Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-01-29.01 - Valentin 06/02/2017 10:37:13.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.8175.5595 [GMT 1:00]
Lancé depuis: c:\users\Valentin\Desktop\Valentin.exe
AV: ESET Internet Security 10.0.386.4 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: Pare-feu personnel d'ESET *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Internet Security 10.0.386.4 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\Logs\websocketpp.log
c:\programdata\ma-config.com\Temp\componenttemp.gz
c:\programdata\ntuser.pol
C:\Setup.exe
c:\users\Public\sdelevURL.tmp
c:\users\Valentin\ABL2.64.dll
c:\users\Valentin\Crystal.64.dll
c:\users\Valentin\Diva(x64) - Copie.64.dll
c:\users\Valentin\Diva(x64).64.dll
c:\users\Valentin\Drumatic 4 (x64).64.dll
c:\users\Valentin\Drumatic 4.64.dll
c:\users\Valentin\Drumazon.64.dll
c:\users\Valentin\DSK Strings.64.dll
c:\users\Valentin\LuSH-101 x64.64.dll
c:\users\Valentin\Massive.64.dll
c:\users\Valentin\Oxford Inflator Native.64.dll
c:\users\Valentin\Pianoteq 5 (64-bit).64.dll
c:\users\Valentin\Predator x64.64.dll
c:\users\Valentin\PredatorFX x64.64.dll
c:\users\Valentin\Replika.64.dll
c:\users\Valentin\SandDollar.64.dll
c:\users\Valentin\SubBoomBass x64.64.dll
c:\users\Valentin\Synth1 VST64.64.dll
c:\users\Valentin\TAL-BassLine.64.dll
c:\users\Valentin\TAL-Elek7ro-II.64.dll
c:\users\Valentin\TAL-Reverb-2.64.dll
c:\users\Valentin\V-Station.64.dll
c:\users\Valentin\ValhallaRoom_x64.64.dll
c:\users\Valentin\ZHPCleaner.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\hookdll.dll
c:\windows\SysWow64\tmp226F.tmp
c:\windows\SysWow64\tmp227F.tmp
c:\windows\wininit.ini
H:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-01-06 au 2017-02-06 ))))))))))))))))))))))))))))))))))))
.
.
2017-02-06 07:22 . 2017-02-06 07:29 -------- d-----w- C:\FRST
2017-02-06 05:40 . 2017-02-06 05:41 -------- d-----w- c:\program files (x86)\Hotspot Shield
2017-02-06 05:40 . 2017-02-06 05:40 -------- d-----w- c:\programdata\Hotspot Shield
2017-02-06 05:12 . 2017-02-06 09:57 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-06 05:10 . 2017-02-06 05:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2017-02-06 05:10 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-02-06 05:10 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-02-06 05:10 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-02-06 03:37 . 2017-02-06 03:37 -------- d-----w- c:\programdata\Soluto
2017-02-05 21:30 . 2017-02-05 21:30 -------- d-----w- c:\program files\D16 Group
2017-02-04 04:58 . 2017-02-04 04:58 -------- d-----w- c:\program files\Camel Audio
2017-02-04 04:57 . 2017-02-04 04:57 -------- d-----w- c:\programdata\Camel Audio
2017-02-03 17:41 . 2017-02-03 17:41 42064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2017-01-30 23:51 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2017-01-30 23:51 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2017-01-30 23:51 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2017-01-29 19:34 . 2017-01-29 20:35 -------- d-----w- c:\programdata\Arturia
2017-01-20 19:41 . 2017-01-20 19:41 -------- d-----w- c:\program files\ESET
2017-01-17 21:46 . 2017-01-17 21:46 -------- d-----w- c:\program files\Steinberg
2017-01-17 20:39 . 2017-01-17 21:46 -------- d-----w- c:\program files\XLN Audio
2017-01-17 20:34 . 2017-01-17 20:34 -------- d-----w- c:\programdata\boost_interprocess
2017-01-17 20:34 . 2017-01-17 21:17 -------- d-----w- c:\programdata\XLN Audio
2017-01-17 20:33 . 2017-01-17 20:33 -------- d-----w- c:\users\Valentin\AppData\Roaming\XLN Online Installer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-17 20:36 . 2012-04-05 10:27 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-17 20:36 . 2011-12-26 00:58 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-11 17:31 . 2011-12-14 08:58 135657872 -c--a-w- c:\windows\system32\MRT.exe
2017-01-06 11:24 . 2010-06-24 10:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2017-01-04 14:28 . 2017-01-04 14:28 34712112 ----a-w- c:\windows\system32\nvoglv64.dll
2017-01-04 14:28 . 2017-01-04 14:28 28148792 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2017-01-04 14:28 . 2017-01-04 14:28 14081592 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2017-01-04 14:27 . 2017-01-04 14:27 446904 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2017-01-04 14:27 . 2017-01-04 14:27 398904 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2017-01-04 14:27 . 2017-01-04 14:27 951224 ----a-w- c:\windows\system32\NvIFR64.dll
2017-01-04 14:27 . 2017-01-04 14:27 903096 ----a-w- c:\windows\SysWow64\NvIFR.dll
