Compte rendu ComboFix

axerebelion · le 19 mars 2013

Bonjour.

Voila depuis quelque temps j'ai ma carte graphique qui ce met en plaine charge d'utilisation, meme quand je suis sur le bureau a ne rien faire, j'ai donc décidé de redémarrer le pc, rien a faire ensuite j'ai décidé de réinstaller les driver et la lors de la réinstallation le message "svchost.exe vient d’être arrêter" a ce moment précis j'entend les ventilos de ma carte graphique ralentir et le mode full redeviens normal et quand je redémare le pc bing ça repars a fond.

J'ai donc été voir dans le gestionnaire de taches ce fameux svchost.exe et quand j’arrête son processus ça redeviens normal néanmoins je n'arrive pas a voir les services, j'ai même son emplacement et en le suppriment il revient après chaque redémarrage en fait son vrai nom est "svchost.exe*32"

Apres quelques recherche sur le net il semblerait que ce soit un virus d'ailleurs en lançant un scan avec trojan killer je le retrouve dans la liste des virus, cependant trojan killer et ses confrères me demandes une somme non négligeable pour l’éradication et en plus sans certitudes.

j'ai donc fouiné sur la toile pour l'utilisation de combofix, qui semblerait il règle ce problème.

Je l'est installé et fait le scan après redémarrage le problème est revenu.

je poste donc le compte rendu de combo fixe sur ce forum car il est conseillé par d'autre car apparamment ont trouverais des personnes aguéris pour résoudre ce genre de problème ici même.

MERCI d'avance

PS je suis sous windows 7 64

ComboFix 13-03-19.01 - AXEREBELION 19/03/2013 19:44:03.1.6 - x64

Microsoft Windows 7 Édition Intégrale N 6.1.7601.1.1252.33.1036.18.16354.13611 [GMT 1:00]

Lancé depuis: c:\users\AXEREBELION\Downloads\ComboFix.exe

AV: ESET Smart Security 4.2 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: Pare-feu personnel d'ESET *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.2 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\AXEREB~1\AppData\Local\Temp\dispdrv.exe

c:\users\AXEREBELION\AppData\Local\Temp\dispdrv.exe

c:\users\Public\Documents\dll

c:\windows\SysWow64\pt

c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll

c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Windows Internet Name Service

.

((((((((((((((((((((((((((((( Fichiers créés du 2013-02-19 au 2013-03-19 ))))))))))))))))))))))))))))))))))))

.

2013-03-19 18:48 . 2013-03-19 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-19 17:40 . 2013-03-19 17:40 -------- d-----w- c:\programdata\ATI

2013-03-19 17:40 . 2013-03-19 17:40 -------- d-----w- c:\program files\Common Files\ATI Technologies

2013-03-19 17:40 . 2013-03-19 17:40 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2013-03-19 17:40 . 2013-03-19 17:40 -------- d-----w- c:\program files (x86)\AMD AVT

2013-03-17 22:18 . 2013-03-18 20:22 -------- d-----w- c:\users\AXEREBELION\AppData\Local\Arma 3 Alpha

2013-03-14 21:19 . 2013-03-14 21:19 78432 ----a-w- c:\windows\system32\atimpc64.dll

2013-03-14 21:19 . 2013-03-14 21:19 78432 ----a-w- c:\windows\system32\amdpcom64.dll

2013-03-14 21:19 . 2013-03-14 21:19 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll

2013-03-14 21:19 . 2013-03-14 21:19 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2013-03-14 21:19 . 2013-03-14 21:19 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2013-03-14 21:19 . 2013-03-14 21:19 113464 ----a-w- c:\windows\system32\atiu9p64.dll

2013-03-14 21:19 . 2013-03-14 21:19 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2013-03-14 21:19 . 2013-03-14 21:19 968864 ----a-w- c:\windows\SysWow64\aticfx32.dll

2013-03-14 21:19 . 2013-03-14 21:19 7232824 ----a-w- c:\windows\SysWow64\atidxx32.dll

2013-03-14 21:19 . 2013-03-14 21:19 5940656 ----a-w- c:\windows\SysWow64\atiumdag.dll

2013-03-14 21:19 . 2013-03-14 21:19 5034792 ----a-w- c:\windows\system32\atiumd6a.dll

2013-03-14 21:19 . 2013-03-14 21:19 6980480 ----a-w- c:\windows\system32\atiumd64.dll

2013-03-14 21:17 . 2013-03-14 21:17 11613184 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2013-03-14 20:47 . 2013-03-14 20:47 24090112 ----a-w- c:\windows\system32\atio6axx.dll

2013-03-14 20:44 . 2013-03-14 20:44 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2013-03-14 20:42 . 2013-03-14 20:42 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2013-03-14 20:42 . 2013-03-14 20:42 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2013-03-14 20:42 . 2013-03-14 20:42 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2013-03-14 20:42 . 2013-03-14 20:42 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2013-03-14 20:41 . 2013-03-14 20:41 16082944 ----a-w- c:\windows\system32\aticaldd64.dll

2013-03-14 20:37 . 2013-03-14 20:37 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2013-03-14 20:31 . 2013-03-14 20:31 19864064 ----a-w- c:\windows\SysWow64\atioglxx.dll

