Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 13-10-04.02 - Mehdi 05/10/2013 12:13:39.1.2 - x86
Microsoft Windows�7 �dition Int�grale 6.1.7601.1.1252.33.1036.18.3070.1719 [GMT 0:00]
Lanc� depuis: c:\users\Mehdi\Desktop\ComboFix.exe
Commutateurs utilis�s :: c:\users\Mehdi\Desktop\CFScript.txt
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a �t� cr��
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
H:\setup.exe
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2013-09-05 au 2013-10-05 ))))))))))))))))))))))))))))))))))))
.
.
2013-09-27 19:17 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-09-27 17:25 . 2013-09-27 17:25 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-09-27 17:23 . 2013-09-27 17:23 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-09-27 17:21 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-09-27 17:21 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-09-27 17:19 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-27 17:19 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-09-27 17:19 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-09-27 17:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-27 17:19 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-09-27 17:19 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-09-27 17:19 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-09-27 17:19 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-09-27 17:19 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-09-27 15:08 . 2013-09-27 15:08 -------- d-----w- c:\program files\Handbrake
2013-09-26 21:04 . 2013-09-26 21:04 -------- d-----w- c:\programdata\Oracle
2013-09-26 21:04 . 2013-09-26 21:04 -------- d-----w- c:\program files\Common Files\Java
2013-09-26 21:03 . 2013-09-26 21:03 -------- d-----w- c:\program files\Java
2013-09-26 16:31 . 2013-09-26 16:31 -------- d-----w- c:\windows\system32\SPReview
2013-09-26 15:33 . 2013-09-26 15:33 -------- d-----w- c:\windows\CheckSur
2013-09-26 12:42 . 2013-09-26 12:58 -------- d-----w- c:\users\Mehdi\Doctor Web
2013-09-26 01:19 . 2013-09-26 01:19 -------- d-----w- c:\program files\WinDirStat
2013-09-25 16:59 . 2013-09-25 16:59 512 ----a-w- C:\PhysicalMBR.bin
2013-09-25 11:04 . 2013-09-25 11:04 -------- d-----w- C:\EEK
2013-09-23 19:29 . 2013-09-26 17:55 -------- d-----w- c:\users\Mehdi\AppData\Roaming\ZHP
2013-09-23 19:23 . 2013-09-23 19:23 -------- d-----w- c:\program files\WinMerge
2013-09-23 18:47 . 2013-09-23 18:47 -------- d-----w- c:\windows\system32\EventProviders
2013-09-23 18:42 . 2010-11-20 12:21 33280 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-09-23 18:41 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-09-23 18:41 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-09-23 18:41 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-09-22 17:16 . 2013-09-27 14:39 -------- d-----w- c:\program files\CCleaner
2013-09-22 17:14 . 2013-09-22 17:20 -------- d-----w- c:\program files\Google
2013-09-22 12:31 . 2013-09-22 12:31 -------- d-----w- c:\users\Mehdi\AppData\Local\Programs
2013-09-22 11:39 . 2013-09-22 11:39 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-09-21 20:34 . 2013-09-21 20:34 -------- d-----w- c:\users\Mehdi\AppData\Roaming\JAM Software
2013-09-21 20:34 . 2013-09-21 20:34 -------- d-----w- c:\program files\JAM Software
2013-09-21 16:22 . 2013-09-21 16:22 -------- d-----w- c:\users\Mehdi\AppData\Roaming\AVG2014
2013-09-21 16:21 . 2013-09-21 16:21 -------- d-----w- c:\users\Mehdi\AppData\Roaming\TuneUp Software
2013-09-21 16:19 . 2013-09-21 16:19 -------- d-----w- C:\$AVG
2013-09-21 16:19 . 2013-09-21 16:22 -------- d-----w- c:\programdata\AVG2014
2013-09-21 16:18 . 2013-09-21 16:18 -------- d-----w- c:\program files\AVG
2013-09-21 16:15 . 2013-09-21 16:15 -------- d--h--w- c:\programdata\Common Files
2013-09-21 16:15 . 2013-10-05 12:07 -------- d-----w- c:\programdata\MFAData
2013-09-21 16:15 . 2013-09-21 16:33 -------- d-----w- c:\users\Mehdi\AppData\Local\Avg2014
2013-09-21 16:15 . 2013-09-21 16:15 -------- d-----w- c:\users\Mehdi\AppData\Local\MFAData
2013-09-21 15:16 . 2013-09-25 16:47 -------- d-----w- C:\AdwCleaner
2013-09-11 22:00 . 2011-12-15 20:29 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys
2013-09-10 22:11 . 2013-09-10 22:11 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 22:12 . 2013-09-08 22:12 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-08 14:41 . 2013-09-08 14:57 -------- d-----w- C:\WinSetupFromUSB
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-27 17:27 . 2013-09-27 17:27 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-27 17:27 . 2013-09-27 17:27 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-09-27 17:27 . 2013-09-27 17:27 138752 ----a-w- c:\windows\system32\wextract.exe
2013-09-27 17:25 . 2013-09-27 17:25 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-27 17:25 . 2013-09-27 17:25 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-27 17:25 . 2013-09-27 17:25 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-27 17:25 . 2013-09-27 17:25 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-09-27 17:20 . 2012-08-27 17:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-27 17:20 . 2012-08-27 17:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-26 21:03 . 2013-06-24 17:15 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-26 21:03 . 2012-02-25 16:11 868264 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-09-26 21:03 . 2011-09-26 17:10 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-26 16:24 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-09-25 17:23 . 2013-09-21 15:34 25696 ----a-w- c:\windows\system32\drivers\appliand.sys.dump
