-04-06 23:10 12993592 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C702995-92AC-420D-B242-2328E165B08E}\mpengine.dll 2017-04-25 12:55 . 2017-04-25 12:55 14440 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\TEXTCONV\WPEQU532.DLL 2017-04-23 19:12 . 2017-04-23 19:12 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories 2017-04-21 00:31 . 2017-04-21 00:31 28352 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll 2017-04-21 00:02 . 2017-04-21 00:02 446144 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE 2017-04-20 23:46 . 2017-04-20 23:46 207040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 2017-04-20 17:27 . 2017-04-20 17:27 1274456 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pidgenx.dll 2017-04-14 18:52 . 2017-05-08 11:59 -------- d-----w- c:\users\PAOLINI\AppData\Roaming\GTAV Enhanced Native Trainer . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2017-05-10 11:47 . 2015-07-24 15:37 156335152 -c--a-w- c:\windows\system32\MRT.exe 2017-04-28 00:32 . 2017-05-10 10:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2017-04-10 20:33 . 2016-06-26 14:10 1035480 ----a-w- c:\windows\system32\drivers\klif.sys 2017-04-10 20:33 . 2016-06-26 14:10 195296 ----a-w- c:\windows\system32\drivers\klflt.sys 2017-04-10 20:33 . 2016-06-20 16:51 314864 ----a-w- c:\windows\system32\drivers\klhk.sys 2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll 2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll 2017-03-22 15:32 . 2017-04-12 10:21 3165184 ----a-w- c:\windows\system32\wucltux.dll 2017-03-22 15:32 . 2017-04-12 10:21 98816 ----a-w- c:\windows\system32\wudriver.dll 2017-03-22 15:32 . 2017-04-12 10:21 192512 ----a-w- c:\windows\system32\wuwebv.dll 2017-03-22 15:30 . 2017-04-12 10:21 91136 ----a-w- c:\windows\system32\WinSetupUI.dll 2017-03-22 15:24 . 2017-04-12 10:21 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll 2017-03-22 15:17 . 2017-04-12 10:21 2651136 ----a-w- c:\windows\system32\wuaueng.dll 2017-03-22 15:15 . 2017-04-12 10:21 709120 ----a-w- c:\windows\system32\wuapi.dll 2017-03-22 15:15 . 2017-04-12 10:21 37888 ----a-w- c:\windows\system32\wuapp.exe 2017-03-22 15:15 . 2017-04-12 10:21 140288 ----a-w- c:\windows\system32\wuauclt.exe 2017-03-22 15:15 . 2017-04-12 10:21 36864 ----a-w- c:\windows\system32\wups.dll 2017-03-22 15:15 . 2017-04-12 10:21 37888 ----a-w- c:\windows\system32\wups2.dll 2017-03-22 15:15 . 2017-04-12 10:21 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2017-03-22 15:05 . 2017-04-12 10:21 573440 ----a-w- c:\windows\SysWow64\wuapi.dll 2017-03-22 15:05 . 2017-04-12 10:21 35328 ----a-w- c:\windows\SysWow64\wuapp.exe 2017-03-22 15:05 . 2017-04-12 10:21 30208 ----a-w- c:\windows\SysWow64\wups.dll 2017-03-22 15:05 . 2017-04-12 10:21 93696 ----a-w- c:\windows\SysWow64\wudriver.dll 2017-03-16 17:29 . 2017-03-16 17:29 119808 ----a-r- c:\users\PAOLINI\AppData\Roaming\Microsoft\Installer\{5F8683B5-5056-411C-B808-B289E29E9BBB}\icons.exe 2017-03-13 12:57 . 2016-06-14 16:47 199392 ----a-w- c:\windows\system32\drivers\kneps.sys 2017-03-13 12:57 . 2016-06-02 21:39 135904 ----a-w- c:\windows\system32\drivers\klwtp.sys 2017-03-10 16:35 . 2017-04-12 10:21 382696 ----a-w- c:\windows\system32\atmfd.dll 2017-03-10 16:31 . 2017-04-12 10:21 41472 ----a-w- c:\windows\system32\lpk.dll 2017-03-10 16:31 . 2017-04-12 10:21 100864 ----a-w- c:\windows\system32\fontsub.dll 2017-03-10 16:31 . 2017-04-12 10:21 14336 ----a-w- c:\windows\system32\dciman32.dll 2017-03-10 16:31 . 2017-04-12 10:21 46080 ----a-w- c:\windows\system32\atmlib.dll 2017-03-10 16:27 . 2017-04-12 10:21 308456 ----a-w- c:\windows\SysWow64\atmfd.dll 2017-03-10 16:20 . 2017-04-12 10:21 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2017-03-10 16:19 . 2017-04-12 10:21 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2017-03-10 16:19 . 2017-04-12 10:21 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2017-03-10 15:53 . 