2013-03-14 20:21 . 2013-03-14 20:21 442368 ----a-w- c:\windows\system32\atidemgy.dll

2013-03-14 20:21 . 2013-03-14 20:21 561152 ----a-w- c:\windows\system32\atieclxx.exe

2013-03-14 20:20 . 2013-03-14 20:20 240640 ----a-w- c:\windows\system32\atiesrxx.exe

2013-03-14 20:19 . 2013-03-14 20:19 120320 ----a-w- c:\windows\system32\atitmm64.dll

2013-03-14 20:19 . 2013-03-14 20:19 25600 ----a-w- c:\windows\system32\atimuixx.dll

2013-03-14 20:19 . 2013-03-14 20:19 59392 ----a-w- c:\windows\system32\atiedu64.dll

2013-03-14 20:18 . 2013-03-14 20:18 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2013-03-14 19:56 . 2013-03-14 19:56 630272 ----a-w- c:\windows\system32\atiadlxx.dll

2013-03-14 19:56 . 2013-03-14 19:56 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2013-03-14 19:56 . 2013-03-14 19:56 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2013-03-14 19:56 . 2013-03-14 19:56 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2013-03-14 19:56 . 2013-03-14 19:56 44032 ----a-w- c:\windows\system32\atig6txx.dll

2013-03-14 19:55 . 2013-03-14 19:55 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2013-03-14 19:51 . 2013-03-14 19:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2013-03-10 13:35 . 2013-03-10 13:35 -------- d-----w- c:\users\AXEREBELION\AppData\Roaming\dvdcss

2013-03-09 11:44 . 2013-03-09 11:44 -------- d-----w- c:\users\AXEREBELION\AppData\Local\EA Games

2013-03-08 17:48 . 2013-03-08 17:48 -------- d-----w- c:\users\AXEREBELION\AppData\Local\Targem

2013-03-08 16:39 . 2013-03-08 16:39 556192 ----a-w- c:\windows\SysWow64\phatk121016Bartsv2w128l4.bin

2013-03-07 20:13 . 2013-03-07 20:13 -------- d-----w- c:\users\AXEREBELION\AppData\Roaming\AdobeUpdater

2013-03-07 20:13 . 2013-03-07 20:23 -------- d-----w- C:\Temp

2013-03-06 18:16 . 2013-03-06 18:16 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-03 18:34 . 2013-03-03 18:34 -------- d-----w- c:\users\AXEREBELION\AppData\Local\Funcom

2013-03-03 13:25 . 2013-03-03 13:25 -------- d-----w- c:\users\AXEREBELION\AppData\Roaming\Fatshark

2013-02-28 21:53 . 2013-02-28 21:53 -------- d-----w- c:\users\AXEREBELION\AppData\Local\CrashRpt

2013-02-28 21:53 . 2013-02-28 21:53 -------- d-----w- c:\users\AXEREBELION\AppData\Local\Arktos

2013-02-28 18:02 . 2013-02-28 18:02 -------- d-----w- c:\program files\iPod

2013-02-28 18:02 . 2013-02-28 18:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-28 18:02 . 2013-02-28 18:02 -------- d-----w- c:\program files\iTunes

2013-02-24 19:42 . 2013-02-28 17:39 -------- d-----w- c:\programdata\IPProtector

2013-02-24 19:41 . 2013-02-24 19:41 458056 ----a-w- c:\windows\SysWow64\wodVPN.ocx

2013-02-24 19:41 . 2013-02-24 19:41 420680 ----a-w- c:\windows\SysWow64\wodVPN.dll

2013-02-24 19:41 . 2013-02-24 19:41 -------- d-----w- c:\windows\SysWow64\Driver

2013-02-24 19:41 . 2013-02-24 19:41 27160 ----a-w- c:\windows\system32\drivers\PPFlt.sys

2013-02-24 18:50 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-24 18:50 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-24 18:40 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-24 18:40 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-24 18:40 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-24 18:40 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-24 18:40 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-24 18:40 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-24 18:40 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-24 18:40 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-24 18:40 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-24 18:40 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-24 18:40 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-24 18:40 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-14 21:19 . 2011-01-26 22:12 139696 ----a-w- c:\windows\system32\atiuxp64.dll

2013-03-14 21:19 . 2011-01-26 22:59 1150120 ----a-w- c:\windows\system32\aticfx64.dll

2013-03-14 21:19 . 2011-01-26 22:40 8271088 ----a-w- c:\windows\system32\atidxx64.dll

2013-03-14 21:19 . 2013-01-29 20:59 4474984 ----a-w- c:\windows\SysWow64\atiumdva.dll

2013-03-14 20:47 . 2013-01-29 20:28 77312 ----a-w- c:\windows\system32\coinst_12.10.17.dll

2013-03-14 19:56 . 2013-01-29 19:38 425984 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2013-03-14 19:56 . 2013-01-29 19:38 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll

2013-03-12 19:55 . 2012-10-22 16:33 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-12 19:55 . 2012-10-22 16:33 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-10 10:22 . 2012-10-17 01:33 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2013-03-06 18:16 . 2012-10-21 22:39 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-06 18:16 . 2012-10-21 22:39 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-25 21:48 . 2013-02-03 18:37 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-02-25 21:48 . 2012-10-17 16:22 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-02-25 21:46 . 2012-10-17 01:33 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-02-04 21:49 . 2012-10-16 22:34 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-01-29 14:42 . 2013-01-29 14:42 222720 ----a-w- c:\windows\system32\clinfo.exe

2013-01-29 14:42 . 2013-01-29 14:42 76288 ----a-w- c:\windows\system32\OpenVideo64.dll

2013-01-29 14:42 . 2013-01-29 14:42 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2013-01-29 14:42 . 2013-01-29 14:42 64000 ----a-w- c:\windows\system32\OVDecode64.dll

2013-01-29 14:42 . 2013-01-29 14:42 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2013-01-29 14:42 . 2013-01-29 14:42 29150208 ----a-w- c:\windows\system32\amdocl64.dll

2013-01-29 14:40 . 2013-01-29 14:40 23810048 ----a-w- c:\windows\SysWow64\amdocl.dll

2013-01-29 14:38 . 2013-01-29 14:38 54784 ----a-w- c:\windows\system32\OpenCL.dll

2013-01-29 14:38 . 2013-01-29 14:38 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-01-29 14:32 . 2013-01-29 14:32 5067264 ----a-w- c:\windows\system32\amdsc64.dll

2013-01-29 14:32 . 2013-01-29 14:32 4083200 ----a-w- c:\windows\SysWow64\amdsc.dll

2013-01-15 10:11 . 2013-01-15 10:11 96768 ----a-w- c:\windows\system32\drivers\AtihdW76.sys

2013-01-15 10:11 . 2013-01-15 10:11 110080 ----a-w- c:\windows\system32\DelayAPO.dll

2013-01-07 18:39 . 2013-01-07 18:39 3168594 ----a-w- c:\windows\system32\mf.dll

2013-01-04 04:43 . 2013-02-24 18:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files (x86)\uTorrentBar_FR\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_FR\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}"= "c:\program files (x86)\uTorrentBar_FR\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"ControlCenterCount"="d:\program files (x86)\MSI\ControlCenter\ControlCenterCount.exe" [2012-03-26 872448]

"Super-Charger"="d:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-07-27 495616]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-11 104408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="d:\program files (x86)\ITUNES\iTunesHelper.exe" [2013-02-20 152392]

"Adobe"="c:\users\AXEREBELION\AppData\Roaming\AdobeUpdater\color.vbe" [2013-02-03 69759]

"Live Update 5"="d:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-14 642656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe [x]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]

R3 JamVOXUSBAudioSrv;CEntrance USB Audio Driver Service for JamVOX;c:\windows\system32\drivers\jamvox.sys [x]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;d:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]

R3 NTIOLib_1_0_2;NTIOLib_1_0_2;d:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-02-14 13328]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;d:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]

R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7693v1B0\NTIOLib_X64.sys [2011-01-06 11888]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16640]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 ttdmx6fire;ttdmx6fire;c:\windows\system32\DRIVERS\ttdmx6fire_x64.sys [2011-03-28 438880]

R3 ttdmx6fireks;ttdmx6fireks;c:\windows\system32\DRIVERS\ttdmx6fireks_x64.sys [2011-03-28 64096]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-17 283200]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-14 240640]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-03-14 361984]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 MSI_SuperCharger;MSI_SuperCharger;d:\program files (x86)\MSI\Super-Charger\ChargeService.exe [2012-06-29 136704]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-11-11 583640]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-01-15 96768]

S3 ipadtst;ipadtst;d:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [2012-07-27 19000]

S3 NTIOLib_1_0_3;NTIOLib_1_0_3;d:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-01-18 14136]

S3 PrivacyProtectorMP;PrivacyProtectorMP;c:\windows\system32\DRIVERS\PPFlt.sys [2013-02-24 27160]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

.

--- Autres Services/Pilotes en mémoire ---

.

*NewlyCreated* - NTIOLIB_1_0_3

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-15 07:12 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe

.

Contenu du dossier 'Tâches planifiées'

.

2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 19:55]

.

2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24 19:02]

.

2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24 19:02]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-06-24 7233640]

.

------- Examen supplémentaire -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{C6DCB049-7930-4A5A-9799-7B4993C27768}: NameServer = 8.8.8.8,8.8.4.4

.

- - - - ORPHELINS SUPPRIMES - - - -

.

Wow6432Node-HKLM-Run-RiccoVPN - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1 - d:\program files (x86)\GridinSoft Trojan Killer\unins000.exe

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Autres processus actifs ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Heure de fin: 2013-03-19 19:53:17 - La machine a redémarré

ComboFix-quarantined-files.txt 2013-03-19 18:53

.

Avant-CF: 21 170 429 952 octets libres

Après-CF: 34 897 895 424 octets libres

.

- - End Of File - - 44FD7AC235D49E1A59CA5B227EF79BAD

Connexion

Pas encore inscrit ?

Compte rendu ComboFix

Messages recommandés

axerebelion

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer