ComboFix 13-09-08.02 - Pascal 08/09/2013  23:37:18.1.2 - x86
Microsoft Windows 7 Professionnel   6.1.7601.1.1252.33.1036.18.3007.1957 [GMT 2:00]
Lancé depuis: c:\users\Pascal\Downloads\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: Pare-feu personnel d'ESET *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pascal\AppData\Roaming\app
c:\users\Pascal\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Pascal\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Recent\Dna 14032011.url
c:\users\Pascal\xobglu32.dll
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-08-08 au 2013-09-08  ))))))))))))))))))))))))))))))))))))
.
.
2013-09-08 21:44 . 2013-09-08 21:44	--------	d-----w-	c:\users\Pascal\AppData\Local\temp
2013-09-08 21:44 . 2013-09-08 21:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-06 17:10 . 2013-09-07 20:47	--------	d-----w-	C:\ZHP
2013-09-06 17:10 . 2013-09-07 20:46	--------	d-----w-	c:\program files\ZHPDiag
2013-09-06 17:09 . 2013-08-06 07:28	7166848	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A672B6AA-9620-42A6-8434-3D1C85E9FD26}\mpengine.dll
2013-09-03 18:02 . 2013-09-03 18:16	--------	d-----w-	c:\users\Pascal\AppData\Local\PianoFacile - Le clavier
2013-09-03 18:02 . 2013-09-03 18:02	--------	d-----w-	c:\users\Pascal\PianoFacile - Le clavier
2013-09-02 23:36 . 2013-09-06 21:53	--------	d-----w-	C:\AdwCleaner
2013-08-31 22:14 . 2013-08-31 22:14	--------	d-----w-	c:\users\Pascal\AppData\Local\avgchrome
2013-08-31 22:01 . 2004-03-08 23:00	152848	----a-w-	c:\windows\system32\COMDLG32.OCX
2013-08-31 22:01 . 2000-10-02 01:00	119568	----a-w-	c:\windows\system32\VB6FR.DLL
2013-08-31 22:01 . 2000-05-22 16:58	115920	----a-w-	c:\windows\system32\msinet.ocx
2013-08-31 22:01 . 2000-05-22 01:00	198848	----a-w-	c:\windows\system32\MCI32.OCX
2013-08-31 22:01 . 1998-06-23 23:00	137000	----a-w-	c:\windows\system32\MSMAPI32.OCX
2013-08-31 22:01 . 1998-06-23 22:00	609584	----a-w-	c:\windows\system32\COMCTL32.OCX
2013-08-31 22:01 . 2013-08-31 23:28	--------	d-----w-	c:\program files\CapturinoV24
2013-08-31 22:01 . 1998-07-13 00:00	32768	----a-w-	c:\windows\system32\CMDLGFR.DLL
2013-08-31 22:01 . 2013-08-31 23:29	--------	d-----w-	c:\users\Pascal\AppData\Roaming\Capturino
2013-08-31 21:28 . 2013-09-03 17:16	--------	d-----w-	c:\program files\PrtScr
2013-08-29 18:56 . 2013-08-29 18:56	--------	d-----w-	c:\program files\Common Files\Java
2013-08-29 18:55 . 2013-08-29 18:55	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-08-28 07:34 . 2013-08-28 07:34	--------	d-----w-	c:\users\Pascal\AppData\Local\Octoshape
2013-08-28 06:52 . 2013-08-28 06:53	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-28 06:52 . 2013-08-28 06:53	--------	d-----w-	c:\program files\iTunes
2013-08-28 06:52 . 2013-08-28 06:52	--------	d-----w-	c:\program files\iPod
2013-08-14 21:16 . 2013-07-26 03:49	770648	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-08-14 21:16 . 2013-07-26 03:13	1767936	----a-w-	c:\windows\system32\wininet.dll
2013-08-14 18:52 . 2013-08-14 18:54	--------	d-----w-	c:\windows\system32\MRT
2013-08-14 18:52 . 2013-07-09 04:50	652800	----a-w-	c:\windows\system32\rpcrt4.dll
2013-08-14 18:52 . 2013-07-06 05:05	1293760	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-14 18:52 . 2013-07-09 05:03	3913664	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-14 18:52 . 2013-07-09 05:03	3968960	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-08-14 18:52 . 2013-07-09 04:53	1289096	----a-w-	c:\windows\system32\ntdll.dll
2013-08-14 18:51 . 2013-07-09 04:52	175104	----a-w-	c:\windows\system32\wintrust.dll
2013-08-14 18:51 . 2013-07-09 04:46	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-14 18:51 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\system32\crypt32.dll
2013-08-14 18:51 . 2013-07-09 04:46	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-14 18:51 . 2013-07-25 08:57	1620992	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-08-14 18:51 . 2013-07-19 01:41	2048	----a-w-	c:\windows\system32\tzres.dll
