ComboFix 15-10-09.01 - Paugam 12/10/2015 15:06:58.1.4 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3957.2794 [GMT 2:00] Lancé depuis: c:\users\Paugam\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . ((((((((((((((((((((((((((((( Fichiers créés du 2015-09-12 au 2015-10-12 )))))))))))))))))))))))))))))))))))) . . 2015-10-12 13:13 . 2015-10-12 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-10-06 16:08 . 2015-10-06 16:08 -------- d-----w- C:\GAMIGO 2015-10-06 15:49 . 2015-09-16 03:43 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3E0675B-DD06-445F-8728-23C4A8A95C79}\mpengine.dll 2015-10-05 08:03 . 2015-10-05 08:10 -------- d-----w- c:\users\Paugam\AppData\Local\Microsoft Games 2015-10-03 23:53 . 2015-10-03 23:53 -------- d-----w- c:\program files (x86)\Common Files\InstallShield 2015-10-02 09:40 . 2015-10-02 09:40 -------- d-----w- c:\users\Paugam\AppData\Local\Comodo 2015-10-02 09:27 . 2015-10-05 07:22 -------- d-----w- c:\programdata\Comodo 2015-10-02 07:12 . 2015-10-02 07:12 -------- d-----w- c:\users\Paugam\AppData\Roaming\AVAST Software 2015-10-02 06:52 . 2015-10-05 14:25 -------- d-----w- c:\windows\SysWow64\config\systemprofile\.oracle_jre_usage 2015-10-02 06:52 . 2015-10-02 06:52 -------- d-----w- c:\windows\SysWow64\vbox 2015-10-02 06:52 . 2015-10-02 06:52 -------- d-----w- c:\windows\system32\vbox 2015-10-02 06:52 . 2015-10-02 06:51 153744 ----a-w- c:\windows\system32\drivers\aswStm.sys 2015-10-02 06:52 . 2015-10-02 06:51 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-10-02 06:52 . 2015-10-02 06:51 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-10-02 06:52 . 2015-10-02 06:51 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-10-02 06:52 . 2015-10-02 06:51 448968 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-10-02 06:52 . 2015-10-02 06:51 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-10-02 06:52 . 2015-10-02 06:51 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2015-10-02 06:52 . 2015-10-02 06:51 1049880 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-10-02 06:51 . 2015-10-02 06:51 132656 ----a-w- c:\windows\system32\drivers\ngvss.sys 2015-10-02 06:51 . 2015-10-02 06:51 378880 ----a-w- c:\windows\system32\aswBoot.exe 2015-10-02 06:51 . 2015-10-02 06:51 43112 ----a-w- c:\windows\avastSS.scr 2015-10-02 06:21 . 2015-10-02 06:21 -------- d-----w- c:\program files\AVAST Software 2015-10-02 05:56 . 2015-10-02 05:56 -------- d-----w- c:\programdata\AVAST Software 2015-10-02 05:39 . 2015-10-12 12:36 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-10-02 05:39 . 2015-10-02 05:39 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-10-02 05:39 . 2015-10-02 05:39 -------- d-----w- c:\programdata\Malwarebytes 2015-10-02 05:39 . 2015-06-18 06:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-10-02 05:39 . 2015-06-18 06:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-10-02 05:39 . 2015-06-18 06:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-10-02 05:38 . 2015-10-02 05:38 -------- d-----w- c:\users\Paugam\AppData\Local\Programs 2015-09-27 01:31 . 2015-09-27 01:31 -------- d-----w- c:\users\Paugam\AppData\Local\GlassWire 2015-09-27 01:30 . 2015-09-27 01:30 -------- d-----w- c:\programdata\GlassWire 2015-09-27 01:00 . 2015-09-27 01:00 -------- d-----w- C:\$360Section 2015-09-27 00:34 . 2015-01-07 04:11 15872 ----a-w- c:\windows\system32\drivers\fr-FR\mup.sys.mui 2015-09-27 00:34 . 2015-01-07 03:10 782848 ----a-w- c:\windows\system32\gpsvc.dll 2015-09-27 00:34 . 2015-01-07 02:44 79872 ----a-w- c:\windows\SysWow64\gpapi.dll 2015-09-27 00:34 . 2015-01-07 03:15 104896 ----a-w- c:\windows\system32\drivers\mup.sys 2015-09-27 00:34 . 2015-01-07 01:49 310272 ----a-w- c:\windows\system32\drivers\rdbss.sys 2015-09-27 00:34 . 