2017-01-04 14:26 . 2017-01-04 14:26 1044920 ----a-w- c:\windows\system32\NvFBC64.dll
2017-01-04 14:26 . 2017-01-04 14:26 982456 ----a-w- c:\windows\SysWow64\NvFBC.dll
2017-01-04 14:26 . 2017-01-04 14:26 1964600 ----a-w- c:\windows\system32\nvdispco6437653.dll
2017-01-04 14:26 . 2017-01-04 14:26 1600056 ----a-w- c:\windows\system32\nvdispgenco6437653.dll
2017-01-04 14:25 . 2017-01-04 14:25 3647416 ----a-w- c:\windows\system32\nvcuvid.dll
2017-01-04 14:25 . 2017-01-04 14:25 3216440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2017-01-04 14:25 . 2017-01-04 14:25 40132536 ----a-w- c:\windows\system32\nvcompiler.dll
2017-01-04 14:25 . 2017-01-04 14:25 35231160 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2017-01-04 14:05 . 2016-08-26 16:21 20130624 ----a-w- c:\windows\system32\nvwgf2umx.dll
2017-01-04 14:05 . 2017-01-04 14:05 17537912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2017-01-04 14:05 . 2016-08-31 18:38 504936 ----a-w- c:\windows\system32\nvumdshimx.dll
2017-01-04 14:05 . 2017-01-04 14:05 419704 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2017-01-04 14:05 . 2017-01-04 14:05 11016832 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2017-01-04 14:05 . 2017-01-04 14:05 9000152 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2017-01-04 14:04 . 2017-01-04 14:04 10898544 ----a-w- c:\windows\system32\nvopencl.dll
2017-01-04 14:04 . 2017-01-04 14:04 9240240 ----a-w- c:\windows\SysWow64\nvopencl.dll
2017-01-04 14:04 . 2017-01-04 14:04 163632 ----a-w- c:\windows\system32\nvoglshim64.dll
2017-01-04 14:04 . 2017-01-04 14:04 141768 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2017-01-04 14:04 . 2017-01-04 14:04 181280 ----a-w- c:\windows\system32\nvinitx.dll
2017-01-04 14:04 . 2017-01-04 14:04 158208 ----a-w- c:\windows\SysWow64\nvinit.dll
2017-01-04 14:04 . 2017-01-04 14:04 698728 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2017-01-04 14:04 . 2017-01-04 14:04 586968 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-01-04 14:04 . 2017-01-04 14:04 534600 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2017-01-04 14:04 . 2017-01-04 14:04 448800 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2017-01-04 14:04 . 2017-01-04 14:04 17598144 ----a-w- c:\windows\system32\nvd3dumx.dll
2017-01-04 14:03 . 2017-01-04 14:03 14545352 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2017-01-04 14:03 . 2017-01-04 14:03 10444784 ----a-w- c:\windows\system32\nvcuda.dll
2017-01-04 14:03 . 2017-01-04 14:03 8839216 ----a-w- c:\windows\SysWow64\nvcuda.dll
2017-01-04 14:03 . 2017-01-04 14:03 3518872 ----a-w- c:\windows\SysWow64\nvapi.dll
2017-01-04 14:03 . 2016-08-26 16:21 3985104 ----a-w- c:\windows\system32\nvapi64.dll
2016-12-30 22:43 . 2017-02-03 14:52 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9C1DA8A-24F4-4984-8891-54E5E92AFD5D}\mpengine.dll
2016-12-13 16:11 . 2016-12-13 16:11 96856 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-12-13 16:11 . 2016-12-13 16:11 77616 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-12-13 16:11 . 2016-12-13 16:11 60536 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-12-13 16:11 . 2016-12-13 16:11 49672 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-12-13 16:11 . 2016-12-13 16:11 180544 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-12-13 16:11 . 2016-12-13 16:11 132272 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-12-13 16:11 . 2016-12-13 16:11 106768 ----a-w- c:\windows\system32\drivers\edevmon.sys
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-21 18:12 . 2016-12-14 15:00 109568 ----a-w- c:\windows\system32\hlink.dll
2016-11-20 16:19 . 2016-12-14 15:00 84992 ----a-w- c:\windows\SysWow64\hlink.dll
2016-11-20 14:07 . 2016-12-14 15:00 467392 ----a-w- c:\windows\system32\drivers\cng.sys
2016-11-17 16:41 . 2016-12-14 15:00 370920 ----a-w- c:\windows\system32\clfs.sys
2016-11-14 23:27 . 2016-12-14 15:00 394448 ----a-w- c:\windows\system32\iedkcs32.dll
2016-11-12 19:48 . 2016-12-14 14:59 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-11-12 19:48 . 2016-12-14 14:59 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-11-12 19:28 . 2016-12-14 15:00 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-11-12 19:26 . 2016-12-14 15:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-11-12 19:26 . 2016-12-14 15:00 417792 ----a-w- c:\windows\system32\html.iec
2016-11-12 19:25 . 2016-12-14 15:00 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-11-12 19:25 . 2016-12-14 15:00 576000 ----a-w- c:\windows\system32\vbscript.dll
2016-11-12 19:21 . 2016-12-14 15:00 2896384 ----a-w- c:\windows\system32\iertutil.dll
