ComboFix 14-06-13.01 - Jordan 16/06/2014   1:34.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.4095.1845 [GMT 2:00]
Lancé depuis: c:\users\Jordan\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jojo\AppData\Roaming\OfferBox
c:\users\Jojo\AppData\Roaming\OfferBox\config.xml
c:\users\Jojo\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe
c:\users\Jojo\AppData\Roaming\OfferBox\http_app.offerbox.com\extracountry.sxe
c:\users\Jojo\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db
c:\users\Jojo\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe
c:\users\Jojo\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
c:\users\Jojo\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cnmdgidklhhnmppphpohildcefnaaflp_0
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cnmdgidklhhnmppphpohildcefnaaflp_0\6-journal
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cnmdgidklhhnmppphpohildcefnaaflp_0\6
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_cnmdgidklhhnmppphpohildcefnaaflp_0\7
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\background.html
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\crossriderManifest.json
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\manifest.xml
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins.json
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\1_base.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\109_superfish_pricora.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\17_jQuery.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\182_openUrl.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\183_tabsWrapper.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\21_debug.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\22_resources.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\28_initializer.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\31_dealply.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\47_resources_background.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\49_similar_web.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\50_similar_web_bg.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\60_base_monetization.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\64_appApiMessage.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\72_appApiValidation.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\userCode\background.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\extensionData\userCode\extension.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\icons\actions\1.png
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\icons\icon128.png
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\icons\icon16.png
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\icons\icon48.png
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\api\chrome.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\api\cookie.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\api\message.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\api\pageAction.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\api\pageActionBG.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\background.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\app_api.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\bg_app_api.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\consts.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\cookie_store.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\crossriderAPI.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\delegate.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\events.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\extensionDataStore.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\installer.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\logFile.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\logging.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\onBGDocumentLoad.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\popupResource\newPopup.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\popupResource\popup.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\reports.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\storageWrapper.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\updateManager.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\util.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\lib\xhr.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\js\main.js
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\manifest.json
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\popup.html
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.26.156_0\version.json
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmdgidklhhnmppphpohildcefnaaflp
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmdgidklhhnmppphpohildcefnaaflp\000090.ldb
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmdgidklhhnmppphpohildcefnaaflp\000092.ldb
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmdgidklhhnmppphpohildcefnaaflp\000095.ldb
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmdgidklhhnmppphpohildcefnaaflp\000096.log
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmdgidklhhnmppphpohildcefnaaflp\CURRENT
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmdgidklhhnmppphpohildcefnaaflp\LOCK
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmdgidklhhnmppphpohildcefnaaflp\LOG
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmdgidklhhnmppphpohildcefnaaflp\LOG.old
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmdgidklhhnmppphpohildcefnaaflp\MANIFEST-000094
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cnmdgidklhhnmppphpohildcefnaaflp_0.localstorage-journal
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cnmdgidklhhnmppphpohildcefnaaflp_0.localstorage
c:\users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Jordan\AppData\Roaming\OfferBox
c:\users\Jordan\AppData\Roaming\OfferBox\config.xml
c:\users\Jordan\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe
c:\users\Jordan\AppData\Roaming\OfferBox\http_app.offerbox.com\extracountry.sxe
c:\users\Jordan\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db
c:\users\Jordan\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe
c:\users\Jordan\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
c:\users\Jordan\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
c:\windows\SysWow64\tmp6D68.tmp
c:\windows\SysWow64\tmpC267.tmp
c:\windows\SysWow64\tmpC268.tmp
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-05-15 au 2014-06-15  ))))))))))))))))))))))))))))))))))))
.
.
