Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse d'un compte-rendu


Messages recommandés

Bonjour a tous, j'ai fait une analyse à partir de Combofix et je voudrais que vous me l'analysiez.

Merci d'avance .

 

 

ComboFix 12-07-08.02 - Martins 09/07/2012 22:00:54.2.4 - x64

Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4008.2374 [GMT 2:00]

Lancé depuis: c:\users\Martins\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-06-09 au 2012-07-09 ))))))))))))))))))))))))))))))))))))

.

.

2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2012-07-09 20:05 . 2012-07-09 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-09 19:27 . 2012-07-09 19:27 -------- d-----w- c:\users\Martins\AppData\Local\Spirited_Machine

2012-07-09 19:24 . 2012-07-09 19:24 -------- d-----w- c:\users\Martins\AppData\Roaming\Spirited Machine

2012-07-08 21:16 . 2012-07-08 21:16 -------- d-----w- C:\Fraps

2012-07-08 18:34 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2032E71-B036-4356-A681-9950F59F7C9F}\mpengine.dll

2012-07-08 17:29 . 2012-07-08 17:29 -------- d-----w- c:\programdata\DriverGenius

2012-07-08 17:26 . 2012-07-08 17:26 -------- d-----w- c:\program files (x86)\Futuremark

2012-07-08 00:32 . 2012-07-08 00:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{207870BE-CF40-4319-8EFF-B6F12ABB9639}\gapaengine.dll

2012-07-08 00:32 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-08 00:29 . 2012-07-08 00:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-07-08 00:28 . 2012-07-08 00:29 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-08 00:06 . 2012-07-08 00:06 -------- d-----w- c:\windows\SysWow64\wbem\en-US

2012-07-08 00:06 . 2012-07-08 00:06 -------- d-----w- c:\windows\system32\wbem\en-US

2012-07-07 23:25 . 2012-07-09 02:16 -------- d-----w- c:\users\Martins\AppData\Local\Origin

2012-07-07 23:25 . 2012-07-08 00:19 -------- d-----w- c:\programdata\Origin

2012-07-07 23:23 . 2012-07-07 23:25 -------- d-----w- c:\program files (x86)\Origin

2012-07-07 23:21 . 2012-07-07 23:21 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-07-07 23:10 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1A287E7-EE64-4CEA-918A-BB89F4DC33D7}\mpengine.dll

2012-07-07 22:39 . 2012-07-07 22:39 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-07 22:38 . 2012-07-07 22:38 -------- d-----w- c:\program files (x86)\Java

2012-07-07 21:07 . 2012-07-07 21:07 -------- d-----w- c:\users\Martins\AppData\Local\ESET

2012-07-07 20:57 . 2012-07-07 20:57 -------- d-----w- c:\users\Martins\AppData\Roaming\GetRightToGo

2012-07-07 20:47 . 2012-07-09 16:06 -------- d-----w- c:\windows\SysWow64\NV

2012-07-07 20:47 . 2012-07-09 16:06 -------- d-----w- c:\windows\system32\NV

2012-07-07 20:42 . 2012-07-08 20:31 -------- d-----w- c:\users\UpdatusUser

2012-07-07 20:42 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-07-07 20:42 . 2012-05-15 09:29 858944 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-07-07 20:42 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-07-07 20:42 . 2012-05-15 09:29 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-07-07 20:42 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-07-07 20:42 . 2012-05-15 09:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-07-07 20:42 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-07-07 20:42 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-07-07 20:42 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-07-07 20:39 . 2012-07-07 20:39 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-07-07 16:27 . 2012-07-07 16:27 -------- d-----w- c:\users\Martins\AppData\Local\Electronic Arts

2012-07-07 16:05 . 2012-07-07 16:05 4086 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg

2012-07-07 16:05 . 2012-07-07 16:05 -------- d-----w- c:\users\Martins\AppData\Local\Downloaded Installations

2012-07-07 15:56 . 2012-07-07 15:56 -------- d-----w- c:\program files (x86)\Electronic Arts

2012-07-06 21:10 . 2012-07-09 17:19 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-06 21:10 . 2012-07-07 20:52 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-07-06 20:30 . 2012-07-06 20:30 -------- d-----w- c:\program files (x86)\Origin Games