2016-11-12 19:15 . 2016-12-14 15:00 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-11-12 19:14 . 2016-12-14 15:00 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-11-12 19:09 . 2016-12-14 15:00 615936 ----a-w- c:\windows\system32\ieui.dll
2016-11-12 19:08 . 2016-12-14 15:00 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-11-12 19:08 . 2016-12-14 15:00 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-11-12 19:08 . 2016-12-14 15:00 25759744 ----a-w- c:\windows\system32\mshtml.dll
2016-11-12 19:07 . 2016-12-14 15:00 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-11-12 19:07 . 2016-12-14 15:00 817664 ----a-w- c:\windows\system32\jscript.dll
2016-11-12 18:56 . 2016-12-14 15:00 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-11-12 18:53 . 2016-12-14 15:00 6049280 ----a-w- c:\windows\system32\jscript9.dll
2016-11-12 18:52 . 2016-12-14 15:00 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-11-12 18:47 . 2016-12-14 14:59 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-11-12 18:41 . 2016-12-14 15:00 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-11-12 18:40 . 2016-12-14 15:00 107520 ----a-w- c:\windows\system32\inseng.dll
2016-11-12 18:35 . 2016-12-14 15:00 199680 ----a-w- c:\windows\system32\msrating.dll
2016-11-12 18:34 . 2016-12-14 15:00 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-11-12 18:31 . 2016-12-14 15:00 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-11-12 18:30 . 2016-12-14 15:00 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-11-12 18:29 . 2016-12-14 15:00 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29 . 2016-12-14 15:00 498688 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-11-12 18:29 . 2016-12-14 15:00 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-11-12 18:28 . 2016-12-14 15:00 152064 ----a-w- c:\windows\system32\occache.dll
2016-11-12 18:27 . 2016-12-14 15:00 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14 . 2016-12-14 15:00 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-11-12 18:14 . 2016-12-14 15:00 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-11-12 18:14 . 2016-12-14 15:00 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-11-12 18:11 . 2016-12-14 15:00 725504 ----a-w- c:\windows\system32\ie4uinit.exe
2016-11-12 18:10 . 2016-12-14 15:00 806912 ----a-w- c:\windows\system32\msfeeds.dll
2016-11-12 18:08 . 2016-12-14 15:00 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-11-12 18:08 . 2016-12-14 15:00 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
"GoogleChromeAutoLaunch_11CE4397CEC8D5A799D570639E2ACADD"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-12-08 935768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi3"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" --startup
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
.
R2 25e4f9bf;WebTect;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AFTrafMgr1.2;AFTrafMgr1.2;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_2_64.sys;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_2_64.sys [x]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;e:\_tools_\aida64\kerneld.x64;e:\_tools_\aida64\kerneld.x64 [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 cpuz139;cpuz139;c:\users\Valentin\AppData\Local\Temp\cpuz139\cpuz139_x64.sys;c:\users\Valentin\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 HerculesWiFi;HerculesWiFi;c:\windows\SysWOW64\\HerculesWiFiService.exe;c:\windows\SysWOW64\\HerculesWiFiService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys;c:\windows\SYSNATIVE\drivers\ksaud.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ma-config_amd64;ma-config_amd64;c:\program files\DriversCloud.com\Drivers\ma-config_amd64.sys;c:\program files\DriversCloud.com\Drivers\ma-config_amd64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 Scarlett_UAC2Audio;Focusrite Scarlett Audio Service;c:\windows\system32\DRIVERS\Scarlett_UAC2Audio.sys;c:\windows\SYSNATIVE\DRIVERS\Scarlett_UAC2Audio.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Internet Security\ekrn.exe;c:\program files\ESET\ESET Internet Security\ekrn.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ssdevfactory;SteelSeries Device Factory Service;c:\windows\system32\DRIVERS\ssdevfactory.sys;c:\windows\SYSNATIVE\DRIVERS\ssdevfactory.sys [x]
S3 sshid;SteelSeries HID Service;c:\windows\system32\DRIVERS\sshid.sys;c:\windows\SYSNATIVE\DRIVERS\sshid.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 17:01 1384792 ----a-w- c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2017-02-05 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-17 20:36]
.
