Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 13-10-04.02 - Salaun 06/10/2013 21:47:44.2.2 - x64
Microsoft Windows�7 �dition Familiale Premium 6.1.7601.1.1252.33.1036.18.3839.2211 [GMT 2:00]
Lanc� depuis: c:\users\Salaun\Desktop\ComboFix.exe
Commutateurs utilis�s :: c:\users\Salaun\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2013-09-06 au 2013-10-06 ))))))))))))))))))))))))))))))))))))
.
.
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\TRAVAIL\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\STREAMING\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Sandrine\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Sandrine.PC-Salle_a_M\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Karine\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Jean-Christophe\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Aurelie\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-29 07:18 . 2013-09-29 07:18 -------- d-----w- c:\program files (x86)\CCleaner
2013-09-28 15:48 . 2013-09-28 15:48 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2013-09-27 18:32 . 2013-09-27 18:32 -------- d-----w- c:\users\Salaun\AppData\Local\Thunderbird
2013-09-27 18:32 . 2013-09-27 18:32 -------- d-----w- c:\users\Salaun\AppData\Roaming\Thunderbird
2013-09-27 18:32 . 2013-09-27 18:32 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-09-27 18:15 . 2013-09-27 18:15 -------- d-----w- c:\programdata\Kaspersky Lab
2013-09-24 18:31 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-24 18:31 . 2013-09-24 18:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-23 19:05 . 2013-09-23 19:05 -------- d-----w- c:\users\Salaun\AppData\Roaming\Malwarebytes
2013-09-23 19:04 . 2013-09-23 19:04 -------- d-----w- c:\programdata\Malwarebytes
2013-09-23 19:02 . 2013-09-23 19:02 -------- d-----w- c:\users\Salaun\AppData\Local\Programs
2013-09-23 18:53 . 2013-09-23 18:53 -------- d-----w- c:\windows\ERUNT
2013-09-23 18:39 . 2013-09-23 18:47 -------- d-----w- C:\AdwCleaner
2013-09-23 17:08 . 2013-09-26 15:33 -------- d-----w- c:\users\Salaun\AppData\Roaming\ZHP
2013-09-23 17:07 . 2013-09-23 17:07 -------- d-----w- c:\windows\SysWow64\{userappdata}
2013-09-22 14:01 . 2013-09-26 15:32 -------- d-----w- c:\program files (x86)\ZHPDiag
2013-09-22 14:01 . 2013-09-23 17:08 -------- d-----w- C:\ZHP
2013-09-22 11:05 . 2013-09-22 11:47 -------- d-----w- c:\users\Salaun\AppData\Roaming\Bitdefender
2013-09-22 09:25 . 2013-09-22 09:51 -------- d-----w- c:\programdata\Bitdefender
2013-09-22 09:25 . 2012-04-24 13:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-09-22 09:25 . 2012-04-11 15:03 138232 ------w- c:\windows\system32\drivers\gzflt.sys
2013-09-22 09:00 . 2012-04-17 12:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-09-22 09:00 . 2011-11-17 15:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-09-22 09:00 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
2013-09-22 09:00 . 2012-03-20 18:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-09-22 09:00 . 2012-02-17 14:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-09-13 08:08 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 20:53 . 2013-07-06 12:28 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-25 11:46 . 2013-08-25 11:46 0 --sh--w- c:\windows\SC6A3B978.tmp
2013-08-02 01:48 . 2013-09-13 08:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-16 09:00 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-16 09:00 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-16 09:00 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-16 09:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-16 09:05 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-16 09:00 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-16 09:05 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-16 09:05 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-16 09:05 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-16 09:00 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-16 09:05 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-16 09:05 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-16 09:05 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-16 09:05 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-08-25 1670080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"PDLPinfo"="c:\program files (x86)\PDLP\pdlpicon.exe" [2011-06-09 297472]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
[MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
[MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
[MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
[MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [BU]
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Envoyer � OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\Salaun\AppData\Roaming\Mozilla\Firefox\Profiles\mrd33jhg.default-1380137592320\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
.
.
.
Heure de fin: 2013-10-06 21:55:56
ComboFix-quarantined-files.txt 2013-10-06 19:55
ComboFix2.txt 2013-10-06 09:34
.
Avant-CF: 633�422�974�976 octets libres
Apr�s-CF: 633�095�897�088 octets libres
.