2013-08-14 18:51 . 2013-06-15 03:38	31232	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2013-08-10 21:44 . 2013-08-10 21:44	--------	d-----w-	c:\windows\fr
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-29 18:55 . 2012-08-16 22:10	867240	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-08-29 18:55 . 2011-07-25 18:30	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-23 08:59 . 2012-04-02 21:53	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-07-23 08:59 . 2011-06-25 15:15	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-01 20:43	222712	----a-w-	c:\users\Pascal\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-01 20:43	222712	----a-w-	c:\users\Pascal\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-01 20:43	222712	----a-w-	c:\users\Pascal\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\users\Pascal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 - Capture d’écran et lancement.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Users^Pascal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 - Capture d’écran et lancement.lnk]
path=c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d’écran et lancement.lnk
backup=c:\windows\pss\OneNote 2010 - Capture d’écran et lancement.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43	59720	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54	91520	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-14 21:33	136176	----atw-	c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2012-01-20 19:03	719672	----a-w-	c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-25 23:30	2524416	----a-w-	c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17	1174016	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2009-08-16 19:36	955392	----a-w-	c:\program files\SuperCopier2\SuperCopier2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51	17408	----a-w-	c:\program files\Unlocker\UnlockerAssistant.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-07-25 162672]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-27 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\DRIVERS\P1130Vid.sys [2004-05-04 90229]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
Contenu du dossier 'Tâches planifiées'
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:59]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 18:20]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 18:20]
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981059158-1383725723-2259102719-1000Core.job
- c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 21:33]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981059158-1383725723-2259102719-1000UA.job
- c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 21:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://webmail1k.orange.fr/webmail/fr_FR/inbox.html
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=localhost:49157
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\w5ycdktj.default-1378670316011\
FF - prefs.js: browser.startup.homepage - hxxp://webmail1f.orange.fr/webmail/fr_FR/inbox.html?FOLDER=SF_INBOX&FromSubmit=true|https://www.facebook.com/
FF - ExtSQL: 2013-09-01 00:03; {D6F4FFAF-E3C9-4f3d-AD5B-F78CD969D7BF}; c:\program files\Mozilla Firefox\browser\extensions\{D6F4FFAF-E3C9-4f3d-AD5B-F78CD969D7BF}
user_pref(extensions.shownSelectionUI,true);
user_pref(extensions.autoDisableScopes,0);
user_pref(security.mixed_content.block_active_content,false);
user_pref(security.mixed_content.block_display_content,false);
user_pref(security.warn_viewing_mixed,false);
user_pref(app.update.auto,false);
user_pref(app.update.enabled,false);
user_pref(app.update.mode,0);
user_pref(app.update.silent,true);
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-09-08  23:45:34
ComboFix-quarantined-files.txt  2013-09-08 21:45
.
Avant-CF: 158 170 140 672 octets libres
Après-CF: 157 946 912 768 octets libres
.
- - End Of File - - A156B5BDDF85B988020E793779A24847
5C616939100B85E558DA92B899A0FC36