2017-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 20:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-03-18 13774040]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-03-18 1396592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi3"=KORGUM64.DRV
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://fr.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = www.google.com
IE: &Envoyer à OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CD75854E-C999-470D-BCFD-77F1C1786A3C}: NameServer = 8.8.8.8,8.8.4.4
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5akaph.default\
FF - prefs.js: browser.startup.homepage - hxxps://fr.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Native Instruments Absynth 5 - c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}\Absynth 5 Setup PC.exe
AddRemove-Native Instruments FM8 - c:\programdata\{D0FD515C-72E9-4FA3-AB32-7251C0864B75}\FM8 Setup PC.exe
AddRemove-Native Instruments Kinetic Metal - c:\programdata\{7FBFAFC1-28FD-4658-9C6B-C2C2BDC4453C}\Kinetic Metal Setup PC.exe
AddRemove-Native Instruments Massive - c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.exe
AddRemove-Native Instruments Reaktor 6 - c:\programdata\{9C964661-2E2A-47A7-848E-D45FCF01A2C2}\Reaktor 6 Setup PC.exe
AddRemove-Native Instruments Reaktor 6 Bundle - c:\programdata\{0E6B114B-EAAB-4EE8-9ED4-AB156948B2E0}\Reaktor 6 Bundle Setup PC.exe
AddRemove-Native Instruments Replika - c:\programdata\{4F32E03B-B1A0-46BA-9B4D-95BCF9872A9D}\Replika Setup PC.exe
AddRemove-Native Instruments Service Center - c:\programdata\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe
AddRemove-Native Instruments Traktor 2 - c:\programdata\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.exe
AddRemove-ValhallaRoom_is1 - c:\programdata\Valhalla DSP
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe
AddRemove-{0DBCB5F0-DFFF-426f-9137-17E9A042F7DB} - c:\programdata\{4F32E03B-B1A0-46BA-9B4D-95BCF9872A9D}\Replika Setup PC.exe
AddRemove-{371B17C3-9624-4583-A497-DF980313D851} - c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}\Absynth 5 Setup PC.exe
AddRemove-{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9} - c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.exe
AddRemove-{61523CB1-462A-4D6C-80E5-8A2E8C1666AD} - c:\programdata\{9C964661-2E2A-47A7-848E-D45FCF01A2C2}\Reaktor 6 Setup PC.exe
AddRemove-{645650E3-893B-4AEC-9C81-3277C7870473} - c:\programdata\{0E6B114B-EAAB-4EE8-9ED4-AB156948B2E0}\Reaktor 6 Bundle Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.exe
AddRemove-{B2552FA6-86E3-410D-84AD-265C2242D410} - c:\programdata\{D0FD515C-72E9-4FA3-AB32-7251C0864B75}\FM8 Setup PC.exe
AddRemove-{b3cc56f9-a86c-44b1-a1de-3a6796844c0f} - c:\programdata\{C1594E76-BF94-41B4-981C-492EEB97B049}\The Grandeur Setup PC.exe
AddRemove-{B591E924-D9A9-4382-A5D8-239EC8AC304D} - c:\programdata\{80640BA5-260C-40F0-A108-EC27D82B53EA}\Battery 4 Demo Factory Library Setup PC.exe
AddRemove-{d3f531c7-8106-40d2-930b-dc73fdbcddba} - c:\programdata\{7FBFAFC1-28FD-4658-9C6B-C2C2BDC4453C}\Kinetic Metal Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\e:\_tools_\aida64\kerneld.x64"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-120811939-3613042288-4083298633-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:cb,3e,ac,81,07,77,76,82,76,93,93,97,fb,fa,e9,9d,25,7a,60,ea,fb,bd,fa,
86,06,8e,96,65,3d,8f,8d,25,41,c6,eb,aa,3b,3f,a1,51,74,ce,01,d3,d6,8f,24,58,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-120811939-3613042288-4083298633-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,b6,8e,02,a3,58,fa,7a,64,81,28,9c,55,56,f2,c4,7f,b8,65,a4,aa,
18,26,3c,f0,fa,2d,25,75,0d,cf,82,b5,b2,df,69,90,ab,66,05,f0,ea,35,f0,c6,58,\
"rkeysecu"=hex:43,a8,2c,f4,54,fe,d2,52,8b,a2,47,0a,5b,8d,b6,6e
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
.
**************************************************************************
.
Heure de fin: 2017-02-06 11:03:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-02-06 10:03
.
Avant-CF: 70 655 561 728 octets libres
Après-CF: 70 978 887 680 octets libres
.
