ComboFix 14-08-24.01 - Schukka 24/08/2014 16:25:07.1.2 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3839.2476 [GMT 2:00] Lancé depuis: c:\users\Schukka\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\ma-config.com\Logs\activex.txt c:\programdata\ma-config.com\Logs\mcstubuser.txt c:\programdata\ma-config.com\mcbase.db c:\programdata\ma-config.com\server.pem c:\windows\SysWow64\System32\MASetupCleaner.exe c:\windows\SysWow64\System32\muzapp.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2014-07-24 au 2014-08-24 )))))))))))))))))))))))))))))))))))) . . 2014-08-24 13:24 . 2014-08-24 14:22 -------- d-----w- c:\users\Schukka\AppData\Local\CrashDumps 2014-08-24 12:32 . 2014-08-24 12:32 -------- d-----w- c:\users\Schukka\AppData\Local\ElevatedDiagnostics 2014-08-24 10:57 . 2014-08-24 10:57 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys 2014-08-24 10:57 . 2014-08-24 10:57 -------- d-----w- c:\programdata\RogueKiller 2014-08-24 10:35 . 2014-08-24 10:35 -------- d-----w- c:\users\Schukka\AppData\Local\Macromedia 2014-08-24 10:11 . 2014-08-24 10:11 -------- d-----w- c:\users\Schukka\AppData\Local\Mozilla 2014-08-24 10:11 . 2014-08-24 10:11 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2014-08-24 09:53 . 2014-08-24 09:53 -------- d-----w- c:\users\Schukka\AppData\Roaming\AVAST Software 2014-08-24 09:52 . 2014-08-24 09:52 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-08-24 09:52 . 2014-08-24 09:52 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-08-24 09:52 . 2014-08-24 09:52 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2014-08-24 09:52 . 2014-08-24 09:52 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-08-24 09:52 . 2014-08-24 09:52 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-08-24 09:52 . 2014-08-24 09:52 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-08-24 09:52 . 2014-08-24 09:52 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-08-24 09:52 . 2014-08-24 09:52 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-08-24 09:52 . 2014-08-24 09:52 334648 ----a-w- c:\windows\system32\aswBoot.exe 2014-08-24 09:52 . 2014-08-24 09:52 43152 ----a-w- c:\windows\avastSS.scr 2014-08-24 09:52 . 2014-08-24 09:52 -------- d-----w- c:\program files\AVAST Software 2014-08-24 09:51 . 2014-08-24 09:51 -------- d-----w- c:\programdata\AVAST Software 2014-08-23 14:12 . 2014-08-23 14:13 -------- d-----w- c:\program files (x86)\ZHPFix 2014-08-23 10:51 . 2014-08-24 13:38 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2014-08-23 10:44 . 2014-08-24 13:35 -------- d-----w- c:\users\Schukka\AppData\Roaming\ZHP 2014-08-23 10:44 . 2014-08-24 13:34 -------- d-----w- c:\program files (x86)\ZHPDiag 2014-08-23 10:12 . 2014-08-23 10:12 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-08-23 10:00 . 2014-08-23 11:29 -------- d-----w- c:\users\TEMP 2014-08-22 10:11 . 2014-08-22 10:11 -------- d-----w- c:\program files (x86)\Google 2014-08-22 09:52 . 2014-08-22 09:52 -------- d-----w- c:\users\Schukka\2014-08-22 11-52-41 2014-08-21 13:46 . 2014-08-21 15:17 -------- d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor 2014-08-19 08:15 . 2014-08-19 08:15 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2014-08-19 08:15 . 2014-08-20 06:17 -------- d-----w- c:\users\Schukka\AppData\Local\Adobe 2014-08-19 08:12 . 2014-08-19 08:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-08-19 08:12 . 2014-08-19 08:12 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-08-19 08:08 . 2014-08-19 08:08 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2014-08-18 13:44 . 2014-08-18 13:44 -------- d-----w- c:\windows\SysWow64\sda 2014-08-18 13:44 . 2014-01-07 12:24 359128 ----a-w- c:\windows\system32\drivers\RtsPStor.sys 2014-08-18 13:44 . 2014-01-07 12:10 313048 ----a-w- c:\windows\system32\drivers\RtsBaStor.sys 2014-08-18 13:44 . 2014-01-03 14:34 465624 ----a-w- c:\windows\system32\drivers\RtsPer.sys 2014-08-18 13:44 . 2014-01-03 14:08 291544 ----a-w- c:\windows\system32\drivers\RtsP2Stor.sys 2014-08-18 13:44 . 2014-01-03 11:33 271064 ----a-w- c:\windows\system32\drivers\RtsUStor.sys 2014-08-18 13:44 . 2014-01-03 09:14 331992 ----a-w- c:\windows\system32\drivers\RtsUVStor.sys 2014-08-18 13:44 . 2013-04-25 16:12 9889352 ----a-w- c:\windows\SysWow64\RsCRIcon.dll 2014-08-18 13:23 . 2014-08-24 14:32 -------- d-----w- c:\programdata\ma-config.com 2014-08-18 13:23 . 2014-08-18 13:23 -------- d-----w- c:\program files\ma-config.com 2014-08-18 12:31 . 2014-08-18 12:31 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2014-08-18 12:31 . 2014-08-18 12:31 -------- d-----w- c:\windows\system32\wbem\en-US 2014-08-18 11:37 . 2014-08-18 11:37 -------- d-s---w- c:\windows\SysWow64\Microsoft 2014-08-18 11:24 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-08-18 11:12 . 2014-08-18 13:38 -------- d-----w- c:\users\Schukka\AppData\Roaming\Malwarebytes 2014-08-18 11:11 . 2014-08-18 13:38 -------- d-----w- c:\programdata\Malwarebytes 2014-08-18 11:08 . 2014-08-18 13:37 -------- d-----w- c:\users\Schukka\AppData\Local\LogMeIn Rescue Applet 2014-08-18 07:03 . 2014-08-18 07:02 880040 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2014-08-18 07:03 . 2014-08-18 07:02 802728 ----a-w- c:\windows\SysWow64\deployJava1.dll 2014-08-18 07:02 . 2014-08-18 07:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-08-18 07:02 . 