ComboFix 13-10-04.02 - Mehdi 05/10/2013 12:13:39.1.2 - x86 Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.3070.1719 [GMT 0:00] Lancé depuis: c:\users\Mehdi\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Mehdi\Desktop\CFScript.txt AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . H:\setup.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2013-09-05 au 2013-10-05 )))))))))))))))))))))))))))))))))))) . . 2013-09-27 19:17 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-09-27 17:25 . 2013-09-27 17:25 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-09-27 17:23 . 2013-09-27 17:23 1505280 ----a-w- c:\windows\system32\d3d11.dll 2013-09-27 17:21 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-09-27 17:21 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2013-09-27 17:19 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-27 17:19 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-09-27 17:19 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2013-09-27 17:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-09-27 17:19 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe 2013-09-27 17:19 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll 2013-09-27 17:19 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll 2013-09-27 17:19 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-09-27 17:19 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-09-27 15:08 . 2013-09-27 15:08 -------- d-----w- c:\program files\Handbrake 2013-09-26 21:04 . 2013-09-26 21:04 -------- d-----w- c:\programdata\Oracle 2013-09-26 21:04 . 2013-09-26 21:04 -------- d-----w- c:\program files\Common Files\Java 2013-09-26 21:03 . 2013-09-26 21:03 -------- d-----w- c:\program files\Java 2013-09-26 16:31 . 2013-09-26 16:31 -------- d-----w- c:\windows\system32\SPReview 2013-09-26 15:33 . 2013-09-26 15:33 -------- d-----w- c:\windows\CheckSur 2013-09-26 12:42 . 2013-09-26 12:58 -------- d-----w- c:\users\Mehdi\Doctor Web 2013-09-26 01:19 . 2013-09-26 01:19 -------- d-----w- c:\program files\WinDirStat 2013-09-25 16:59 . 2013-09-25 16:59 512 ----a-w- C:\PhysicalMBR.bin 2013-09-25 11:04 . 2013-09-25 11:04 -------- d-----w- C:\EEK 2013-09-23 19:29 . 2013-09-26 17:55 -------- d-----w- c:\users\Mehdi\AppData\Roaming\ZHP 2013-09-23 19:23 . 2013-09-23 19:23 -------- d-----w- c:\program files\WinMerge 2013-09-23 18:47 . 2013-09-23 18:47 -------- d-----w- c:\windows\system32\EventProviders 2013-09-23 18:42 . 2010-11-20 12:21 33280 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll 2013-09-23 18:41 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll 2013-09-23 18:41 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll 2013-09-23 18:41 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll 2013-09-22 17:16 . 2013-09-27 14:39 -------- d-----w- c:\program files\CCleaner 2013-09-22 17:14 . 2013-09-22 17:20 -------- d-----w- c:\program files\Google 2013-09-22 12:31 . 2013-09-22 12:31 -------- d-----w- c:\users\Mehdi\AppData\Local\Programs 2013-09-22 11:39 . 2013-09-22 11:39 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-09-21 20:34 . 2013-09-21 20:34 -------- d-----w- c:\users\Mehdi\AppData\Roaming\JAM Software 2013-09-21 20:34 . 2013-09-21 20:34 -------- d-----w- c:\program files\JAM Software 2013-09-21 16:22 . 2013-09-21 16:22 -------- d-----w- c:\users\Mehdi\AppData\Roaming\AVG2014 2013-09-21 16:21 . 2013-09-21 16:21 -------- d-----w- c:\users\Mehdi\AppData\Roaming\TuneUp Software 2013-09-21 16:19 . 2013-09-21 16:19 -------- d-----w- C:\$AVG 2013-09-21 16:19 . 2013-09-21 16:22 -------- d-----w- c:\programdata\AVG2014 2013-09-21 16:18 . 2013-09-21 16:18 -------- d-----w- c:\program files\AVG 2013-09-21 16:15 . 2013-09-21 16:15 -------- d--h--w- c:\programdata\Common Files 2013-09-21 16:15 . 2013-10-05 12:07 -------- d-----w- c:\programdata\MFAData 2013-09-21 16:15 . 2013-09-21 16:33 -------- d-----w- c:\users\Mehdi\AppData\Local\Avg2014 2013-09-21 16:15 . 2013-09-21 16:15 -------- d-----w- c:\users\Mehdi\AppData\Local\MFAData 2013-09-21 15:16 . 2013-09-25 16:47 -------- d-----w- C:\AdwCleaner 2013-09-11 22:00 . 2011-12-15 20:29 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys 2013-09-10 22:11 . 2013-09-10 22:11 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-08 22:12 . 2013-09-08 22:12 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-09-08 14:41 . 2013-09-08 14:57 -------- d-----w- C:\WinSetupFromUSB . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-27 17:27 . 2013-09-27 17:27 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-09-27 17:27 . 2013-09-27 17:27 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-09-27 17:27 . 2013-09-27 17:27 138752 ----a-w- c:\windows\system32\wextract.exe 2013-09-27 17:25 . 2013-09-27 17:25 417792 ----a-w- c:\windows\system32\WMPhoto.dll 2013-09-27 17:25 . 2013-09-27 17:25 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-09-27 17:25 . 2013-09-27 17:25 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-09-27 17:25 . 2013-09-27 17:25 1158144 ----a-w- c:\windows\system32\XpsPrint.dll 2013-09-27 17:20 . 2012-08-27 17:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-27 17:20 . 2012-08-27 17:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-26 21:03 . 2013-06-24 17:15 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-09-26 21:03 . 2012-02-25 16:11 868264 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-09-26 21:03 . 2011-09-26 17:10 790440 ----a-w- c:\windows\system32\deployJava1.dll 2013-09-26 16:24 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2013-09-25 17:23 . 2013-09-21 15:34 25696 ----a-w- c:\windows\system32\drivers\appliand.sys.dump 2013-09-02 10:39 . 2013-09-02 10:39 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-09-02 10:28 . 2013-09-02 10:28 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-09-02 10:28 . 2013-09-02 10:28 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-09-02 10:28 . 2013-09-02 10:28 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-08-20 22:54 . 2013-08-20 22:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2013-08-08 01:03 . 2013-09-27 17:19 2348544 ----a-w- c:\windows\system32\win32k.sys 2013-08-02 01:50 . 2013-09-27 17:14 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-08-01 16:08 . 