2012-07-06 19:03 . 2012-07-06 19:06 -------- d-----w- c:\program files\Trend Micro

2012-07-06 19:01 . 2012-07-06 19:01 80512 ----a-w- c:\windows\AsusScr_K Series_ENG Uninstaller.exe

2012-07-06 13:15 . 2012-07-06 13:15 -------- d-----w- c:\users\Martins\AppData\Local\Mozilla

2012-07-06 02:08 . 2012-07-06 18:22 -------- d-----w- c:\users\Martins\AppData\Roaming\GlarySoft

2012-07-05 20:51 . 2012-07-05 20:50 955840 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-05 20:51 . 2012-07-05 20:50 839096 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-05 20:50 . 2012-07-05 20:50 -------- d-----w- c:\program files\Java

2012-07-01 23:30 . 2012-07-01 23:30 -------- d-----w- C:\NVIDIA

2012-07-01 23:21 . 2012-07-01 23:21 -------- d-----w- c:\program files (x86)\Oracle

2012-06-22 21:36 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-22 21:36 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-22 21:27 . 2012-06-22 21:27 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e327a2ac1cd50bd02\MeshBetaRemover.exe

2012-06-22 21:27 . 2012-06-22 21:27 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\DSETUP.dll

2012-06-22 21:27 . 2012-06-22 21:27 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\DXSETUP.exe

2012-06-22 21:27 . 2012-06-22 21:27 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\dsetup32.dll

2012-06-21 14:19 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 14:19 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 14:19 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 14:19 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 14:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 14:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 14:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 14:19 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 14:19 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-11 18:17 . 2012-06-11 18:17 71680 ----a-w- c:\windows\system32\frapsv64.dll

2012-06-11 18:17 . 2012-06-11 18:17 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-09 17:19 . 2012-01-24 19:43 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-09 17:08 . 2012-01-23 20:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-09 16:07 . 2011-05-26 12:56 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-07-06 19:01 . 2011-05-26 12:55 3058304 ----a-w- c:\windows\AsScrPro.exe

2012-06-30 10:00 . 2012-06-04 07:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-30 10:00 . 2011-12-07 13:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-31 10:25 . 2011-08-24 23:01 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-15 10:48 . 2011-05-26 12:49 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2011-05-26 12:49 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-07 20:35 . 2012-05-07 20:35 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-05-04 17:29 . 2012-05-20 20:12 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-04 17:29 . 2011-12-11 00:07 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-01-26 08:11 . 2012-03-31 12:12 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Boxore Client"="c:\program files (x86)\Boxore\BoxoreClient\boxore.exe" [2012-06-19 598320]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-07-06 3058304]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 549040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R2 supdate;Software Update Service (supdate);c:\program files (x86)\Software\Update\SoftwareUpdate.exe [2012-06-12 140080]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 257224]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1255736]

R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]

S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contenu du dossier 'Tâches planifiées'

.

2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:00]

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628171341-3364505553-282260691-1002Core.job

- c:\users\Martins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 13:48]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628171341-3364505553-282260691-1002UA.job

- c:\users\Martins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 13:48]

.

2012-07-09 c:\windows\Tasks\SoftwareUpdateTaskMachineCore.job

- c:\program files (x86)\Software\Update\SoftwareUpdate.exe [2012-03-31 15:49]

.

2012-07-09 c:\windows\Tasks\SoftwareUpdateTaskMachineUA.job

- c:\program files (x86)\Software\Update\SoftwareUpdate.exe [2012-03-31 15:49]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll

.

------- Examen supplémentaire -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.254

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM-Run-VizorHtmlDialog.exe - c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe

AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2012-07-09 22:07:47

ComboFix-quarantined-files.txt 2012-07-09 20:07

.

Avant-CF: 152 162 164 736 octets libres

Après-CF: 152 075 808 768 octets libres

.

- - End Of File - - 30467F9622AFF93798FED7B56ECB70BD

Lien vers le commentaire
Partager sur d’autres sites

Bonjour,

 

Combofix est un logiciel très puissant qui ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version téléchargée sera obsolète dans quelques jours.

 

# Dans le bloc-note ,copiez-collez ces lignes :

Killall::

Driver::

supdate

File::

c:\program files (x86)\Software\Update\SoftwareUpdate.exe

c:\program files (x86)\Boxore\BoxoreClient\boxore.exe

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Boxore Client"=-

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

Ouvrez Combofix

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

CFScriptB-4.gif

 

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.

Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

 

Le rapport de ComboFix ne s'affichera qu'à la fin

Poster son contenu.

Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Lien vers le commentaire
Partager sur d’autres sites

Voici le compte-rendu, merci de l'aide .

 

 

ComboFix 12-07-10.01 - Martins 10/07/2012 18:33:17.3.4 - x64

Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4008.2606 [GMT 2:00]

Lancé depuis: c:\users\Martins\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\Martins\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files (x86)\Boxore\BoxoreClient\boxore.exe"

"c:\program files (x86)\Software\Update\SoftwareUpdate.exe"

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Boxore\BoxoreClient\boxore.exe

c:\program files (x86)\Software\Update\SoftwareUpdate.exe

.

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_supdate

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2012-06-10 au 2012-07-10 ))))))))))))))))))))))))))))))))))))

.

.

2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2012-07-10 16:37 . 2012-07-10 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-09 21:51 . 2012-07-10 16:20 -------- d-----w- c:\program files (x86)\Steam

2012-07-09 21:00 . 2012-07-10 10:03 -------- d-----w- c:\windows\SysWow64\NV

2012-07-09 21:00 . 2012-07-10 10:03 -------- d-----w- c:\windows\system32\NV

2012-07-09 20:57 . 2012-07-09 20:57 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-09 20:57 . 2012-07-09 20:57 -------- d-----w- c:\program files (x86)\Oracle

2012-07-09 20:56 . 2012-07-09 20:56 -------- d-----w- c:\program files (x86)\Java

2012-07-09 20:50 . 2012-05-15 10:48 949056 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-07-09 20:46 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5D9403C-D63C-46EA-8A8C-BFD673666288}\mpengine.dll

2012-07-09 20:10 . 2012-05-30 19:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-09 19:27 . 2012-07-09 19:27 -------- d-----w- c:\users\Martins\AppData\Local\Spirited_Machine

2012-07-09 19:24 . 2012-07-09 19:24 -------- d-----w- c:\users\Martins\AppData\Roaming\Spirited Machine

2012-07-08 21:16 . 2012-07-08 21:16 -------- d-----w- C:\Fraps

2012-07-08 17:29 . 2012-07-08 17:29 -------- d-----w- c:\programdata\DriverGenius

2012-07-08 17:26 . 2012-07-08 17:26 -------- d-----w- c:\program files (x86)\Futuremark

2012-07-08 00:32 . 2012-07-08 00:32 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{207870BE-CF40-4319-8EFF-B6F12ABB9639}\gapaengine.dll

2012-07-08 00:29 . 2012-07-08 00:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-07-08 00:28 . 2012-07-08 00:29 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-08 00:06 . 2012-07-08 00:06 -------- d-----w- c:\windows\SysWow64\wbem\en-US

2012-07-08 00:06 . 2012-07-08 00:06 -------- d-----w- c:\windows\system32\wbem\en-US

2012-07-07 23:25 . 2012-07-09 02:16 -------- d-----w- c:\users\Martins\AppData\Local\Origin

2012-07-07 23:25 . 2012-07-08 00:19 -------- d-----w- c:\programdata\Origin

2012-07-07 23:23 . 2012-07-07 23:25 -------- d-----w- c:\program files (x86)\Origin

2012-07-07 23:21 . 2012-07-07 23:21 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-07-07 23:10 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1A287E7-EE64-4CEA-918A-BB89F4DC33D7}\mpengine.dll

2012-07-07 21:07 . 2012-07-07 21:07 -------- d-----w- c:\users\Martins\AppData\Local\ESET

2012-07-07 20:57 . 2012-07-07 20:57 -------- d-----w- c:\users\Martins\AppData\Roaming\GetRightToGo

2012-07-07 16:27 . 2012-07-07 16:27 -------- d-----w- c:\users\Martins\AppData\Local\Electronic Arts

2012-07-07 16:05 . 2012-07-07 16:05 4086 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg

2012-07-07 16:05 . 2012-07-07 16:05 -------- d-----w- c:\users\Martins\AppData\Local\Downloaded Installations