- - End Of File - - 37B7E377ECDF636F35B90052B70F986E
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.8175.5595 [GMT 1:00]
Lancé depuis: c:\users\Valentin\Desktop\Valentin.exe
AV: ESET Internet Security 10.0.386.4 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: Pare-feu personnel d'ESET *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Internet Security 10.0.386.4 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\Logs\websocketpp.log
c:\programdata\ma-config.com\Temp\componenttemp.gz
c:\programdata\ntuser.pol
C:\Setup.exe
c:\users\Public\sdelevURL.tmp
c:\users\Valentin\ABL2.64.dll
c:\users\Valentin\Crystal.64.dll
c:\users\Valentin\Diva(x64) - Copie.64.dll
c:\users\Valentin\Diva(x64).64.dll
c:\users\Valentin\Drumatic 4 (x64).64.dll
c:\users\Valentin\Drumatic 4.64.dll
c:\users\Valentin\Drumazon.64.dll
c:\users\Valentin\DSK Strings.64.dll
c:\users\Valentin\LuSH-101 x64.64.dll
c:\users\Valentin\Massive.64.dll
c:\users\Valentin\Oxford Inflator Native.64.dll
c:\users\Valentin\Pianoteq 5 (64-bit).64.dll
c:\users\Valentin\Predator x64.64.dll
c:\users\Valentin\PredatorFX x64.64.dll
c:\users\Valentin\Replika.64.dll
c:\users\Valentin\SandDollar.64.dll
c:\users\Valentin\SubBoomBass x64.64.dll
c:\users\Valentin\Synth1 VST64.64.dll
c:\users\Valentin\TAL-BassLine.64.dll
c:\users\Valentin\TAL-Elek7ro-II.64.dll
c:\users\Valentin\TAL-Reverb-2.64.dll
c:\users\Valentin\V-Station.64.dll
c:\users\Valentin\ValhallaRoom_x64.64.dll
c:\users\Valentin\ZHPCleaner.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\hookdll.dll
c:\windows\SysWow64\tmp226F.tmp
c:\windows\SysWow64\tmp227F.tmp
c:\windows\wininit.ini
H:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-01-06 au 2017-02-06 ))))))))))))))))))))))))))))))))))))
.
.
2017-02-06 07:22 . 2017-02-06 07:29 -------- d-----w- C:\FRST
2017-02-06 05:40 . 2017-02-06 05:41 -------- d-----w- c:\program files (x86)\Hotspot Shield
2017-02-06 05:40 . 2017-02-06 05:40 -------- d-----w- c:\programdata\Hotspot Shield
2017-02-06 05:12 . 2017-02-06 09:57 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-02-06 05:10 . 2017-02-06 05:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2017-02-06 05:10 . 2015-10-05 08:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-02-06 05:10 . 2015-10-05 08:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2017-02-06 05:10 . 2015-10-05 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-02-06 03:37 . 2017-02-06 03:37 -------- d-----w- c:\programdata\Soluto
2017-02-05 21:30 . 2017-02-05 21:30 -------- d-----w- c:\program files\D16 Group
2017-02-04 04:58 . 2017-02-04 04:58 -------- d-----w- c:\program files\Camel Audio
2017-02-04 04:57 . 2017-02-04 04:57 -------- d-----w- c:\programdata\Camel Audio
2017-02-03 17:41 . 2017-02-03 17:41 42064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2017-01-30 23:51 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2017-01-30 23:51 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2017-01-30 23:51 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2017-01-29 19:34 . 2017-01-29 20:35 -------- d-----w- c:\programdata\Arturia
2017-01-20 19:41 . 2017-01-20 19:41 -------- d-----w- c:\program files\ESET
2017-01-17 21:46 . 2017-01-17 21:46 -------- d-----w- c:\program files\Steinberg
2017-01-17 20:39 . 2017-01-17 21:46 -------- d-----w- c:\program files\XLN Audio
2017-01-17 20:34 . 2017-01-17 20:34 -------- d-----w- c:\programdata\boost_interprocess
2017-01-17 20:34 . 2017-01-17 21:17 -------- d-----w- c:\programdata\XLN Audio
2017-01-17 20:33 . 2017-01-17 20:33 -------- d-----w- c:\users\Valentin\AppData\Roaming\XLN Online Installer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-17 20:36 . 2012-04-05 10:27 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-01-17 20:36 . 2011-12-26 00:58 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-11 17:31 . 2011-12-14 08:58 135657872 -c--a-w- c:\windows\system32\MRT.exe
2017-01-06 11:24 . 2010-06-24 10:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2017-01-04 14:28 . 2017-01-04 14:28 34712112 ----a-w- c:\windows\system32\nvoglv64.dll
2017-01-04 14:28 . 2017-01-04 14:28 28148792 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2017-01-04 14:28 . 2017-01-04 14:28 14081592 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2017-01-04 14:27 . 2017-01-04 14:27 446904 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2017-01-04 14:27 . 2017-01-04 14:27 398904 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2017-01-04 14:27 . 2017-01-04 14:27 951224 ----a-w- c:\windows\system32\NvIFR64.dll
2017-01-04 14:27 . 2017-01-04 14:27 903096 ----a-w- c:\windows\SysWow64\NvIFR.dll
2017-01-04 14:26 . 2017-01-04 14:26 1044920 ----a-w- c:\windows\system32\NvFBC64.dll