2014-08-18 07:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-08-18 07:01 . 2014-08-18 07:01 -------- d-----w- c:\users\Schukka\AppData\Roaming\Oracle 2014-08-18 06:28 . 2014-08-22 08:39 -------- d-----w- c:\users\UpdatusUser.HOMEFRED 2014-08-18 06:27 . 2014-08-18 06:27 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2014-08-18 06:27 . 2014-08-19 06:11 -------- d-----w- c:\programdata\NVIDIA 2014-08-18 06:27 . 2013-01-31 09:24 63776 ----a-w- c:\windows\system32\nvshext.dll 2014-08-18 06:26 . 2014-08-18 06:26 -------- d-----w- c:\programdata\NVIDIA Corporation 2014-08-18 05:50 . 2014-08-18 05:50 -------- d-----w- c:\users\Schukka\AppData\Roaming\Apple Computer 2014-08-17 12:10 . 2014-08-17 12:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2014-08-17 12:10 . 2014-08-17 12:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2014-08-17 12:10 . 2014-08-17 12:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2014-08-17 12:10 . 2014-08-17 12:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2014-08-17 12:10 . 2014-08-17 12:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2014-08-17 12:10 . 2014-08-17 12:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2014-08-17 12:10 . 2014-08-17 12:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2014-08-17 12:09 . 2014-08-17 12:09 -------- d-----w- c:\users\Schukka\AppData\Local\Apple 2014-08-17 12:09 . 2014-08-17 12:09 -------- d-----w- c:\programdata\Apple 2014-08-15 09:49 . 2014-08-15 09:49 -------- d-----w- c:\windows\SysWow64\RTCOM 2014-08-15 09:49 . 2014-08-15 09:49 -------- d-----w- c:\program files\Realtek 2014-08-15 09:45 . 2014-02-18 15:04 2770976 ----a-w- c:\windows\system32\FMAPO64.dll 2014-08-15 09:45 . 2013-10-11 10:47 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll 2014-08-15 09:45 . 2012-03-08 09:47 108640 ----a-w- c:\windows\system32\AERTAR64.dll 2014-08-15 09:45 . 2013-10-16 01:43 209096 ----a-w- c:\windows\system32\AERTAC64.dll 2014-08-15 09:44 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2014-08-15 08:59 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-15 08:59 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-15 08:59 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-15 08:59 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-15 08:59 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-15 08:59 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-15 08:59 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-15 08:59 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-15 08:52 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll 2014-08-15 08:52 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-08-15 08:52 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll 2014-08-15 08:52 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll 2014-08-15 08:52 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll 2014-08-15 08:52 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll 2014-08-15 08:52 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe 2014-08-15 08:52 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll 2014-08-15 08:52 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll 2014-08-15 08:03 . 2014-07-25 13:42 48128 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll 2014-08-15 08:02 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8743D12-0C4F-4FF7-A155-7E833DFDDD3A}\mpengine.dll 2014-08-15 08:01 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll 2014-08-15 08:01 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2014-08-14 12:15 . 2014-08-15 09:49 -------- d-----w- c:\windows\system32\SRSLabs 2014-08-14 11:59 . 2014-08-14 11:59 -------- d-----w- C:\OEMSettings 2014-08-11 08:12 . 2014-08-18 07:03 -------- d-----w- c:\programdata\Oracle 2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2014-08-02 14:59 . 2014-08-22 10:10 -------- d-----w- c:\users\Schukka\AppData\Local\Deployment 2014-07-31 23:54 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll 2014-07-31 23:54 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe 2014-07-31 23:54 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll 2014-07-31 23:54 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll 2014-07-31 23:54 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll 2014-07-31 23:54 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll 2014-07-31 23:54 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll 2014-07-31 23:54 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2014-07-31 23:54 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll 2014-07-31 23:54 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll 2014-07-31 23:53 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll 2014-07-31 23:53 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll 2014-07-31 23:53 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe 2014-07-31 23:53 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-24 13:28 . 2012-06-01 21:09 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin 2014-08-15 09:05 . 2010-06-21 10:42 99218768 ----a-w- c:\windows\system32\MRT.exe 2014-07-24 15:30 . 2012-07-17 12:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-07-21 13:19 . 2014-07-21 13:19 44640 ----a-w- c:\windows\system32\drivers\aswTap.sys 2014-07-14 08:06 . 2007-04-27 08:43 120200 ------w- c:\windows\SysWow64\DLLDEV32i.dll 2014-06-19 00:48 . 2014-07-08 23:09 2768384 ----a-w- c:\windows\system32\iertutil(335).dll 2014-06-18 23:32 . 2014-07-08 23:09 2179072 ----a-w- c:\windows\SysWow64\iertutil(345).dll 2014-06-18 22:58 . 2014-07-08 23:09 2266112 ----a-w- c:\windows\system32\wininet(343).dll 2014-06-18 22:34 . 2014-07-08 23:09 1393664 ----a-w- c:\windows\system32\urlmon(340).dll 2014-06-18 22:13 . 2014-07-08 23:09 1791488 ----a-w- c:\windows\SysWow64\wininet(351).dll 2014-06-18 22:09 . 2014-07-08 23:09 1139200 ----a-w- c:\windows\SysWow64\urlmon(349).dll 2014-06-18 02:18 . 2014-07-08 23:09 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-08 23:09 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-06 10:10 . 2014-07-08 23:09 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-08 23:09 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-08 23:08 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-08 23:07 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-08 23:07 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-05-30 08:08 . 2014-07-08 23:10 210944 ----a-w- c:\windows\system32\wdigest.dll 2014-05-30 08:08 . 2014-07-08 23:10 86528 ----a-w- c:\windows\system32\TSpkg.dll 2014-05-30 08:08 . 2014-07-08 23:10 340992 ----a-w- c:\windows\system32\schannel.dll 2014-05-30 08:08 . 2014-07-08 23:10 314880 ----a-w- c:\windows\system32\msv1_0.dll 2014-05-30 08:08 . 2014-07-08 23:10 307200 ----a-w- c:\windows\system32\ncrypt.dll 2014-05-30 08:08 . 2014-07-08 23:10 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-05-30 08:08 . 2014-07-08 23:10 22016 ----a-w- c:\windows\system32\credssp.dll 2014-05-30 07:52 . 2014-07-08 23:10 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2014-05-30 07:52 . 2014-07-08 23:10 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2014-05-30 07:52 . 2014-07-08 23:10 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2014-05-30 07:52 . 2014-07-08 23:10 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2014-05-30 07:52 . 2014-07-08 23:10 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2014-05-30 07:52 . 2014-07-08 23:10 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-05-30 07:52 . 2014-07-08 23:10 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2014-05-30 06:45 . 2014-07-08 23:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-12-23 16:33 220632 ----a-w- c:\users\Schukka\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-12-23 16:33 220632 ----a-w- c:\users\Schukka\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-12-23 16:33 220632 ----a-w- c:\users\Schukka\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-24 3890208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x] R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x] R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x] R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x] R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x] R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 ma-config_amd64;ma-config_amd64;c:\program files\ma-config.com\Drivers\ma-config_amd64.sys;c:\program files\ma-config.com\Drivers\ma-config_amd64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v3.sys [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x] R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bserd.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x] S2 MaConfigAgent;Ma-Config Agent;c:\program files\ma-config.com\MaConfigAgent.exe;c:\program files\ma-config.com\MaConfigAgent.exe [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-08-22 10:11 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe . Contenu du dossier 'Tâches planifiées' . 2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22 10:11] . 2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-22 10:11] . 2014-08-24 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-12-23 16:33 244696 ----a-w- c:\users\Schukka\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-12-23 16:33 244696 ----a-w- c:\users\Schukka\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-12-23 16:33 244696 ----a-w- c:\users\Schukka\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-08-24 09:52 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-08-19 21720] . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94 mStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94 mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94&q={searchTerms} mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94 mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94&q={searchTerms} uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: {{06568ceb-5721-47d4-9d93-7e604fcbaeab} - c:\programs\PMU\PMUPoker\RunApp.exe TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{B7851C52-B96C-4A3C-BE9D-46E0458616D2}: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Schukka\AppData\Roaming\Mozilla\Firefox\Profiles\z3x46fhb.default\ FF - prefs.js: browser.search.selectedEngine - istartsurf FF - prefs.js: browser.startup.homepage - hxxp://www.istartsurf.com/?type=hp&ts=1408890134&from=air&uid=395049983_1052514_50CF6E94 . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_USERS\S-1-5-21-1365627989-1550815974-3705189505-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2014-08-24 16:36:25 ComboFix-quarantined-files.txt 2014-08-24 14:36 . Avant-CF: 551 007 121 408 octets libres Après-CF: 559 936 413 696 octets libres . - - End Of File - - E354DA8870891CD4465D0CCF802EE1F7 2085E6B3DD4FF90989B9AEABCB7562CD