ComboFix 14-02-19.01 - kontamine 19/02/2014  20:06:59.1.4 - x86
Microsoft Windows 7 Professionnel   6.1.7600.0.1252.33.1036.18.3327.2284 [GMT 1:00]
Lancé depuis: c:\users\kontamine\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\minftnet.exe
c:\program files\Internet Explorer\minftnet.ini
c:\users\kontamine\AppData\Roaming\IntelCommon\csrss.exe
c:\users\kontamine\AppData\Roaming\Microsoft\Windows\Recent\pd-tutorial.url
c:\users\kontamine\AppData\Roaming\msregsvv.dll
c:\windows\msvcr71.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\msvcsv60.dll
c:\windows\system32\SET42E0.tmp
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\UA000048.DLL
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-01-19 au 2014-02-19  ))))))))))))))))))))))))))))))))))))
.
.
2014-02-19 19:15 . 2014-02-19 19:17	--------	d-----w-	c:\users\kontamine\AppData\Local\temp
2014-02-19 19:15 . 2014-02-19 19:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-19 19:08 . 2014-02-19 19:08	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BB6D7CF-B499-4C9C-B41C-FE37C3DC3C48}\offreg.dll
2014-02-19 18:22 . 2014-02-19 18:55	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-19 18:20 . 2014-02-19 18:20	107224	----a-w-	c:\windows\system32\drivers\48230029.sys
2014-02-19 18:18 . 2014-02-19 18:18	75480	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-02-19 14:46 . 2014-02-19 18:11	--------	d-----w-	c:\users\kontamine\AppData\Local\CrashDumps
2014-02-19 13:58 . 2014-02-19 13:58	61952	----a-w-	c:\windows\system32\drivers\ee98062e48f8d9eb.sys
2014-02-18 19:25 . 2014-02-18 19:25	--------	d-----w-	C:\TDSSKiller_Quarantine
2014-02-18 18:56 . 2014-02-19 18:22	107224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-16 18:28 . 2014-02-16 18:35	--------	d-----w-	c:\users\kontamine\AppData\Roaming\ZHP
2014-02-16 18:04 . 2014-02-16 18:27	--------	d-----w-	C:\AdwCleaner
2014-02-14 13:38 . 2014-02-16 18:18	--------	d-----w-	c:\users\kontamine\AppData\Roaming\Lewyvoha
2014-02-05 16:30 . 2014-02-19 19:15	--------	d-sh--w-	c:\users\kontamine\AppData\Roaming\IntelCommon
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-18 19:26 . 2011-06-17 01:56	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2014-02-05 16:35 . 2012-10-12 03:23	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 16:35 . 2012-10-12 03:23	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaIconsOverlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2013-04-30 17:33	225280	----a-w-	c:\program files\x264 Video Codec\Filters\Haali\mmdinfo.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2012-06-26 1184312]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"KORG USB-MIDI Driver"="c:\program files\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2012-09-12 393656]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
"CtxfiReg"="CTXFIREG.exe" [2007-04-09 43520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-7-6 6904208]
MOTU Pedal Service.lnk - c:\program files\MOTU\Audio\MFWAKeys.exe [2010-9-20 189296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S3 bomebus;Bome's Virtual MIDI Port Bus Service;c:\windows\system32\DRIVERS\bomebus.sys [2009-10-15 27720]
S3 bomemidi;Bome's Virtual MIDI Port;c:\windows\system32\drivers\bomemidi.sys [2009-10-15 24136]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - mbamchameleon
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
[COLOR=RED]NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents[/COLOR]
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
UxTuneUp
Wmi
WmdmPmSp
NTSIM
SfCtlCom
zmxpzip
CdaD10BA
openldap-slapd
winproxy
nic1394
zpjava
InCDsrvR
wlankeeper
mfebopk
epfw
vulfnths
s716nd5
blueservice
nidomainservice
btwavdt
Xponaut_WBD
nv
yukonwlh
cics.region2
webcompserver
AYDrvNT_ALYAC
MaxtorFrontPanel1
pktfilter
WDM_YAMAHAAC97
alertmanager
enxpsvc
avgarcln
W700mdfl
serialkeys
slip
zpsc
dmload
mxserver
sit_mdm
pdlnemsg
CdaC15BA
dbustrcm
vsmon
vulfntrs
Sk99202k
tmxpflt
ftpds
tapeware
clipsrv
KS0108
purgeieservice
w22n51
alcxwdm
buslogic
sqlagent$soshome22
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
Remise en état ... Vous devez faire redémarrer votre PC pour que cela prenne effet.
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 13:40	1211720	----a-w-	c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2014-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 16:35]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-25 09:19]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-25 09:19]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
Notify-xromnop - c:\windows\system32\config\systemprofile\AppData\Local\xromnop.dll
SafeBoot-61454945.sys
SafeBoot-75917441.sys
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1765441652-3825123164-819375994-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1765441652-3825123164-819375994-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2014-02-19  20:19:18
ComboFix-quarantined-files.txt  2014-02-19 19:19
.
Avant-CF: 7 535 042 560 octets libres
Après-CF: 7 257 358 336 octets libres
.
- - End Of File - - C1CD253B2C9E5FE4962EAE66C44F36AB
A36C5E4F47E84449FF07ED3517B43A31