Aller au contenu

Bandiido92

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    2

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Bandiido92

  1. Bandiido92
    Voici le compte-rendu, merci de l'aide . ComboFix 12-07-10.01 - Martins 10/07/2012 18:33:17.3.4 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4008.2606 [GMT 2:00] Lancé depuis: c:\users\Martins\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Martins\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\program files (x86)\Boxore\BoxoreClient\boxore.exe" "c:\program files (x86)\Software\Update\SoftwareUpdate.exe" . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Boxore\BoxoreClient\boxore.exe c:\program files (x86)\Software\Update\SoftwareUpdate.exe . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_supdate . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-10 au 2012-07-10 )))))))))))))))))))))))))))))))))))) . . 2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2012-07-10 16:37 . 2012-07-10 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-09 21:51 . 2012-07-10 16:20 -------- d-----w- c:\program files (x86)\Steam 2012-07-09 21:00 . 2012-07-10 10:03 -------- d-----w- c:\windows\SysWow64\NV 2012-07-09 21:00 . 2012-07-10 10:03 -------- d-----w- c:\windows\system32\NV 2012-07-09 20:57 . 2012-07-09 20:57 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-09 20:57 . 2012-07-09 20:57 -------- d-----w- c:\program files (x86)\Oracle 2012-07-09 20:56 . 2012-07-09 20:56 -------- d-----w- c:\program files (x86)\Java 2012-07-09 20:50 . 2012-05-15 10:48 949056 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-07-09 20:46 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5D9403C-D63C-46EA-8A8C-BFD673666288}\mpengine.dll 2012-07-09 20:10 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-09 19:27 . 2012-07-09 19:27 -------- d-----w- c:\users\Martins\AppData\Local\Spirited_Machine 2012-07-09 19:24 . 2012-07-09 19:24 -------- d-----w- c:\users\Martins\AppData\Roaming\Spirited Machine 2012-07-08 21:16 . 2012-07-08 21:16 -------- d-----w- C:\Fraps 2012-07-08 17:29 . 2012-07-08 17:29 -------- d-----w- c:\programdata\DriverGenius 2012-07-08 17:26 . 2012-07-08 17:26 -------- d-----w- c:\program files (x86)\Futuremark 2012-07-08 00:32 . 2012-07-08 00:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{207870BE-CF40-4319-8EFF-B6F12ABB9639}\gapaengine.dll 2012-07-08 00:29 . 2012-07-08 00:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-07-08 00:28 . 2012-07-08 00:29 -------- d-----w- c:\program files\Microsoft Security Client 2012-07-08 00:06 . 2012-07-08 00:06 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2012-07-08 00:06 . 2012-07-08 00:06 -------- d-----w- c:\windows\system32\wbem\en-US 2012-07-07 23:25 . 2012-07-09 02:16 -------- d-----w- c:\users\Martins\AppData\Local\Origin 2012-07-07 23:25 . 2012-07-08 00:19 -------- d-----w- c:\programdata\Origin 2012-07-07 23:23 . 2012-07-07 23:25 -------- d-----w- c:\program files (x86)\Origin 2012-07-07 23:21 . 2012-07-07 23:21 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins 2012-07-07 23:10 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1A287E7-EE64-4CEA-918A-BB89F4DC33D7}\mpengine.dll 2012-07-07 21:07 . 2012-07-07 21:07 -------- d-----w- c:\users\Martins\AppData\Local\ESET 2012-07-07 20:57 . 2012-07-07 20:57 -------- d-----w- c:\users\Martins\AppData\Roaming\GetRightToGo 2012-07-07 16:27 . 2012-07-07 16:27 -------- d-----w- c:\users\Martins\AppData\Local\Electronic Arts 2012-07-07 16:05 . 2012-07-07 16:05 4086 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg 2012-07-07 16:05 . 2012-07-07 16:05 -------- d-----w- c:\users\Martins\AppData\Local\Downloaded Installations 2012-07-07 15:56 . 2012-07-07 15:56 -------- d-----w- c:\program files (x86)\Electronic Arts 2012-07-06 21:10 . 2012-07-10 00:16 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-06 21:10 . 2012-07-07 20:52 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-07-06 20:30 . 2012-07-06 20:30 -------- d-----w- c:\program files (x86)\Origin Games 2012-07-06 19:03 . 2012-07-06 19:06 -------- d-----w- c:\program files\Trend Micro 2012-07-06 19:01 . 2012-07-06 19:01 80512 ----a-w- c:\windows\AsusScr_K Series_ENG Uninstaller.exe 2012-07-06 13:15 . 2012-07-06 13:15 -------- d-----w- c:\users\Martins\AppData\Local\Mozilla 2012-07-06 02:08 . 2012-07-06 18:22 -------- d-----w- c:\users\Martins\AppData\Roaming\GlarySoft 2012-07-05 20:51 . 2012-07-05 20:50 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-05 20:51 . 2012-07-05 20:50 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-01 23:30 . 2012-07-01 23:30 -------- d-----w- C:\NVIDIA 2012-06-22 21:36 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-22 21:36 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-22 21:27 . 2012-06-22 21:27 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e327a2ac1cd50bd02\MeshBetaRemover.exe 2012-06-22 21:27 . 2012-06-22 21:27 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\DSETUP.dll 2012-06-22 21:27 . 2012-06-22 21:27 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\DXSETUP.exe 2012-06-22 21:27 . 2012-06-22 21:27 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\dsetup32.dll 2012-06-21 14:19 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 14:19 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 14:19 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 14:19 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 14:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 14:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 14:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 14:19 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 14:19 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-11 18:17 . 