2017-01-04 14:26 . 2017-01-04 14:26 982456 ----a-w- c:\windows\SysWow64\NvFBC.dll
2017-01-04 14:26 . 2017-01-04 14:26 1964600 ----a-w- c:\windows\system32\nvdispco6437653.dll
2017-01-04 14:26 . 2017-01-04 14:26 1600056 ----a-w- c:\windows\system32\nvdispgenco6437653.dll
2017-01-04 14:25 . 2017-01-04 14:25 3647416 ----a-w- c:\windows\system32\nvcuvid.dll
2017-01-04 14:25 . 2017-01-04 14:25 3216440 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2017-01-04 14:25 . 2017-01-04 14:25 40132536 ----a-w- c:\windows\system32\nvcompiler.dll
2017-01-04 14:25 . 2017-01-04 14:25 35231160 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2017-01-04 14:05 . 2016-08-26 16:21 20130624 ----a-w- c:\windows\system32\nvwgf2umx.dll
2017-01-04 14:05 . 2017-01-04 14:05 17537912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2017-01-04 14:05 . 2016-08-31 18:38 504936 ----a-w- c:\windows\system32\nvumdshimx.dll
2017-01-04 14:05 . 2017-01-04 14:05 419704 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2017-01-04 14:05 . 2017-01-04 14:05 11016832 ----a-w- c:\windows\system32\nvptxJitCompiler.dll
2017-01-04 14:05 . 2017-01-04 14:05 9000152 ----a-w- c:\windows\SysWow64\nvptxJitCompiler.dll
2017-01-04 14:04 . 2017-01-04 14:04 10898544 ----a-w- c:\windows\system32\nvopencl.dll
2017-01-04 14:04 . 2017-01-04 14:04 9240240 ----a-w- c:\windows\SysWow64\nvopencl.dll
2017-01-04 14:04 . 2017-01-04 14:04 163632 ----a-w- c:\windows\system32\nvoglshim64.dll
2017-01-04 14:04 . 2017-01-04 14:04 141768 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2017-01-04 14:04 . 2017-01-04 14:04 181280 ----a-w- c:\windows\system32\nvinitx.dll
2017-01-04 14:04 . 2017-01-04 14:04 158208 ----a-w- c:\windows\SysWow64\nvinit.dll
2017-01-04 14:04 . 2017-01-04 14:04 698728 ----a-w- c:\windows\system32\nvfatbinaryLoader.dll
2017-01-04 14:04 . 2017-01-04 14:04 586968 ----a-w- c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-01-04 14:04 . 2017-01-04 14:04 534600 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2017-01-04 14:04 . 2017-01-04 14:04 448800 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2017-01-04 14:04 . 2017-01-04 14:04 17598144 ----a-w- c:\windows\system32\nvd3dumx.dll
2017-01-04 14:03 . 2017-01-04 14:03 14545352 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2017-01-04 14:03 . 2017-01-04 14:03 10444784 ----a-w- c:\windows\system32\nvcuda.dll
2017-01-04 14:03 . 2017-01-04 14:03 8839216 ----a-w- c:\windows\SysWow64\nvcuda.dll
2017-01-04 14:03 . 2017-01-04 14:03 3518872 ----a-w- c:\windows\SysWow64\nvapi.dll
2017-01-04 14:03 . 2016-08-26 16:21 3985104 ----a-w- c:\windows\system32\nvapi64.dll
2016-12-30 22:43 . 2017-02-03 14:52 12229912 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9C1DA8A-24F4-4984-8891-54E5E92AFD5D}\mpengine.dll
2016-12-13 16:11 . 2016-12-13 16:11 96856 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-12-13 16:11 . 2016-12-13 16:11 77616 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-12-13 16:11 . 2016-12-13 16:11 60536 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-12-13 16:11 . 2016-12-13 16:11 49672 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-12-13 16:11 . 2016-12-13 16:11 180544 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-12-13 16:11 . 2016-12-13 16:11 132272 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-12-13 16:11 . 2016-12-13 16:11 106768 ----a-w- c:\windows\system32\drivers\edevmon.sys
2016-11-29 21:34 . 2016-11-29 21:34 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34 19112 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2016-11-21 18:12 . 2016-12-14 15:00 109568 ----a-w- c:\windows\system32\hlink.dll
2016-11-20 16:19 . 2016-12-14 15:00 84992 ----a-w- c:\windows\SysWow64\hlink.dll
2016-11-20 14:07 . 2016-12-14 15:00 467392 ----a-w- c:\windows\system32\drivers\cng.sys
2016-11-17 16:41 . 2016-12-14 15:00 370920 ----a-w- c:\windows\system32\clfs.sys
2016-11-14 23:27 . 2016-12-14 15:00 394448 ----a-w- c:\windows\system32\iedkcs32.dll
2016-11-12 19:48 . 2016-12-14 14:59 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-11-12 19:48 . 2016-12-14 14:59 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-11-12 19:28 . 2016-12-14 15:00 66560 ----a-w- c:\windows\system32\iesetup.dll
2016-11-12 19:26 . 2016-12-14 15:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-11-12 19:26 . 2016-12-14 15:00 417792 ----a-w- c:\windows\system32\html.iec
2016-11-12 19:25 . 2016-12-14 15:00 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-11-12 19:25 . 2016-12-14 15:00 576000 ----a-w- c:\windows\system32\vbscript.dll
2016-11-12 19:21 . 2016-12-14 15:00 2896384 ----a-w- c:\windows\system32\iertutil.dll
2016-11-12 19:15 . 2016-12-14 15:00 54784 ----a-w- c:\windows\system32\jsproxy.dll