2015-01-07 01:48 105984 ----a-w- c:\windows\system32\drivers\dfsc.sys 2015-09-24 21:51 . 2015-09-27 01:00 -------- d-----w- c:\programdata\360Quarant 2015-09-24 21:24 . 2015-09-27 10:34 -------- d-----w- c:\programdata\360safe 2015-09-24 21:23 . 2015-09-27 10:34 -------- d-----w- c:\program files (x86)\Common Files\AV 2015-09-24 21:23 . 2015-09-24 21:23 -------- d-----w- c:\program files (x86)\360 2015-09-24 12:11 . 2015-10-06 15:48 -------- d-----w- c:\users\Paugam\AppData\Local\Diagnostics 2015-09-24 12:08 . 2015-09-24 12:10 -------- d-----w- c:\users\Paugam\AppData\Local\ElevatedDiagnostics 2015-09-24 08:26 . 2015-09-24 08:26 -------- d--h--w- c:\programdata\CanonBJ 2015-09-24 08:26 . 2013-04-04 03:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDBU.DLL 2015-09-24 08:26 . 2013-04-04 03:00 101888 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPBU.DLL 2015-09-24 08:17 . 2015-09-27 10:46 -------- dc----w- c:\users\Paugam\AppData\Local\MigWiz 2015-09-16 08:33 . 2015-09-16 08:33 -------- d-----w- c:\users\Paugam\Tracing 2015-09-16 08:28 . 2015-09-16 08:28 -------- d-----w- c:\users\Paugam\AppData\Local\Skype 2015-09-16 08:28 . 2015-10-11 08:02 -------- d-----w- c:\users\Paugam\AppData\Roaming\Skype 2015-09-16 08:27 . 2015-09-16 08:27 -------- d-----w- c:\program files (x86)\Common Files\Skype 2015-09-16 08:27 . 2015-09-16 08:27 -------- d-----r- c:\program files (x86)\Skype 2015-09-16 08:27 . 2015-10-02 17:00 -------- d-----w- c:\programdata\Skype . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2015-10-12 13:14 . 2015-10-12 13:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3E0675B-DD06-445F-8728-23C4A8A95C79}\offreg.3168.dll 2015-09-22 07:56 . 2015-07-24 13:55 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-09-22 07:56 . 2015-07-24 13:55 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-08-26 18:50 . 2015-07-24 13:53 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-08-26 18:24 . 2015-07-16 18:18 132483416 ----a-w- c:\windows\system32\MRT.exe 2015-08-11 01:20 . 2015-08-26 19:07 25191936 ----a-w- c:\windows\system32\mshtml.dll 2015-08-11 01:14 . 2015-08-26 19:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2015-08-11 00:33 . 2015-08-26 19:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2015-07-30 18:06 . 2015-08-26 18:23 1648128 ----a-w- c:\windows\system32\DWrite.dll 2015-07-30 18:06 . 2015-08-26 18:23 1180160 ----a-w- c:\windows\system32\FntCache.dll 2015-07-30 18:06 . 2015-08-26 18:23 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2015-07-30 18:06 . 2015-08-26 18:23 41984 ----a-w- c:\windows\system32\lpk.dll 2015-07-30 18:06 . 2015-08-26 18:23 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-07-30 18:06 . 2015-08-26 18:23 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-07-30 18:06 . 2015-08-26 18:23 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-07-30 17:57 . 2015-08-26 18:23 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll 2015-07-30 17:57 . 2015-08-26 18:23 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2015-07-30 17:57 . 2015-08-26 18:23 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-07-30 17:57 . 2015-08-26 18:23 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-07-30 17:57 . 2015-08-26 18:23 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-07-30 17:55 . 2015-08-26 18:23 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-07-30 16:56 . 2015-08-26 18:23 3208192 ----a-w- c:\windows\system32\win32k.sys 2015-07-30 16:52 . 2015-08-26 18:23 372736 ----a-w- c:\windows\system32\atmfd.dll 2015-07-30 16:49 . 2015-08-26 18:23 299520 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-07-30 13:13 . 2015-08-26 18:30 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-07-30 13:13 . 