2012-06-11 18:17 71680 ----a-w- c:\windows\system32\frapsv64.dll 2012-06-11 18:17 . 2012-06-11 18:17 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-10 16:39 . 2011-05-26 12:56 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-07-10 00:16 . 2012-01-24 19:43 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-07-09 23:14 . 2012-01-23 20:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-06 19:01 . 2011-05-26 12:55 3058304 ----a-w- c:\windows\AsScrPro.exe 2012-06-30 10:00 . 2012-06-04 07:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-30 10:00 . 2011-12-07 13:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-31 10:25 . 2011-08-24 23:01 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-07 20:35 . 2012-05-07 20:35 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-05-04 17:29 . 2012-05-20 20:12 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-04 17:29 . 2011-12-11 00:07 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2010-01-26 08:11 . 2012-03-31 12:12 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-07-06 3058304] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 549040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 257224] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1255736] R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992] S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contenu du dossier 'Tâches planifiées' . 2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:00] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628171341-3364505553-282260691-1002Core.job - c:\users\Martins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 13:48] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628171341-3364505553-282260691-1002UA.job - c:\users\Martins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 13:48] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "combofix"="c:\combofix\CF8842.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll . ------- Examen supplémentaire ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.254 . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-VizorHtmlDialog.exe - c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Heure de fin: 2012-07-10 18:42:53 - La machine a redémarré ComboFix-quarantined-files.txt 2012-07-10 16:42 ComboFix2.txt 2012-07-09 20:07 . Avant-CF: 150 987 333 632 octets libres Après-CF: 150 544 957 440 octets libres . - - End Of File - - A5B87D372F6238A6DEB63B6C7C2FD9E0
  2. Bandiido92
    Bonjour a tous, j'ai fait une analyse à partir de Combofix et je voudrais que vous me l'analysiez. Merci d'avance . ComboFix 12-07-08.02 - Martins 09/07/2012 22:00:54.2.4 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4008.2374 [GMT 2:00] Lancé depuis: c:\users\Martins\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-09 au 2012-07-09 )))))))))))))))))))))))))))))))))))) . . 2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2012-07-09 20:05 . 2012-07-09 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-09 19:27 . 2012-07-09 19:27 -------- d-----w- c:\users\Martins\AppData\Local\Spirited_Machine 2012-07-09 19:24 . 2012-07-09 19:24 -------- d-----w- c:\users\Martins\AppData\Roaming\Spirited Machine 2012-07-08 21:16 . 2012-07-08 21:16 -------- d-----w- C:\Fraps 2012-07-08 18:34 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2032E71-B036-4356-A681-9950F59F7C9F}\mpengine.dll 2012-07-08 17:29 . 2012-07-08 17:29 -------- d-----w- c:\programdata\DriverGenius 2012-07-08 17:26 . 2012-07-08 17:26 -------- d-----w- c:\program files (x86)\Futuremark 2012-07-08 00:32 . 2012-07-08 00:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{207870BE-CF40-4319-8EFF-B6F12ABB9639}\gapaengine.dll 2012-07-08 00:32 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-08 00:29 . 2012-07-08 00:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-07-08 00:28 . 2012-07-08 00:29 -------- d-----w- c:\program files\Microsoft Security Client 2012-07-08 00:06 . 2012-07-08 00:06 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2012-07-08 00:06 . 2012-07-08 00:06 -------- d-----w- c:\windows\system32\wbem\en-US 2012-07-07 23:25 . 2012-07-09 02:16 -------- d-----w- c:\users\Martins\AppData\Local\Origin 2012-07-07 23:25 . 2012-07-08 00:19 -------- d-----w- c:\programdata\Origin 2012-07-07 23:23 . 2012-07-07 23:25 -------- d-----w- c:\program files (x86)\Origin 2012-07-07 23:21 . 2012-07-07 23:21 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins 2012-07-07 23:10 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1A287E7-EE64-4CEA-918A-BB89F4DC33D7}\mpengine.dll 2012-07-07 22:39 . 2012-07-07 22:39 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-07 22:38 . 2012-07-07 22:38 -------- d-----w- c:\program files (x86)\Java 2012-07-07 21:07 . 2012-07-07 21:07 -------- d-----w- c:\users\Martins\AppData\Local\ESET 2012-07-07 20:57 . 2012-07-07 20:57 -------- d-----w- c:\users\Martins\AppData\Roaming\GetRightToGo 2012-07-07 20:47 . 2012-07-09 16:06 -------- d-----w- c:\windows\SysWow64\NV 2012-07-07 20:47 . 2012-07-09 16:06 -------- d-----w- c:\windows\system32\NV 2012-07-07 20:42 . 2012-07-08 20:31 -------- d-----w- c:\users\UpdatusUser 2012-07-07 20:42 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-07-07 20:42 . 2012-05-15 09:29 858944 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-07-07 20:42 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-07-07 20:42 . 2012-05-15 09:29 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-07-07 20:42 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-07-07 20:42 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-07-07 20:42 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll 2012-07-07 20:42 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-07-07 20:42 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll 2012-07-07 20:39 . 