API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 30th, 2012
531
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 37.59 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-08-30.04 - FLORENT1 30/08/2012 21:46:55.1.2 - x64
  2. Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.4094.2106 [GMT 2:00]
  3. Lancé depuis: c:\users\FLORENT1\Desktop\bobcat.exe
  4. .
  5. .
  6. (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
  7. .
  8. .
  9. C:\SHavij.exe
  10. c:\users\Administrateur\AppData\Roaming\Administrateur3SQLite3.dll
  11. c:\users\Administrateur\AppData\Roaming\app
  12. c:\users\Administrateur\AppData\Roaming\app\Jerakine_lang.dat
  13. c:\users\Administrateur\AppData\Roaming\app\Jerakine_lang_vesrion.dat
  14. c:\users\Administrateur\AppData\Roaming\dRVMuhqCzN.txt
  15. c:\users\Administrateur\AppData\Roaming\system32
  16. c:\users\Administrateur\AppData\Roaming\winlog
  17. c:\users\FLORENT1\AppData\Local\{125b1625-75a2-8407-1276-25edb574e7dd}
  18. c:\users\FLORENT1\AppData\Local\{125b1625-75a2-8407-1276-25edb574e7dd}\@
  19. c:\users\FLORENT1\AppData\Local\{125b1625-75a2-8407-1276-25edb574e7dd}\n
  20. c:\users\FLORENT1\AppData\Roaming\app
  21. c:\users\FLORENT1\AppData\Roaming\app\Jerakine_lang.dat
  22. c:\users\FLORENT1\AppData\Roaming\app\Jerakine_lang_vesrion.dat
  23. c:\users\FLORENT1\AppData\Roaming\crefr.dll
  24. c:\users\FLORENT1\AppData\Roaming\FLORENT1log.dat
  25. c:\users\FLORENT1\AppData\Roaming\Microsoft\~DFK24797d49.tmp
  26. c:\users\FLORENT1\AppData\Roaming\Microsoft\1eaadjc.dll
  27. c:\users\FLORENT1\AppData\Roaming\Microsoft\bass.dll
  28. c:\users\FLORENT1\AppData\Roaming\Microsoft\engine_vx.dll
  29. c:\users\FLORENT1\AppData\Roaming\Microsoft\kfgresk.dll
  30. c:\users\FLORENT1\AppData\Roaming\Microsoft\peaadje.dll
  31. c:\users\FLORENT1\AppData\Roaming\Microsoft\qwadjb.dll
  32. c:\users\FLORENT1\AppData\Roaming\Microsoft\rsaadjd.dll
  33. c:\users\FLORENT1\AppData\Roaming\SQLite3.dll
  34. c:\users\FLORENT1\Desktop\Internet Explorer.lnk
  35. c:\users\FLORENT1\videos\googleupdatesetup.exe
  36. c:\windows\Install
  37. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}
  38. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}\@
  39. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}\L\00000004.@
  40. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}\L\201d3dde
  41. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}\n
  42. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}\U\00000004.@
  43. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}\U\00000008.@
  44. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}\U\000000cb.@
  45. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}\U\80000000.@
  46. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}\U\80000032.@
  47. c:\windows\Installer\{125b1625-75a2-8407-1276-25edb574e7dd}\U\80000064.@
  48. c:\windows\RazorDOX
  49. c:\windows\RazorDOX\RazorDOX.dll
  50. c:\windows\RazorDOX\RazorDOX.ini
  51. c:\windows\SysWow64\bin
  52. c:\windows\SysWow64\bin\libeay32.dll
  53. c:\windows\SysWow64\bin\openssl.exe
  54. c:\windows\SysWow64\bin\ssleay32.dll
  55. c:\windows\SysWow64\install
  56. c:\windows\SysWow64\Packet.dll
  57. c:\windows\SysWow64\pthreadVC.dll
  58. c:\windows\SysWow64\winbooter
  59. c:\windows\SysWow64\wpcap.dll
  60. c:\windows\usgwmt
  61. c:\windows\usgwmt\BReWErS.dll
  62. C:\Windupdt
  63. .
