Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 13-04-01.01 - benjamin 01/04/2013 19:12:31.1.2 - x86
Microsoft Windows�7 �dition Starter 6.1.7601.1.1252.33.1036.18.1014.376 [GMT 2:00]
Lanc� depuis: c:\users\benjamin1\Desktop\prog.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2013-03-01 au 2013-04-01 ))))))))))))))))))))))))))))))))))))
.
.
2030-01-01 12:13 . 2030-01-01 12:13 -------- d-----w- C:\Boot
2013-04-01 17:32 . 2013-04-01 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-01 17:32 . 2013-04-01 17:32 -------- d-----w- c:\users\benjamin1\AppData\Local\temp
2013-04-01 17:32 . 2013-04-01 17:32 -------- d-----w- c:\users\benjamin\AppData\Local\temp
2013-03-31 12:18 . 2013-03-31 12:18 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-03-31 09:55 . 2013-04-01 17:18 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A687BE9E-D77C-40C2-9DFE-3F36FE1241D1}\offreg.dll
2013-03-30 19:40 . 2013-03-30 19:40 -------- d-----w- C:\_OTL
2013-03-30 16:58 . 2013-03-30 16:58 512 ----a-w- C:\PhysicalMBR.bin
2013-03-30 16:32 . 2013-03-30 16:35 5611 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-29 16:46 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A687BE9E-D77C-40C2-9DFE-3F36FE1241D1}\mpengine.dll
2013-03-26 16:52 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 13:21 . 2013-02-25 17:31 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 13:21 . 2013-02-25 17:31 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 04:48 . 2013-03-13 08:46 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 08:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2012-04-21 12:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-20 08:39 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-20 08:38 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-03 05:05 . 2013-02-20 08:39 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-20 08:39 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-28 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-03-11 34728]
"LiveUpdate"="AsusSender.exe" [2011-03-11 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-27 9177632]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-06-10 548744]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\benjamin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\Asus\AsusVibe\AsusVibeLauncher.exe [2012-2-9 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 19:41 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 13:21]
.
2013-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2324675793-2743908109-805231890-1000Core.job
- c:\users\benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28 18:48]
.
2013-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2324675793-2743908109-805231890-1000UA.job
- c:\users\benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28 18:48]
.
2013-03-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2324675793-2743908109-805231890-1001Core.job
- c:\users\benjamin1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-05 20:24]
.
2013-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2324675793-2743908109-805231890-1001UA.job
- c:\users\benjamin1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-05 20:24]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-19 16:02]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-19 16:02]
.
2013-03-20 c:\windows\Tasks\Norton Security Scan for benjamin.job
- c:\progra~1\NORTON~2\Engine\372~1.10\Nss.exe [2013-01-05 07:37]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2507618~31bf3856ad364e35~x86~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000050
"CurrentState"=dword:00000070
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2753842~31bf3856ad364e35~x86~~6.1.2.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-04-01 19:38:21
ComboFix-quarantined-files.txt 2013-04-01 17:38
.
Avant-CF: 73�694�547�968 octets libres
Apr�s-CF: 73�491�148�800 octets libres
.
- - End Of File - - C80628A8314D682164BB23B88E235909
Microsoft Windows�7 �dition Starter 6.1.7601.1.1252.33.1036.18.1014.376 [GMT 2:00]
Lanc� depuis: c:\users\benjamin1\Desktop\prog.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2013-03-01 au 2013-04-01 ))))))))))))))))))))))))))))))))))))
.
.
2030-01-01 12:13 . 2030-01-01 12:13 -------- d-----w- C:\Boot
2013-04-01 17:32 . 2013-04-01 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-01 17:32 . 2013-04-01 17:32 -------- d-----w- c:\users\benjamin1\AppData\Local\temp
2013-04-01 17:32 . 2013-04-01 17:32 -------- d-----w- c:\users\benjamin\AppData\Local\temp
2013-03-31 12:18 . 2013-03-31 12:18 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-03-31 09:55 . 2013-04-01 17:18 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A687BE9E-D77C-40C2-9DFE-3F36FE1241D1}\offreg.dll
2013-03-30 19:40 . 2013-03-30 19:40 -------- d-----w- C:\_OTL
2013-03-30 16:58 . 2013-03-30 16:58 512 ----a-w- C:\PhysicalMBR.bin
2013-03-30 16:32 . 2013-03-30 16:35 5611 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-29 16:46 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A687BE9E-D77C-40C2-9DFE-3F36FE1241D1}\mpengine.dll
2013-03-26 16:52 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 13:21 . 2013-02-25 17:31 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 13:21 . 2013-02-25 17:31 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 04:48 . 2013-03-13 08:46 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 08:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2012-04-21 12:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-20 08:39 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-20 08:38 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-03 05:05 . 2013-02-20 08:39 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-20 08:39 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-28 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HotkeyMon"="AsusSender.exe" [2011-03-11 34728]
"HotkeyService"="AsusSender.exe" [2011-03-11 34728]
"SuperHybridEngine"="AsusSender.exe" [2011-03-11 34728]
"LiveUpdate"="AsusSender.exe" [2011-03-11 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-27 9177632]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-06-10 548744]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\benjamin1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\Asus\AsusVibe\AsusVibeLauncher.exe [2012-2-9 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-14 19:41 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 13:21]
.
2013-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2324675793-2743908109-805231890-1000Core.job
- c:\users\benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28 18:48]
.
2013-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2324675793-2743908109-805231890-1000UA.job
- c:\users\benjamin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-28 18:48]
.
2013-03-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2324675793-2743908109-805231890-1001Core.job
- c:\users\benjamin1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-05 20:24]
.
2013-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2324675793-2743908109-805231890-1001UA.job
- c:\users\benjamin1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-05 20:24]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-19 16:02]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-19 16:02]
.
2013-03-20 c:\windows\Tasks\Norton Security Scan for benjamin.job
- c:\progra~1\NORTON~2\Engine\372~1.10\Nss.exe [2013-01-05 07:37]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-EeeSplendidAgent - c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2507618~31bf3856ad364e35~x86~~6.1.1.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000050
"CurrentState"=dword:00000070
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Component Based Servicing\ApplicabilityEvaluationCache\Package_for_KB2753842~31bf3856ad364e35~x86~~6.1.2.0]
@DACL=(02 0000)
"ApplicabilityState"=dword:00000070
"CurrentState"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-04-01 19:38:21
ComboFix-quarantined-files.txt 2013-04-01 17:38
.
Avant-CF: 73�694�547�968 octets libres
Apr�s-CF: 73�491�148�800 octets libres
.
- - End Of File - - C80628A8314D682164BB23B88E235909