2015-08-26 18:30 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-07-28 20:09 . 2015-08-26 18:23 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-07-28 20:05 . 2015-08-26 18:23 774656 ----a-w- c:\windows\system32\invagent.dll 2015-07-28 20:05 . 2015-08-26 18:23 743424 ----a-w- c:\windows\system32\generaltel.dll 2015-07-28 20:05 . 2015-08-26 18:23 437760 ----a-w- c:\windows\system32\devinv.dll 2015-07-28 20:05 . 2015-08-26 18:23 1116672 ----a-w- c:\windows\system32\appraiser.dll 2015-07-28 20:05 . 2015-08-26 18:23 69120 ----a-w- c:\windows\system32\acmigration.dll 2015-07-28 20:05 . 2015-08-26 18:23 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-07-28 19:55 . 2015-08-26 18:23 1148416 ----a-w- c:\windows\system32\aeinv.dll 2015-07-24 13:27 . 2015-07-21 15:31 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2015-07-21 20:51 . 2015-07-21 20:52 116240 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2015-07-21 20:50 . 2015-07-21 20:52 55296 ----a-w- c:\windows\system32\coinst.dll 2015-07-21 20:50 . 2015-07-21 20:52 38912 ----a-w- c:\windows\system32\atiuxp64.dll 2015-07-21 20:50 . 2015-07-21 20:52 3025408 ----a-w- c:\windows\SysWow64\atiumdva.dll 2015-07-21 20:50 . 2015-07-21 20:52 30208 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2015-07-21 20:50 . 2015-07-21 20:52 3798528 ----a-w- c:\windows\SysWow64\atiumdag.dll 2015-07-21 20:50 . 2015-07-21 20:52 2752512 ----a-w- c:\windows\system32\atiumd6a.dll 2015-07-21 20:50 . 2015-07-21 20:52 4917248 ----a-w- c:\windows\system32\atiumd64.dll 2015-07-21 20:50 . 2015-07-21 20:52 421376 ----a-w- c:\windows\system32\atipdl64.dll 2015-07-21 20:50 . 2015-07-21 20:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2015-07-21 20:50 . 2015-07-21 20:52 30208 ----a-w- c:\windows\system32\atiu9p64.dll 2015-07-21 20:50 . 2015-07-21 20:52 22528 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2015-07-21 20:50 . 2015-07-21 20:52 120320 ----a-w- c:\windows\system32\atitmm64.dll 2015-07-21 20:50 . 2015-07-21 20:52 15180800 ----a-w- c:\windows\SysWow64\atioglxx.dll 2015-07-21 20:50 . 2015-07-21 20:52 19901952 ----a-w- c:\windows\system32\atio6axx.dll 2015-07-21 20:50 . 2015-07-21 20:52 54272 ----a-w- c:\windows\system32\atimpc64.dll 2015-07-21 20:50 . 2015-07-21 20:52 54272 ----a-w- c:\windows\system32\amdpcom64.dll 2015-07-21 20:50 . 2015-07-21 20:52 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll 2015-07-21 20:50 . 2015-07-21 20:52 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2015-07-21 20:50 . 2015-07-21 20:52 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2015-07-21 20:50 . 2015-07-21 20:52 12288 ----a-w- c:\windows\system32\atimuixx.dll 2015-07-21 20:50 . 2015-07-21 20:52 6856192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2015-07-21 20:50 . 2015-07-21 20:52 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2015-07-21 20:50 . 2015-07-21 20:52 59392 ----a-w- c:\windows\system32\atiedu64.dll 2015-07-21 20:50 . 2015-07-21 20:52 458752 ----a-w- c:\windows\system32\atieclxx.exe 2015-07-21 20:50 . 2015-07-21 20:52 4294656 ----a-w- c:\windows\system32\atidxx64.dll 2015-07-21 20:50 . 2015-07-21 20:52 203264 ----a-w- c:\windows\system32\atiesrxx.exe 2015-07-21 20:50 . 2015-07-21 20:52 18432 ----a-w- c:\windows\system32\atig6txx.dll 2015-07-21 20:50 . 2015-07-21 20:52 16896 ----a-w- c:\windows\SysWow64\atigktxx.dll 2015-07-21 20:50 . 2015-07-21 20:52 14848 ----a-w- c:\windows\system32\atig6pxx.dll 2015-07-21 20:50 . 2015-07-21 20:52 53248 ----a-w- c:\windows\SysWow64\aticalrt.dll 2015-07-21 20:50 . 2015-07-21 20:52 5265408 ----a-w- c:\windows\system32\aticaldd64.dll 2015-07-21 20:50 . 2015-07-21 20:52 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2015-07-21 20:50 . 2015-07-21 20:52 43008 ----a-w- c:\windows\system32\aticalrt64.dll 2015-07-21 20:50 . 