  64. c:\windows\system32\services.exe . . . est infecté!!
  65. .
  66. .
  67. ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  68. .
  69. .
  70. -------\Legacy_NPF
  71. -------\Service_npf
  72. .
  73. .
  74. ((((((((((((((((((((((((((((( Fichiers créés du 2012-07-28 au 2012-08-30 ))))))))))))))))))))))))))))))))))))
  75. .
  76. .
  77. 2012-08-30 19:58 . 2012-08-30 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
  78. 2012-08-30 19:58 . 2012-08-30 19:58 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
  79. 2012-08-22 21:14 . 2012-08-22 21:14 -------- d-----w- c:\windows\SysWow64\Hotspot Shield
  80. 2012-08-22 20:00 . 2012-08-22 20:00 -------- d-----w- c:\program files (x86)\SProtector
  81. 2012-08-13 11:35 . 2012-08-13 11:35 5115584 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
  82. 2012-08-09 22:14 . 2002-01-05 05:48 974848 ----a-w- c:\windows\SysWow64\mfc70.dll
  83. 2012-08-09 22:14 . 2002-01-05 04:40 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
  84. 2012-08-09 22:08 . 2012-08-09 22:15 -------- d-----w- c:\program files (x86)\Game Cam
  85. 2012-08-09 22:07 . 2000-01-04 04:39 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
  86. 2012-08-09 21:48 . 2012-02-29 18:39 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
  87. 2012-08-09 21:48 . 2012-02-29 18:39 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
  88. 2012-08-09 21:48 . 2012-08-09 21:48 -------- d-----w- c:\users\FLORENT1\AppData\Roaming\Apowersoft
  89. 2012-08-09 21:48 . 2012-02-29 18:39 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
  90. 2012-08-09 21:48 . 2012-02-29 18:39 362232 ----a-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
  91. 2012-08-09 21:48 . 2012-02-29 18:39 231672 ----a-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
  92. 2012-08-09 21:48 . 2012-02-29 18:39 574200 ----a-w- c:\windows\system32\BytescoutScreenCapturing.dll
  93. 2012-08-09 21:48 . 2010-12-24 09:43 29288 ----a-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
  94. 2012-08-09 21:48 . 2008-09-23 17:23 65536 ---ha-w- c:\windows\SysWow64\WebCamLib.dll
  95. 2012-08-09 21:48 . 2012-08-09 21:48 -------- d-----w- c:\program files (x86)\Apowersoft
  96. 2012-08-09 13:10 . 2012-08-09 13:11 -------- d-----w- c:\users\FLORENT1\AppData\Local\CRE
  97. 2012-08-05 17:45 . 2012-08-05 17:45 -------- d-----w- c:\users\FLORENT1\Podcasts
  98. 2012-08-05 17:39 . 2012-08-05 17:39 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
  99. 2012-08-05 17:38 . 2012-08-05 17:39 -------- d-----w- c:\programdata\Sony Corporation
  100. 2012-08-05 17:37 . 2012-08-05 17:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  101. 2012-08-05 17:37 . 2012-08-05 17:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  102. 2012-08-05 17:37 . 2012-08-05 17:37 -------- d-----w- c:\windows\system32\Macromed
  103. 2012-08-05 17:36 . 2012-08-05 17:38 -------- d-----w- c:\program files (x86)\Sony Media Go Install
  104. 2012-08-04 15:06 . 2012-08-04 15:06 -------- d-----w- c:\windows\fr
  105. 2012-08-04 14:56 . 2012-08-04 14:56 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6053a3c31cd725101\DXSETUP.exe
  106. 2012-08-04 14:56 . 2012-08-04 14:56 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6053a3c31cd725101\DSETUP.dll
  107. 2012-08-04 14:56 . 2012-08-04 14:56 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6053a3c31cd725101\dsetup32.dll
  108. 2012-08-04 01:22 . 2012-08-04 01:22 -------- d-----w- c:\users\FLORENT1\AppData\Roaming\MaskMyIP
  109. 2012-08-04 01:22 . 2012-08-04 01:22 -------- d-----w- c:\programdata\MaskMyIP
  110. 2012-08-04 01:18 . 2012-08-04 01:18 -------- d-----w- c:\program files (x86)\Ask.com
  111. 2012-08-04 01:17 . 2012-08-04 01:17 -------- d-----w- c:\users\FLORENT1\AppData\Local\APN
  112. 2012-08-04 01:17 . 2012-08-04 01:17 -------- d-----w- c:\program files (x86)\MaskMyIP
  113. 2012-08-01 18:13 . 2012-08-01 18:13 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
  114. 2012-08-01 18:13 . 2012-08-01 18:13 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
  115. .