2013-08-01 16:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2013-08-01 16:06 . 2013-08-01 16:06 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2013-07-25 08:57 . 2013-09-27 17:20 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-09 04:52 . 2013-09-27 17:20 175104 ----a-w- c:\windows\system32\wintrust.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.exe" [2010-05-25 1304576] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-27 13515296] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-27 92704] "TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.EXE" [2010-05-25 1304576] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-09-15 4851760] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 836896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Users^Mehdi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 - Capture d’écran et lancement.lnk] path=c:\users\Mehdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d’écran et lancement.lnk backup=c:\windows\pss\OneNote 2010 - Capture d’écran et lancement.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent] 2011-07-16 11:52 282512 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2012-09-20 19:46 6377120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent] 2009-07-17 15:25 842816 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper] 2011-11-08 10:11 929168 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] 2011-11-08 10:11 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2011-11-08 10:11 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-08-01 16:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe] 2011-02-18 10:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 09:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe . R1 appliand;Applian LightWeight Filter;c:\windows\system32\DRIVERS\appliand.sys [2013-02-06 25696] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07-25 162672] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 30312] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-26 294952] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 33320] R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-10-27 78136] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus.sys [2009-08-05 23368] R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [2010-06-24 28256] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2013-02-05 312704] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2011-07-16 27584] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 121064] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 136808] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-10-27 181432] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-01 35592] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 26112] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-09-02 145720] S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-09-02 223032] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-08 27448] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax86.sys [2013-09-24 22056] S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2013-08-01 120120] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2012-09-04 50296] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-09-02 209208] S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22840] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-09-02 176952] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848] S2 avgfws;Pare-feu AVG;c:\program files\AVG\AVG2014\avgfws.exe [2013-09-22 1358944] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2013-09-03 3538480] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2013-09-22 301152] S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-29 296808] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-06 217088] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-07-16 24992] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-09-06 36640] S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [2010-06-24 28256] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856] S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - FSUSBEXDISK . Contenu du dossier 'Tâches planifiées' . 2013-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 17:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = local TCP: Interfaces\{1F294DA7-827D-4A37-80F7-861023A0F12C}: NameServer = 212.217.0.1,212.217.0.12 FF - ProfilePath - c:\users\Mehdi\AppData\Roaming\Mozilla\Firefox\Profiles\pbkfrago.default\ FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.enabled - false FF - ExtSQL: !HIDDEN! 2011-09-26 12:13; otis@digitalpersona.com; c:\program files\DigitalPersona\Bin\FirefoxExt . - - - - ORPHELINS SUPPRIMES - - - - . SafeBoot-04765743.sys SafeBoot-07793602.sys SafeBoot-CleanHlp AddRemove-Cain & Abel v4.9.7 - c:\progra~1\Cain\UNINSTAL.EXE . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_113_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_113_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'lsass.exe'(792) c:\windows\system32\DPPWDFLT.DLL . - - - - - - - > 'Explorer.exe'(2344) c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Autres processus actifs ------------------------ . c:\progra~1\AVG\AVG2014\avgrsx.exe c:\program files\AVG\AVG2014\avgcsrvx.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\rundll32.exe c:\program files\DigitalPersona\Bin\DpHostW.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\system32\taskhost.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\AVG\AVG2014\avgnsx.exe c:\program files\AVG\AVG2014\avgemcx.exe c:\program files\RealVNC\VNC4\WinVNC4.exe c:\program files\RealVNC\VNC4\winvnc4.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\System32\rundll32.exe c:\windows\System32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\AVG\AVG2014\avgcsrvx.exe . ************************************************************************** . Heure de fin: 2013-10-05 12:31:11 - La machine a redémarré ComboFix-quarantined-files.txt 2013-10-05 12:31 . Avant-CF: 33 110 286 336 octets libres Après-CF: 32 912 633 856 octets libres . - - End Of File - - 344EC5E28748A1BF7158B9B98991755A A36C5E4F47E84449FF07ED3517B43A31