2016-11-12 19:14 . 2016-12-14 15:00 34304 ----a-w- c:\windows\system32\iernonce.dll
2016-11-12 19:09 . 2016-12-14 15:00 615936 ----a-w- c:\windows\system32\ieui.dll
2016-11-12 19:08 . 2016-12-14 15:00 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-11-12 19:08 . 2016-12-14 15:00 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2016-11-12 19:08 . 2016-12-14 15:00 25759744 ----a-w- c:\windows\system32\mshtml.dll
2016-11-12 19:07 . 2016-12-14 15:00 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2016-11-12 19:07 . 2016-12-14 15:00 817664 ----a-w- c:\windows\system32\jscript.dll
2016-11-12 18:56 . 2016-12-14 15:00 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-11-12 18:53 . 2016-12-14 15:00 6049280 ----a-w- c:\windows\system32\jscript9.dll
2016-11-12 18:52 . 2016-12-14 15:00 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2016-11-12 18:47 . 2016-12-14 14:59 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2016-11-12 18:41 . 2016-12-14 15:00 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-11-12 18:40 . 2016-12-14 15:00 107520 ----a-w- c:\windows\system32\inseng.dll
2016-11-12 18:35 . 2016-12-14 15:00 199680 ----a-w- c:\windows\system32\msrating.dll
2016-11-12 18:34 . 2016-12-14 15:00 92160 ----a-w- c:\windows\system32\mshtmled.dll
2016-11-12 18:31 . 2016-12-14 15:00 315392 ----a-w- c:\windows\system32\dxtrans.dll
2016-11-12 18:30 . 2016-12-14 15:00 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2016-11-12 18:29 . 2016-12-14 15:00 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2016-11-12 18:29 . 2016-12-14 15:00 498688 ----a-w- c:\windows\SysWow64\vbscript.dll
2016-11-12 18:29 . 2016-12-14 15:00 341504 ----a-w- c:\windows\SysWow64\html.iec
2016-11-12 18:28 . 2016-12-14 15:00 152064 ----a-w- c:\windows\system32\occache.dll
2016-11-12 18:27 . 2016-12-14 15:00 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2016-11-12 18:14 . 2016-12-14 15:00 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2016-11-12 18:14 . 2016-12-14 15:00 262144 ----a-w- c:\windows\system32\webcheck.dll
2016-11-12 18:14 . 2016-12-14 15:00 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2016-11-12 18:11 . 2016-12-14 15:00 725504 ----a-w- c:\windows\system32\ie4uinit.exe
2016-11-12 18:10 . 2016-12-14 15:00 806912 ----a-w- c:\windows\system32\msfeeds.dll
2016-11-12 18:08 . 2016-12-14 15:00 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-11-12 18:08 . 2016-12-14 15:00 2131456 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:15 463360 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:15 463360 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:15 463360 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
"GoogleChromeAutoLaunch_11CE4397CEC8D5A799D570639E2ACADD"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-12-08 935768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi3"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" --startup
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
.
R2 25e4f9bf;WebTect;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AFTrafMgr1.2;AFTrafMgr1.2;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_2_64.sys;c:\program files (x86)\Hotspot Shield\bin\TrafMgr_1_2_64.sys [x]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;e:\_tools_\aida64\kerneld.x64;e:\_tools_\aida64\kerneld.x64 [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 cpuz139;cpuz139;c:\users\Valentin\AppData\Local\Temp\cpuz139\cpuz139_x64.sys;c:\users\Valentin\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 HerculesWiFi;HerculesWiFi;c:\windows\SysWOW64\\HerculesWiFiService.exe;c:\windows\SysWOW64\\HerculesWiFiService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys;c:\windows\SYSNATIVE\drivers\ksaud.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ma-config_amd64;ma-config_amd64;c:\program files\DriversCloud.com\Drivers\ma-config_amd64.sys;c:\program files\DriversCloud.com\Drivers\ma-config_amd64.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 Scarlett_UAC2Audio;Focusrite Scarlett Audio Service;c:\windows\system32\DRIVERS\Scarlett_UAC2Audio.sys;c:\windows\SYSNATIVE\DRIVERS\Scarlett_UAC2Audio.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Internet Security\ekrn.exe;c:\program files\ESET\ESET Internet Security\ekrn.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ssdevfactory;SteelSeries Device Factory Service;c:\windows\system32\DRIVERS\ssdevfactory.sys;c:\windows\SYSNATIVE\DRIVERS\ssdevfactory.sys [x]
S3 sshid;SteelSeries HID Service;c:\windows\system32\DRIVERS\sshid.sys;c:\windows\SYSNATIVE\DRIVERS\sshid.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 17:01 1384792 ----a-w- c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2017-02-05 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-17 20:36]
.