2012-07-07 20:39 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-07-07 16:27 . 2012-07-07 16:27 -------- d-----w- c:\users\Martins\AppData\Local\Electronic Arts 2012-07-07 16:05 . 2012-07-07 16:05 4086 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg 2012-07-07 16:05 . 2012-07-07 16:05 -------- d-----w- c:\users\Martins\AppData\Local\Downloaded Installations 2012-07-07 15:56 . 2012-07-07 15:56 -------- d-----w- c:\program files (x86)\Electronic Arts 2012-07-06 21:10 . 2012-07-09 17:19 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-06 21:10 . 2012-07-07 20:52 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-07-06 20:30 . 2012-07-06 20:30 -------- d-----w- c:\program files (x86)\Origin Games 2012-07-06 19:03 . 2012-07-06 19:06 -------- d-----w- c:\program files\Trend Micro 2012-07-06 19:01 . 2012-07-06 19:01 80512 ----a-w- c:\windows\AsusScr_K Series_ENG Uninstaller.exe 2012-07-06 13:15 . 2012-07-06 13:15 -------- d-----w- c:\users\Martins\AppData\Local\Mozilla 2012-07-06 02:08 . 2012-07-06 18:22 -------- d-----w- c:\users\Martins\AppData\Roaming\GlarySoft 2012-07-05 20:51 . 2012-07-05 20:50 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-05 20:51 . 2012-07-05 20:50 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-05 20:50 . 2012-07-05 20:50 -------- d-----w- c:\program files\Java 2012-07-01 23:30 . 2012-07-01 23:30 -------- d-----w- C:\NVIDIA 2012-07-01 23:21 . 2012-07-01 23:21 -------- d-----w- c:\program files (x86)\Oracle 2012-06-22 21:36 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-22 21:36 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-22 21:27 . 2012-06-22 21:27 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e327a2ac1cd50bd02\MeshBetaRemover.exe 2012-06-22 21:27 . 2012-06-22 21:27 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\DSETUP.dll 2012-06-22 21:27 . 2012-06-22 21:27 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\DXSETUP.exe 2012-06-22 21:27 . 2012-06-22 21:27 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\dsetup32.dll 2012-06-21 14:19 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 14:19 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 14:19 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 14:19 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 14:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 14:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 14:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 14:19 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 14:19 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-11 18:17 . 2012-06-11 18:17 71680 ----a-w- c:\windows\system32\frapsv64.dll 2012-06-11 18:17 . 2012-06-11 18:17 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-09 17:19 . 2012-01-24 19:43 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-07-09 17:08 . 2012-01-23 20:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-09 16:07 . 2011-05-26 12:56 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-07-06 19:01 . 2011-05-26 12:55 3058304 ----a-w- c:\windows\AsScrPro.exe 2012-06-30 10:00 . 2012-06-04 07:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-30 10:00 . 2011-12-07 13:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-31 10:25 . 2011-08-24 23:01 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-15 10:48 . 2011-05-26 12:49 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-05-15 10:48 . 2011-05-26 12:49 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-05-07 20:35 . 2012-05-07 20:35 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-05-04 17:29 . 2012-05-20 20:12 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-04 17:29 . 2011-12-11 00:07 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2010-01-26 08:11 . 2012-03-31 12:12 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Boxore Client"="c:\program files (x86)\Boxore\BoxoreClient\boxore.exe" [2012-06-19 598320] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-07-06 3058304] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 549040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R2 supdate;Software Update Service (supdate);c:\program files (x86)\Software\Update\SoftwareUpdate.exe [2012-06-12 140080] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 257224] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1255736] R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992] S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Contenu du dossier 'Tâches planifiées' . 2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:00] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628171341-3364505553-282260691-1002Core.job - c:\users\Martins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 13:48] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628171341-3364505553-282260691-1002UA.job - c:\users\Martins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 13:48] . 2012-07-09 c:\windows\Tasks\SoftwareUpdateTaskMachineCore.job - c:\program files (x86)\Software\Update\SoftwareUpdate.exe [2012-03-31 15:49] . 2012-07-09 c:\windows\Tasks\SoftwareUpdateTaskMachineUA.job - c:\program files (x86)\Software\Update\SoftwareUpdate.exe [2012-03-31 15:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096] "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll . ------- Examen supplémentaire ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.254 . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) HKLM-Run-VizorHtmlDialog.exe - c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe . . . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Heure de fin: 2012-07-09 22:07:47 ComboFix-quarantined-files.txt 2012-07-09 20:07 . Avant-CF: 152 162 164 736 octets libres Après-CF: 152 075 808 768 octets libres . - - End Of File - - 30467F9622AFF93798FED7B56ECB70BD
×
×
  • Créer...