2013-09-02 10:39 . 2013-09-02 10:39 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 10:28 . 2013-09-02 10:28 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 10:28 . 2013-09-02 10:28 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 10:28 . 2013-09-02 10:28 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-20 22:54 . 2013-08-20 22:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-08 01:03 . 2013-09-27 17:19 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-02 01:50 . 2013-09-27 17:14 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-01 16:08 . 2013-08-01 16:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-08-01 16:06 . 2013-08-01 16:06 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-07-25 08:57 . 2013-09-27 17:20 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-09 04:52 . 2013-09-27 17:20 175104 ----a-w- c:\windows\system32\wintrust.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.exe" [2010-05-25 1304576]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-27 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-27 92704]
"TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.EXE" [2010-05-25 1304576]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-09-15 4851760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Mehdi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 - Capture d��cran et lancement.lnk]
path=c:\users\Mehdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d��cran et lancement.lnk
backup=c:\windows\pss\OneNote 2010 - Capture d��cran et lancement.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
2011-07-16 11:52 282512 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2012-09-20 19:46 6377120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
2009-07-17 15:25 842816 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-11-08 10:11 929168 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-11-08 10:11 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-11-08 10:11 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 16:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 09:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
R1 appliand;Applian LightWeight Filter;c:\windows\system32\DRIVERS\appliand.sys [2013-02-06 25696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07-25 162672]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 30312]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-26 294952]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 33320]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-10-27 78136]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus.sys [2009-08-05 23368]
R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [2010-06-24 28256]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2013-02-05 312704]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2011-07-16 27584]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 136808]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-10-27 181432]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-01 35592]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-09-02 145720]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-09-02 223032]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-08 27448]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax86.sys [2013-09-24 22056]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2013-08-01 120120]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-09-02 209208]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22840]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-09-02 176952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
S2 avgfws;Pare-feu AVG;c:\program files\AVG\AVG2014\avgfws.exe [2013-09-22 1358944]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2013-09-03 3538480]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2013-09-22 301152]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-29 296808]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-06 217088]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-07-16 24992]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-09-06 36640]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [2010-06-24 28256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - FSUSBEXDISK
.
Contenu du dossier 'T�ches planifi�es'
.
2013-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 17:20]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = local
TCP: Interfaces\{1F294DA7-827D-4A37-80F7-861023A0F12C}: NameServer = 212.217.0.1,212.217.0.12
FF - ProfilePath - c:\users\Mehdi\AppData\Roaming\Mozilla\Firefox\Profiles\pbkfrago.default\
FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: !HIDDEN! 2011-09-26 12:13; otis@digitalpersona.com; c:\program files\DigitalPersona\Bin\FirefoxExt
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-04765743.sys
SafeBoot-07793602.sys
SafeBoot-CleanHlp
AddRemove-Cain & Abel v4.9.7 - c:\progra~1\Cain\UNINSTAL.EXE
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\DPPWDFLT.DLL
.
- - - - - - - > 'Explorer.exe'(2344)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\AVG\AVG2014\avgrsx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\AVG\AVG2014\avgnsx.exe
c:\program files\AVG\AVG2014\avgemcx.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
.
**************************************************************************
.
Heure de fin: 2013-10-05 12:31:11 - La machine a red�marr�
ComboFix-quarantined-files.txt 2013-10-05 12:31
.
Avant-CF: 33�110�286�336 octets libres
Apr�s-CF: 32�912�633�856 octets libres
.