- - End Of File - - EB8A42DC4F48371E579140DF578E03F9
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows�7 �dition Familiale Premium 6.1.7601.1.1252.33.1036.18.3839.2211 [GMT 2:00]
Lanc� depuis: c:\users\Salaun\Desktop\ComboFix.exe
Commutateurs utilis�s :: c:\users\Salaun\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2013-09-06 au 2013-10-06 ))))))))))))))))))))))))))))))))))))
.
.
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\TRAVAIL\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\STREAMING\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Sandrine\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Sandrine.PC-Salle_a_M\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Karine\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Jean-Christophe\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Aurelie\AppData\Local\temp
2013-10-06 19:54 . 2013-10-06 19:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-29 07:18 . 2013-09-29 07:18 -------- d-----w- c:\program files (x86)\CCleaner
2013-09-28 15:48 . 2013-09-28 15:48 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2013-09-27 18:32 . 2013-09-27 18:32 -------- d-----w- c:\users\Salaun\AppData\Local\Thunderbird
2013-09-27 18:32 . 2013-09-27 18:32 -------- d-----w- c:\users\Salaun\AppData\Roaming\Thunderbird
2013-09-27 18:32 . 2013-09-27 18:32 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-09-27 18:15 . 2013-09-27 18:15 -------- d-----w- c:\programdata\Kaspersky Lab
2013-09-24 18:31 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-24 18:31 . 2013-09-24 18:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-23 19:05 . 2013-09-23 19:05 -------- d-----w- c:\users\Salaun\AppData\Roaming\Malwarebytes
2013-09-23 19:04 . 2013-09-23 19:04 -------- d-----w- c:\programdata\Malwarebytes
2013-09-23 19:02 . 2013-09-23 19:02 -------- d-----w- c:\users\Salaun\AppData\Local\Programs
2013-09-23 18:53 . 2013-09-23 18:53 -------- d-----w- c:\windows\ERUNT
2013-09-23 18:39 . 2013-09-23 18:47 -------- d-----w- C:\AdwCleaner
2013-09-23 17:08 . 2013-09-26 15:33 -------- d-----w- c:\users\Salaun\AppData\Roaming\ZHP
2013-09-23 17:07 . 2013-09-23 17:07 -------- d-----w- c:\windows\SysWow64\{userappdata}
2013-09-22 14:01 . 2013-09-26 15:32 -------- d-----w- c:\program files (x86)\ZHPDiag
2013-09-22 14:01 . 2013-09-23 17:08 -------- d-----w- C:\ZHP
2013-09-22 11:05 . 2013-09-22 11:47 -------- d-----w- c:\users\Salaun\AppData\Roaming\Bitdefender
2013-09-22 09:25 . 2013-09-22 09:51 -------- d-----w- c:\programdata\Bitdefender
2013-09-22 09:25 . 2012-04-24 13:28 329800 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-09-22 09:25 . 2012-04-11 15:03 138232 ------w- c:\windows\system32\drivers\gzflt.sys
2013-09-22 09:00 . 2012-04-17 12:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-09-22 09:00 . 2011-11-17 15:38 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-09-22 09:00 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
2013-09-22 09:00 . 2012-03-20 18:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-09-22 09:00 . 2012-02-17 14:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-09-13 08:08 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 20:53 . 2013-07-06 12:28 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-25 11:46 . 2013-08-25 11:46 0 --sh--w- c:\windows\SC6A3B978.tmp
2013-08-02 01:48 . 2013-09-13 08:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-16 09:00 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-16 09:00 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-16 09:00 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-16 09:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-16 09:05 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-16 09:00 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-16 09:05 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-16 09:05 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-16 09:05 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-16 09:00 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-16 09:05 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-16 09:05 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-16 09:05 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-16 09:05 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-08-25 1670080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"PDLPinfo"="c:\program files (x86)\PDLP\pdlpicon.exe" [2011-06-09 297472]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
[MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
[MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
[MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
[MsiInstallPath]\[ManufacturerName] SafeBox\SafeBoxShell.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [BU]
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Envoyer � OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
LSP: c:\program files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\Salaun\AppData\Roaming\Mozilla\Firefox\Profiles\mrd33jhg.default-1380137592320\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
.
.
.
Heure de fin: 2013-10-06 21:55:56
ComboFix-quarantined-files.txt 2013-10-06 19:55
ComboFix2.txt 2013-10-06 09:34
.
Avant-CF: 633�422�974�976 octets libres
Apr�s-CF: 633�095�897�088 octets libres
.
- - End Of File - - EB8A42DC4F48371E579140DF578E03F9
A36C5E4F47E84449FF07ED3517B43A31