2015-07-21 20:52 3668480 ----a-w- c:\windows\SysWow64\atidxx32.dll 2015-07-21 20:50 . 2015-07-21 20:52 53248 ----a-w- c:\windows\SysWow64\aticalcl.dll 2015-07-21 20:50 . 2015-07-21 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2015-07-21 20:50 . 2015-07-21 20:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2015-07-21 20:50 . 2015-07-21 20:52 4096000 ----a-w- c:\windows\SysWow64\aticaldd.dll 2015-07-21 20:50 . 2015-07-21 20:52 39936 ----a-w- c:\windows\system32\aticalcl64.dll 2015-07-21 20:50 . 2015-07-21 20:52 335872 ----a-w- c:\windows\system32\atiadlxx.dll 2015-07-21 20:50 . 2015-07-21 20:52 237568 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2015-07-21 20:50 . 2015-07-21 20:52 143360 ----a-w- c:\windows\system32\atiapfxx.exe 2015-07-21 20:50 . 2015-07-21 20:52 118784 ----a-w- c:\windows\system32\atibtmon.exe 2015-07-21 00:39 . 2015-08-26 18:23 389840 ----a-w- c:\windows\system32\iedkcs32.dll 2015-07-20 18:12 . 2015-08-26 18:15 98304 ----a-w- c:\windows\system32\wudriver.dll 2015-07-20 18:12 . 2015-08-26 18:15 37888 ----a-w- c:\windows\system32\wups2.dll 2015-07-20 18:12 . 2015-08-26 18:15 3154944 ----a-w- c:\windows\system32\wucltux.dll 2015-07-20 18:12 . 2015-08-26 18:15 2606080 ----a-w- c:\windows\system32\wuaueng.dll 2015-07-20 18:12 . 2015-08-26 18:15 192000 ----a-w- c:\windows\system32\wuwebv.dll 2015-07-20 18:12 . 2015-08-26 18:15 36864 ----a-w- c:\windows\system32\wups.dll 2015-07-20 18:12 . 2015-08-26 18:15 696320 ----a-w- c:\windows\system32\wuapi.dll 2015-07-20 18:12 . 2015-08-26 18:15 91136 ----a-w- c:\windows\system32\WinSetupUI.dll 2015-07-20 18:12 . 2015-08-26 18:15 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2015-07-20 18:12 . 2015-08-26 18:15 37376 ----a-w- c:\windows\system32\wuapp.exe 2015-07-20 18:12 . 2015-08-26 18:15 139776 ----a-w- c:\windows\system32\wuauclt.exe 2015-07-20 17:56 . 2015-08-26 18:15 93184 ----a-w- c:\windows\SysWow64\wudriver.dll 2015-07-20 17:56 . 2015-08-26 18:15 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll 2015-07-20 17:56 . 2015-08-26 18:15 30208 ----a-w- c:\windows\SysWow64\wups.dll 2015-07-20 17:56 . 2015-08-26 18:15 566784 ----a-w- c:\windows\SysWow64\wuapi.dll 2015-07-20 17:56 . 2015-08-26 18:15 34816 ----a-w- c:\windows\SysWow64\wuapp.exe 2015-07-16 20:54 . 2015-08-26 18:23 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2015-07-16 20:37 . 2015-08-26 18:23 66560 ----a-w- c:\windows\system32\iesetup.dll 2015-07-16 20:36 . 2015-08-26 18:23 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2015-07-16 20:36 . 2015-08-26 18:23 417792 ----a-w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-10-02 6134544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 ngvss;ngvss; [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 X6va031;X6va031;c:\windows\SysWOW64\Drivers\X6va031;c:\windows\SysWOW64\Drivers\X6va031 [x] . . Contenu du dossier 'Tâches planifiées' . 2015-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24 07:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-10-02 06:51 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . ------- Examen supplémentaire ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://www.google.fr/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Paugam\AppData\Roaming\Mozilla\Firefox\Profiles\kcl9mpqt.default\ . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va031] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va031" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.19" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2015-10-12 15:19:04 ComboFix-quarantined-files.txt 2015-10-12 13:19 . Avant-CF: 448 779 063 296 octets libres Après-CF: 448 612 790 272 octets libres . - - End Of File - - AD868A8A873E2BE8511A55B7BFC6EA59 A36C5E4F47E84449FF07ED3517B43A31