- - End Of File - - 344EC5E28748A1BF7158B9B98991755A
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows�7 �dition Int�grale 6.1.7601.1.1252.33.1036.18.3070.1719 [GMT 0:00]
Lanc� depuis: c:\users\Mehdi\Desktop\ComboFix.exe
Commutateurs utilis�s :: c:\users\Mehdi\Desktop\CFScript.txt
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a �t� cr��
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
H:\setup.exe
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2013-09-05 au 2013-10-05 ))))))))))))))))))))))))))))))))))))
.
.
2013-09-27 19:17 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-09-27 17:25 . 2013-09-27 17:25 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-09-27 17:23 . 2013-09-27 17:23 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-09-27 17:21 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-09-27 17:21 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-09-27 17:19 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-27 17:19 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-09-27 17:19 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-09-27 17:19 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-27 17:19 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-09-27 17:19 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-09-27 17:19 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-09-27 17:19 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-09-27 17:19 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-09-27 15:08 . 2013-09-27 15:08 -------- d-----w- c:\program files\Handbrake
2013-09-26 21:04 . 2013-09-26 21:04 -------- d-----w- c:\programdata\Oracle
2013-09-26 21:04 . 2013-09-26 21:04 -------- d-----w- c:\program files\Common Files\Java
2013-09-26 21:03 . 2013-09-26 21:03 -------- d-----w- c:\program files\Java
2013-09-26 16:31 . 2013-09-26 16:31 -------- d-----w- c:\windows\system32\SPReview
2013-09-26 15:33 . 2013-09-26 15:33 -------- d-----w- c:\windows\CheckSur
2013-09-26 12:42 . 2013-09-26 12:58 -------- d-----w- c:\users\Mehdi\Doctor Web
2013-09-26 01:19 . 2013-09-26 01:19 -------- d-----w- c:\program files\WinDirStat
2013-09-25 16:59 . 2013-09-25 16:59 512 ----a-w- C:\PhysicalMBR.bin
2013-09-25 11:04 . 2013-09-25 11:04 -------- d-----w- C:\EEK
2013-09-23 19:29 . 2013-09-26 17:55 -------- d-----w- c:\users\Mehdi\AppData\Roaming\ZHP
2013-09-23 19:23 . 2013-09-23 19:23 -------- d-----w- c:\program files\WinMerge
2013-09-23 18:47 . 2013-09-23 18:47 -------- d-----w- c:\windows\system32\EventProviders
2013-09-23 18:42 . 2010-11-20 12:21 33280 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-09-23 18:41 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-09-23 18:41 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-09-23 18:41 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-09-22 17:16 . 2013-09-27 14:39 -------- d-----w- c:\program files\CCleaner
2013-09-22 17:14 . 2013-09-22 17:20 -------- d-----w- c:\program files\Google
2013-09-22 12:31 . 2013-09-22 12:31 -------- d-----w- c:\users\Mehdi\AppData\Local\Programs
2013-09-22 11:39 . 2013-09-22 11:39 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-09-21 20:34 . 2013-09-21 20:34 -------- d-----w- c:\users\Mehdi\AppData\Roaming\JAM Software
2013-09-21 20:34 . 2013-09-21 20:34 -------- d-----w- c:\program files\JAM Software
2013-09-21 16:22 . 2013-09-21 16:22 -------- d-----w- c:\users\Mehdi\AppData\Roaming\AVG2014
2013-09-21 16:21 . 2013-09-21 16:21 -------- d-----w- c:\users\Mehdi\AppData\Roaming\TuneUp Software
2013-09-21 16:19 . 2013-09-21 16:19 -------- d-----w- C:\$AVG
2013-09-21 16:19 . 2013-09-21 16:22 -------- d-----w- c:\programdata\AVG2014
2013-09-21 16:18 . 2013-09-21 16:18 -------- d-----w- c:\program files\AVG
2013-09-21 16:15 . 2013-09-21 16:15 -------- d--h--w- c:\programdata\Common Files
2013-09-21 16:15 . 2013-10-05 12:07 -------- d-----w- c:\programdata\MFAData
2013-09-21 16:15 . 2013-09-21 16:33 -------- d-----w- c:\users\Mehdi\AppData\Local\Avg2014
2013-09-21 16:15 . 2013-09-21 16:15 -------- d-----w- c:\users\Mehdi\AppData\Local\MFAData
2013-09-21 15:16 . 2013-09-25 16:47 -------- d-----w- C:\AdwCleaner
2013-09-11 22:00 . 2011-12-15 20:29 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys
2013-09-10 22:11 . 2013-09-10 22:11 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 22:12 . 2013-09-08 22:12 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-08 14:41 . 2013-09-08 14:57 -------- d-----w- C:\WinSetupFromUSB
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-27 17:27 . 2013-09-27 17:27 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-09-27 17:27 . 2013-09-27 17:27 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-09-27 17:27 . 2013-09-27 17:27 138752 ----a-w- c:\windows\system32\wextract.exe
2013-09-27 17:25 . 2013-09-27 17:25 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-09-27 17:25 . 2013-09-27 17:25 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-09-27 17:25 . 2013-09-27 17:25 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-09-27 17:25 . 2013-09-27 17:25 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-09-27 17:20 . 2012-08-27 17:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-27 17:20 . 2012-08-27 17:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-26 21:03 . 2013-06-24 17:15 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-26 21:03 . 2012-02-25 16:11 868264 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-09-26 21:03 . 2011-09-26 17:10 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-26 16:24 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-09-25 17:23 . 2013-09-21 15:34 25696 ----a-w- c:\windows\system32\drivers\appliand.sys.dump