2017-04-12 10:21 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2017-03-07 16:30 . 2017-04-12 10:21 85504 ----a-w- c:\windows\system32\asycfilt.dll 2017-03-07 16:17 . 2017-04-12 10:21 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll 2017-03-04 01:27 . 2017-04-12 10:21 1574912 ----a-w- c:\windows\system32\quartz.dll 2017-03-04 01:27 . 2017-04-12 10:21 93696 ----a-w- c:\windows\system32\mfmjpegdec.dll 2017-03-04 01:14 . 2017-04-12 10:21 1329664 ----a-w- c:\windows\SysWow64\quartz.dll 2017-03-04 01:14 . 2017-04-12 10:21 77312 ----a-w- c:\windows\SysWow64\mfmjpegdec.dll 2017-02-23 18:32 . 2017-03-24 16:44 46016 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2017-02-23 18:32 . 2017-03-24 16:44 156608 ----a-w- c:\windows\system32\nvaudcap64v.dll 2017-02-23 18:32 . 2017-03-24 16:44 124352 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2017-02-22 23:42 . 2017-03-16 17:29 84712 ----a-w- c:\windows\system32\CompatTelRunner.exe 2017-02-22 23:37 . 2017-03-16 17:29 1285632 ----a-w- c:\windows\system32\aeinv.dll 2017-02-18 14:05 . 2017-03-16 17:29 646656 ----a-w- c:\windows\system32\generaltel.dll 2017-02-18 14:05 . 2017-03-16 17:29 1609216 ----a-w- c:\windows\system32\appraiser.dll 2017-02-16 14:45 . 2017-02-16 14:45 87224 ----a-w- c:\windows\system32\vcruntime140.dll 2017-02-16 14:45 . 2017-02-16 14:45 627368 ----a-w- c:\windows\system32\msvcp140.dll 2017-02-16 14:45 . 2017-02-16 14:45 391344 ----a-w- c:\windows\system32\vccorlib140.dll 2017-02-16 14:45 . 2017-02-16 14:45 332456 ----a-w- c:\windows\system32\concrt140.dll 2017-02-16 14:39 . 2017-02-16 14:39 83792 ----a-w- c:\windows\SysWow64\vcruntime140.dll 2017-02-16 14:39 . 2017-02-16 14:39 438080 ----a-w- c:\windows\SysWow64\msvcp140.dll 2017-02-16 14:39 . 2017-02-16 14:39 264368 ----a-w- c:\windows\SysWow64\vccorlib140.dll 2017-02-16 14:39 . 2017-02-16 14:39 243016 ----a-w- c:\windows\SysWow64\concrt140.dll 2017-02-14 16:33 . 2017-04-12 10:21 757248 ----a-w- c:\windows\system32\win32spl.dll 2017-02-14 16:19 . 2017-04-12 10:21 497664 ----a-w- c:\windows\SysWow64\win32spl.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2] @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}" [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}] 2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3] @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}] 2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2017-05-05 16:34 2094808 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2017-05-01 18:29 2071856 ----a-w- e:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2017-05-01 18:29 2071856 ----a-w- e:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2017-05-01 18:29 2071856 ----a-w- e:\program files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="e:\program files\CCleaner\CCleaner64.exe" [2017-04-10 9532120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-01-29 594992] . c:\users\PAOLINI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Envoyer à OneNote.lnk - e:\program files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr [2017-5-1 172736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "RequireSignedAppInit_DLLs"=0 (0x0) "AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] @="Service" . 3;4 MBAMService;Malwarebytes Service;e:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;e:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x] R2 AVP17.0.0;Kaspersky Anti-Virus Service 17.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R2 Origin Web Helper Service;Origin Web Helper Service;e:\program files (x86)\Origin\OriginWebHelperService.exe;e:\program files (x86)\Origin\OriginWebHelperService.