2017-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 20:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtPending]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2014-05-01 14:13 470016 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSynced]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2014-05-01 14:13 470016 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\###MegaShellExtSyncing]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2014-05-01 14:13 470016 ----a-w- c:\users\Valentin\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-03-18 13774040]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-03-18 1396592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi3"=KORGUM64.DRV
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://fr.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = www.google.com
IE: &Envoyer à OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CD75854E-C999-470D-BCFD-77F1C1786A3C}: NameServer = 8.8.8.8,8.8.4.4
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5akaph.default\
FF - prefs.js: browser.startup.homepage - hxxps://fr.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Native Instruments Absynth 5 - c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}\Absynth 5 Setup PC.exe
AddRemove-Native Instruments FM8 - c:\programdata\{D0FD515C-72E9-4FA3-AB32-7251C0864B75}\FM8 Setup PC.exe
AddRemove-Native Instruments Kinetic Metal - c:\programdata\{7FBFAFC1-28FD-4658-9C6B-C2C2BDC4453C}\Kinetic Metal Setup PC.exe
AddRemove-Native Instruments Massive - c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.exe
AddRemove-Native Instruments Reaktor 6 - c:\programdata\{9C964661-2E2A-47A7-848E-D45FCF01A2C2}\Reaktor 6 Setup PC.exe
AddRemove-Native Instruments Reaktor 6 Bundle - c:\programdata\{0E6B114B-EAAB-4EE8-9ED4-AB156948B2E0}\Reaktor 6 Bundle Setup PC.exe
AddRemove-Native Instruments Replika - c:\programdata\{4F32E03B-B1A0-46BA-9B4D-95BCF9872A9D}\Replika Setup PC.exe
AddRemove-Native Instruments Service Center - c:\programdata\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe
AddRemove-Native Instruments Traktor 2 - c:\programdata\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.exe
AddRemove-ValhallaRoom_is1 - c:\programdata\Valhalla DSP
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe
AddRemove-{0DBCB5F0-DFFF-426f-9137-17E9A042F7DB} - c:\programdata\{4F32E03B-B1A0-46BA-9B4D-95BCF9872A9D}\Replika Setup PC.exe
AddRemove-{371B17C3-9624-4583-A497-DF980313D851} - c:\programdata\{C2A88E6D-FA3D-462B-BDFF-A09B1EFA8FBE}\Absynth 5 Setup PC.exe
AddRemove-{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9} - c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}\Massive Setup PC.exe
AddRemove-{61523CB1-462A-4D6C-80E5-8A2E8C1666AD} - c:\programdata\{9C964661-2E2A-47A7-848E-D45FCF01A2C2}\Reaktor 6 Setup PC.exe
AddRemove-{645650E3-893B-4AEC-9C81-3277C7870473} - c:\programdata\{0E6B114B-EAAB-4EE8-9ED4-AB156948B2E0}\Reaktor 6 Bundle Setup PC.exe
AddRemove-{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} - c:\programdata\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}\Traktor 2 Setup PC.exe
AddRemove-{B2552FA6-86E3-410D-84AD-265C2242D410} - c:\programdata\{D0FD515C-72E9-4FA3-AB32-7251C0864B75}\FM8 Setup PC.exe
AddRemove-{b3cc56f9-a86c-44b1-a1de-3a6796844c0f} - c:\programdata\{C1594E76-BF94-41B4-981C-492EEB97B049}\The Grandeur Setup PC.exe
AddRemove-{B591E924-D9A9-4382-A5D8-239EC8AC304D} - c:\programdata\{80640BA5-260C-40F0-A108-EC27D82B53EA}\Battery 4 Demo Factory Library Setup PC.exe
AddRemove-{d3f531c7-8106-40d2-930b-dc73fdbcddba} - c:\programdata\{7FBFAFC1-28FD-4658-9C6B-C2C2BDC4453C}\Kinetic Metal Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\e:\_tools_\aida64\kerneld.x64"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-120811939-3613042288-4083298633-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:cb,3e,ac,81,07,77,76,82,76,93,93,97,fb,fa,e9,9d,25,7a,60,ea,fb,bd,fa,
86,06,8e,96,65,3d,8f,8d,25,41,c6,eb,aa,3b,3f,a1,51,74,ce,01,d3,d6,8f,24,58,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-120811939-3613042288-4083298633-1000\Software\SecuROM\License information*]
"datasecu"=hex:d4,b6,8e,02,a3,58,fa,7a,64,81,28,9c,55,56,f2,c4,7f,b8,65,a4,aa,
18,26,3c,f0,fa,2d,25,75,0d,cf,82,b5,b2,df,69,90,ab,66,05,f0,ea,35,f0,c6,58,\
"rkeysecu"=hex:43,a8,2c,f4,54,fe,d2,52,8b,a2,47,0a,5b,8d,b6,6e
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
.
**************************************************************************
.
Heure de fin: 2017-02-06 11:03:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2017-02-06 10:03
.
Avant-CF: 70 655 561 728 octets libres
Après-CF: 70 978 887 680 octets libres
.
- - End Of File - - 37B7E377ECDF636F35B90052B70F986E