2013-09-02 10:39 . 2013-09-02 10:39 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 10:28 . 2013-09-02 10:28 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 10:28 . 2013-09-02 10:28 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 10:28 . 2013-09-02 10:28 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-20 22:54 . 2013-08-20 22:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-08 01:03 . 2013-09-27 17:19 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-02 01:50 . 2013-09-27 17:14 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-01 16:08 . 2013-08-01 16:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-08-01 16:06 . 2013-08-01 16:06 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-07-25 08:57 . 2013-09-27 17:20 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-09 04:52 . 2013-09-27 17:20 175104 ----a-w- c:\windows\system32\wintrust.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.exe" [2010-05-25 1304576]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-27 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-27 92704]
"TrayFactory"="c:\program files\PS Tray Factory\PSTrayFactory.EXE" [2010-05-25 1304576]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-09-15 4851760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 836896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Mehdi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 - Capture d��cran et lancement.lnk]
path=c:\users\Mehdi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d��cran et lancement.lnk
backup=c:\windows\pss\OneNote 2010 - Capture d��cran et lancement.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
2011-07-16 11:52 282512 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2012-09-20 19:46 6377120 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
2009-07-17 15:25 842816 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-11-08 10:11 929168 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2011-11-08 10:11 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-11-08 10:11 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 16:14 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 10:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 09:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
R1 appliand;Applian LightWeight Filter;c:\windows\system32\DRIVERS\appliand.sys [2013-02-06 25696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07-25 162672]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 30312]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-26 294952]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 33320]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2013-09-24 50200]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-10-27 78136]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus.sys [2009-08-05 23368]
R3 JakNDis;Jaksta Service;c:\windows\system32\DRIVERS\JakNDis.sys [2010-06-24 28256]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2013-02-05 312704]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2011-07-16 27584]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 136808]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-10-27 181432]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-01 35592]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-09-02 145720]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-09-02 223032]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-08 27448]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax86.sys [2013-09-24 22056]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2013-08-01 120120]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-09-02 209208]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22840]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-09-02 176952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
S2 avgfws;Pare-feu AVG;c:\program files\AVG\AVG2014\avgfws.exe [2013-09-22 1358944]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2013-09-03 3538480]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2013-09-22 301152]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-29 296808]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-06 217088]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-07-16 24992]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-09-06 36640]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [2010-06-24 28256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - FSUSBEXDISK
.
Contenu du dossier 'T�ches planifi�es'
.
2013-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 17:20]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = local
TCP: Interfaces\{1F294DA7-827D-4A37-80F7-861023A0F12C}: NameServer = 212.217.0.1,212.217.0.12
FF - ProfilePath - c:\users\Mehdi\AppData\Roaming\Mozilla\Firefox\Profiles\pbkfrago.default\
FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.enabled - false
FF - ExtSQL: !HIDDEN! 2011-09-26 12:13; otis@digitalpersona.com; c:\program files\DigitalPersona\Bin\FirefoxExt
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-04765743.sys
SafeBoot-07793602.sys
SafeBoot-CleanHlp
AddRemove-Cain & Abel v4.9.7 - c:\progra~1\Cain\UNINSTAL.EXE
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_113_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_113_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\DPPWDFLT.DLL
.
- - - - - - - > 'Explorer.exe'(2344)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\AVG\AVG2014\avgrsx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\AVG\AVG2014\avgnsx.exe
c:\program files\AVG\AVG2014\avgemcx.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
.
**************************************************************************
.
Heure de fin: 2013-10-05 12:31:11 - La machine a red�marr�
ComboFix-quarantined-files.txt 2013-10-05 12:31
.
Avant-CF: 33�110�286�336 octets libres
Apr�s-CF: 32�912�633�856 octets libres
.
- - End Of File - - 344EC5E28748A1BF7158B9B98991755A
A36C5E4F47E84449FF07ED3517B43A31