2012-07-07 15:56 . 2012-07-07 15:56 -------- d-----w- c:\program files (x86)\Electronic Arts

2012-07-06 21:10 . 2012-07-10 00:16 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-06 21:10 . 2012-07-07 20:52 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-07-06 20:30 . 2012-07-06 20:30 -------- d-----w- c:\program files (x86)\Origin Games

2012-07-06 19:03 . 2012-07-06 19:06 -------- d-----w- c:\program files\Trend Micro

2012-07-06 19:01 . 2012-07-06 19:01 80512 ----a-w- c:\windows\AsusScr_K Series_ENG Uninstaller.exe

2012-07-06 13:15 . 2012-07-06 13:15 -------- d-----w- c:\users\Martins\AppData\Local\Mozilla

2012-07-06 02:08 . 2012-07-06 18:22 -------- d-----w- c:\users\Martins\AppData\Roaming\GlarySoft

2012-07-05 20:51 . 2012-07-05 20:50 955840 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-07-05 20:51 . 2012-07-05 20:50 839096 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-01 23:30 . 2012-07-01 23:30 -------- d-----w- C:\NVIDIA

2012-06-22 21:36 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-22 21:36 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-22 21:27 . 2012-06-22 21:27 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e327a2ac1cd50bd02\MeshBetaRemover.exe

2012-06-22 21:27 . 2012-06-22 21:27 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\DSETUP.dll

2012-06-22 21:27 . 2012-06-22 21:27 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\DXSETUP.exe

2012-06-22 21:27 . 2012-06-22 21:27 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e2cd2e621cd50bd01\dsetup32.dll

2012-06-21 14:19 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 14:19 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 14:19 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 14:19 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 14:19 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 14:19 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 14:19 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 14:19 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 14:19 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-11 18:17 . 2012-06-11 18:17 71680 ----a-w- c:\windows\system32\frapsv64.dll

2012-06-11 18:17 . 2012-06-11 18:17 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-10 16:39 . 2011-05-26 12:56 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-07-10 00:16 . 2012-01-24 19:43 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-09 23:14 . 2012-01-23 20:32 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-06 19:01 . 2011-05-26 12:55 3058304 ----a-w- c:\windows\AsScrPro.exe

2012-06-30 10:00 . 2012-06-04 07:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-30 10:00 . 2011-12-07 13:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-31 10:25 . 2011-08-24 23:01 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-07 20:35 . 2012-05-07 20:35 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-05-04 17:29 . 2012-05-20 20:12 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-04 17:29 . 2011-12-11 00:07 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-01-26 08:11 . 2012-03-31 12:12 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-07-06 3058304]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 549040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 257224]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-02 1255736]

R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]

S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contenu du dossier 'Tâches planifiées'

.

2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:00]

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628171341-3364505553-282260691-1002Core.job

- c:\users\Martins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 13:48]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3628171341-3364505553-282260691-1002UA.job

- c:\users\Martins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 13:48]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"combofix"="c:\combofix\CF8842.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll

.

------- Examen supplémentaire -------

.

uStart Page = about:blank

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.254

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-VizorHtmlDialog.exe - c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe

AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 3\pbsvc.exe

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Autres processus actifs ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Heure de fin: 2012-07-10 18:42:53 - La machine a redémarré

ComboFix-quarantined-files.txt 2012-07-10 16:42

ComboFix2.txt 2012-07-09 20:07

.

Avant-CF: 150 987 333 632 octets libres

Après-CF: 150 544 957 440 octets libres

.

- - End Of File - - A5B87D372F6238A6DEB63B6C7C2FD9E0

Lien vers le commentaire
Partager sur d’autres sites

Combofix est très puissant et ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version que vous avez chargée sera obsolète dans quelques jours.

Pour supprimer Combofix:

Démarrer > Exécuter ->

Copier/coller:

"%userprofile%\Bureau\ComboFix.exe" /uninstall

En cas d'échec:

Renommer ComboFix.exe qui est sur votre bureau -> Uninstall.exe et double cliquez dessus.

Supprimez C:\qoobox si vous le trouvez

 

 

Encore autre chose ?

Lien vers le commentaire
Partager sur d’autres sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Share

  • En ligne récemment   0 membre est en ligne

    Aucun utilisateur enregistré regarde cette page.

×
×
  • Créer...