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x] R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 klvssbrigde64;klvssbrigde64;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 Origin Client Service;Origin Client Service;e:\program files (x86)\Origin\OriginClientService.exe;e:\program files (x86)\Origin\OriginClientService.exe [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x] S0 iusb3hcs;Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x] S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x] S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 AtherosSvc;AtherosSvc;e:\program files (x86)\Bluetooth Suite\adminservice.exe;e:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x] S2 LucidSvc;LucidSvc;e:\program files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe;e:\program files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe [x] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x] S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;e:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;e:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 iusb3hub;Pilote de concentrateur Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Pilote du contrôleur d'hôte extensible Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x] S4 MBAMChameleon;MBAMChameleon;c:\windows\system32\drivers\MBAMChameleon.sys;c:\windows\SYSNATIVE\drivers\MBAMChameleon.sys [x] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - MBAMSWISSARMY *Deregistered* - ESProtectionDriver . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2017-04-07 16:04 1319256 ----a-w- c:\program files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2] @="{5AB7172C-9C11-405C-8DD5-AF20F3606282}" [HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}] 2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3] @="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" [HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}] 2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2017-05-05 16:34 2171608 ----a-w- c:\users\PAOLINI\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2017-05-01 18:32 3073328 ----a-w- e:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2017-05-01 18:32 3073328 ----a-w- e:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2017-05-01 18:32 3073328 ----a-w- e:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VIRTU MVP 2.0"="e:\program files\Lucidlogix Technologies\VIRTU MVP 2.0\MVPControlPanel20.Exe" [2013-11-26 1239272] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768] "AtherosBtStack"="e:\program files (x86)\Bluetooth Suite\btvstack.exe" [2012-09-28 1023104] "AthBtTray"="e:\program files (x86)\Bluetooth Suite\athbttray.exe" [2012-09-28 801920] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\appinit_dll.dll . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = www.google.com mDefault_Search_URL = www.google.com mDefault_Page_URL = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = www.google.com mStart Page = www.google.com uInternet Settings,ProxyOverride = *.local;192.168.*.* IE: &Envoyer à OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105 IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - e:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL . - - - - ORPHELINS SUPPRIMES - - - - . ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) AddRemove-{793C2BF7-A4FE-4608-91C9-9282C5801C21} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-31214933-3041228913-4108588116-1000\Software\SecuROM\License information*] "datasecu"=hex:ef,4a,6a,27,49,8e,10,42,e7,7c,3c,62,97,a2,a8,57,ce,eb,ed,b9,73, 96,d0,00,80,2a,dc,95,fd,1b,ba,82,cf,bf,62,c9,01,74,b1,0f,0c,20,81,30,08,b1,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" "Key"="ActionsPane3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0] "Key"="http://schemas.microsoft.com/office/smartdocuments/2003" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias] "0"="Microsoft Actions Pane 3" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2017-05-12 13:54:30 ComboFix-quarantined-files.txt 2017-05-12 11:54 . Avant-CF: 2 194 202 624 octets libres Après-CF: 2 034 896 896 octets libres . - - End Of File - - 171123373A272F4115C05314B67EDBAF A36C5E4F47E84449FF07ED3517B43A31