ComboFix 14-10-29.01 - Chantal 31/10/2014   8:24.2.2 - x64
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.1791.770 [GMT 1:00]
Lancé depuis: c:\users\Chantal\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-09-28 au 2014-10-31  ))))))))))))))))))))))))))))))))))))
.
.
2014-10-31 07:33 . 2014-10-31 07:33	--------	d-----w-	c:\users\TEMP\AppData\Local\temp
2014-10-31 07:33 . 2014-10-31 07:33	--------	d-----w-	c:\users\TEMP.Chantal-PC\AppData\Local\temp
2014-10-31 07:33 . 2014-10-31 07:33	--------	d-----w-	c:\users\TEMP.Chantal-PC.002\AppData\Local\temp
2014-10-31 07:33 . 2014-10-31 07:33	--------	d-----w-	c:\users\TEMP.Chantal-PC.001\AppData\Local\temp
2014-10-31 07:33 . 2014-10-31 07:33	--------	d-----w-	c:\users\TEMP.Chantal-PC.000\AppData\Local\temp
2014-10-31 07:33 . 2014-10-31 07:33	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-10-31 07:33 . 2014-10-31 07:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-31 07:19 . 2014-10-31 07:19	--------	d-----w-	c:\users\TEMP.Chantal-PC.006
2014-10-30 21:13 . 2014-10-14 19:59	11627712	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A8AC315-EA51-47D3-AD6F-D748854CEB30}\mpengine.dll
2014-10-30 21:06 . 2010-08-30 07:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-10-30 20:35 . 2014-10-14 19:59	11627712	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-30 15:55 . 2014-10-30 17:12	512	----a-w-	C:\PhysicalDisk0_MBR.bin
2014-10-30 15:09 . 2014-10-30 15:11	--------	d-----w-	c:\users\Chantal\AppData\Roaming\Infected Scanner
2014-10-30 14:57 . 2014-10-30 15:50	--------	d-----w-	c:\program files (x86)\ZHPDiag
2014-10-30 13:44 . 2014-10-30 17:01	--------	d-----w-	c:\users\TEMP.Chantal-PC.005
2014-10-30 07:32 . 2014-10-30 09:23	--------	d-----w-	c:\users\TEMP.Chantal-PC.004
2014-10-16 03:32 . 2014-09-29 00:58	3198976	----a-w-	c:\windows\system32\win32k.sys
2014-10-16 03:32 . 2014-06-18 22:23	73880	----a-w-	c:\windows\system32\mscories.dll
2014-10-16 03:32 . 2014-06-18 22:23	1943696	----a-w-	c:\windows\system32\dfshim.dll
2014-10-16 03:32 . 2014-06-18 22:23	156312	----a-w-	c:\windows\system32\mscorier.dll
2014-10-16 03:32 . 2014-06-18 22:23	156824	----a-w-	c:\windows\SysWow64\mscorier.dll
2014-10-16 03:32 . 2014-06-18 22:23	1131664	----a-w-	c:\windows\SysWow64\dfshim.dll
2014-10-16 03:32 . 2014-06-18 22:23	81560	----a-w-	c:\windows\SysWow64\mscories.dll
2014-10-16 03:30 . 2014-09-18 02:00	3241472	----a-w-	c:\windows\system32\msi.dll
2014-10-09 08:31 . 2014-10-30 21:06	--------	d-----w-	C:\AdwCleaner
2014-10-09 07:59 . 2014-10-09 08:36	--------	d-----w-	c:\users\TEMP.Chantal-PC.003
2014-10-01 17:25 . 2014-09-16 16:53	1188440	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{752751CC-3ABF-49CA-9BCB-2327201A3C10}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 18:42 . 2014-08-28 18:29	34808	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2014-10-30 11:25 . 2011-02-15 08:17	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-30 09:37 . 2014-04-16 12:16	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-16 10:38 . 2013-02-18 14:34	103265616	----a-w-	c:\windows\system32\MRT.exe
2014-10-01 10:11 . 2014-04-16 12:16	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-10-01 10:11 . 2014-04-16 12:16	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 10:11 . 2011-02-16 11:01	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-09-25 08:31 . 2012-06-04 20:09	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-25 08:31 . 2011-09-04 19:14	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-25 08:31 . 2014-09-25 08:31	3675824	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-25 02:08 . 2014-09-30 17:26	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 17:26	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-16 16:53 . 2014-09-16 16:56	1188440	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 22:11 . 2014-09-25 08:16	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-25 08:16	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-02 13:54 . 2014-08-30 08:33	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-08-29 09:37 . 2010-06-24 10:33	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 10:04	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 10:04	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-21 09:24 . 2014-09-08 10:23	11319192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1C18222-13CF-4D7B-8446-E1C5EC2B80D7}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-23 6501656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys;c:\windows\SYSNATIVE\DRIVERS\zghsnmea.sys [x]
S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [x]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-30 20:50	1089352	----a-w-	c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2014-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 08:31]
.
2014-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30 09:27]
.
2014-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30 09:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - c:\users\Chantal\AppData\Roaming\Mozilla\Firefox\Profiles\yjho4fb5.default-1414702360738\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2014-10-31  08:37:23
ComboFix-quarantined-files.txt  2014-10-31 07:37
ComboFix2.txt  2014-10-30 10:54
.
Avant-CF: 383 383 592 960 octets libres
Après-CF: 383 045 386 240 octets libres
.
- - End Of File - - 287A66ED7C7FE3D54B12902712BD0F65
A36C5E4F47E84449FF07ED3517B43A31