2014-06-15 23:46 . 2014-06-15 23:46	--------	d-----w-	c:\users\Jojo\AppData\Local\temp
2014-06-15 23:46 . 2014-06-15 23:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-15 01:38 . 2013-10-14 16:00	28368	----a-w-	c:\windows\system32\IEUDINIT.EXE
2014-06-15 01:26 . 2014-06-15 01:26	878080	----a-w-	c:\windows\system32\advapi32.dll
2014-06-15 01:26 . 2014-06-15 01:26	859648	----a-w-	c:\windows\system32\tdh.dll
2014-06-15 01:26 . 2014-06-15 01:26	1732032	----a-w-	c:\windows\system32\ntdll.dll
2014-06-15 01:26 . 2014-06-15 01:26	640512	----a-w-	c:\windows\SysWow64\advapi32.dll
2014-06-15 01:26 . 2014-06-15 01:26	619520	----a-w-	c:\windows\SysWow64\tdh.dll
2014-06-15 01:26 . 2014-06-15 01:26	1292192	----a-w-	c:\windows\SysWow64\ntdll.dll
2014-06-15 01:25 . 2014-06-15 01:25	327168	----a-w-	c:\windows\system32\mswsock.dll
2014-06-15 01:25 . 2014-06-15 01:25	231424	----a-w-	c:\windows\SysWow64\mswsock.dll
2014-06-15 01:25 . 2014-06-15 01:25	1887232	----a-w-	c:\windows\system32\d3d11.dll
2014-06-15 01:25 . 2014-06-15 01:25	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2014-06-14 23:07 . 2013-12-24 23:09	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2014-06-14 23:07 . 2013-12-24 22:48	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2014-06-14 23:07 . 2013-11-26 08:16	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2014-06-14 23:07 . 2013-11-22 22:48	3928064	----a-w-	c:\windows\system32\d2d1.dll
2014-06-14 23:01 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-06-14 23:01 . 2014-04-25 02:34	801280	----a-w-	c:\windows\system32\usp10.dll
2014-06-14 23:01 . 2014-04-25 02:06	626688	----a-w-	c:\windows\SysWow64\usp10.dll
2014-06-14 22:59 . 2013-10-04 02:16	116736	----a-w-	c:\windows\system32\drivers\drmk.sys
2014-06-14 22:57 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-06-14 22:57 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-06-09 19:36 . 2014-06-09 19:36	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-03 13:17 . 2013-03-27 17:47	130584	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-06-03 13:17 . 2013-03-27 17:47	112080	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-06-01 15:17 . 2012-12-18 05:23	95414520	----a-w-	c:\windows\system32\MRT.exe
2014-05-13 22:55 . 2013-12-03 16:42	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 22:55 . 2013-12-03 16:42	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-14 18:13 . 2014-05-07 10:36	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-31 07:35 . 2012-09-14 03:29	270496	------w-	c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lollipop_01031932"="lollipop_01031932" [X]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"NextLive"="c:\users\Jordan\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-01 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"D-Link D-Link Wireless N DWA-140"="c:\program files (x86)\D-Link\DWA-140 revB\AirNCFG.exe" [2010-06-30 1024000]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-06-03 737872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"mobilegeni daemon"="c:\program files (x86)\Mobogenie\DaemonProcess.exe" [2014-01-06 761536]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-28 1258504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys;c:\windows\SYSNATIVE\DRIVERS\SteelBus64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 D-Link Wireless N DWA-140_WPS;D-Link Wireless N DWA-140_WPS Service;c:\program files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe;c:\program files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [x]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S2 Wpm;Wpm Service;c:\programdata\WPM\wprotectmanager.exe;c:\programdata\WPM\wprotectmanager.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
.
2014-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-03 22:55]
.
2014-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682742233-128636458-554035159-1000Core.job
- c:\users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14 04:44]
.
2014-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3682742233-128636458-554035159-1000UA.job
- c:\users\Jordan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14 04:44]
.
2014-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1389025440&from=smt&uid=WDCXWD10EADS-65M2B0_WD-WCAV5623080430804&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1389025440&from=smt&uid=WDCXWD10EADS-65M2B0_WD-WCAV5623080430804&q={searchTerms}
uInternet Settings,ProxyOverride = *.offerbox.com;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:56847
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jordan\AppData\Roaming\Mozilla\Firefox\Profiles\vd6p7gfg.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-bi_uninstaller - c:\users\Jordan\Local Settings\Application Data\Bundled software uninstaller\biclient.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{11111111-1111-1111-1111-110211701196}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
   15,23,5f,7f,54,6e,07,52,42,14,2e,55,82
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,38,12,3b,d4,7c,
   e3,88,8f,a5,08,e0,05,da,fd,94,7c,7e,ca
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,0d,38,aa,be,51,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Heure de fin: 2014-06-16  01:59:19 - La machine a redémarré
ComboFix-quarantined-files.txt  2014-06-15 23:59
.
Avant-CF: 750 676 905 984 octets libres
Après-CF: 750 265 774 080 octets libres
.
- - End Of File - - 1B9388DF77A604A3C08E337592F00697
82F66ADA87887BBA25DB51585A76635B