  116. .
  117. .
  118. (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
  119. .
  120. 2012-08-30 20:07 . 2011-07-21 09:09 30528 ----a-w- c:\windows\GVTDrv64.sys
  121. 2012-08-30 20:07 . 2010-07-23 03:53 25640 ----a-w- c:\windows\gdrv.sys
  122. 2012-07-13 12:08 . 2012-07-31 15:16 504136 ----a-w- c:\windows\system32\EasyRedirect64.dll
  123. 2012-07-13 12:08 . 2012-07-31 15:16 364360 ----a-w- c:\windows\SysWow64\EasyRedirect.dll
  124. 2012-06-02 22:19 . 2012-06-22 12:21 38424 ----a-w- c:\windows\system32\wups.dll
  125. 2012-06-02 22:19 . 2012-06-22 12:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
  126. 2012-06-02 22:19 . 2012-06-22 12:22 44056 ----a-w- c:\windows\system32\wups2.dll
  127. 2012-06-02 22:19 . 2012-06-22 12:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
  128. 2012-06-02 22:19 . 2012-06-22 12:21 701976 ----a-w- c:\windows\system32\wuapi.dll
  129. 2012-06-02 22:15 . 2012-06-22 12:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
  130. 2012-06-02 22:15 . 2012-06-22 12:21 99840 ----a-w- c:\windows\system32\wudriver.dll
  131. 2012-06-02 13:19 . 2012-06-22 12:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
  132. 2012-06-02 13:15 . 2012-06-22 12:20 36864 ----a-w- c:\windows\system32\wuapp.exe
  133. 2010-11-18 01:43 . 2010-11-29 17:56 765485 ----a-w- c:\program files (x86)\BOLoader.exe
  134. .
  135. .
  136. ------- Sigcheck -------
  137. Note: Unsigned files aren't necessarily malware.
  138. .
  139. [7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
  140. [-] 2009-07-14 . 014A9CB92514E27C0107614DF764BC06 . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
  141. .
  142. ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
  143. .
  144. .
  145. *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
  146. REGEDIT4
  147. .
  148. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  149. "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
  150. "{84FF7BD6-B47F-46F8-9130-01B2696B36CB}"= "c:\program files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll" [2010-07-09 111608]
  151. "{d0b1518e-3e45-4d16-a23b-4d90ef938e44}"= "c:\program files (x86)\Audacity-tools\tbAuda.dll" [2010-05-20 2675296]
  152. .
  153. [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
  154. .
  155. [HKEY_CLASSES_ROOT\clsid\{84ff7bd6-b47f-46f8-9130-01b2696b36cb}]
  156. [HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO.1]
  157. [HKEY_CLASSES_ROOT\TypeLib\{59E6E159-57CC-4DA5-8700-2AD17DC31DD1}]
  158. [HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO]
  159. .
  160. [HKEY_CLASSES_ROOT\clsid\{d0b1518e-3e45-4d16-a23b-4d90ef938e44}]
  161. .
  162. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
  163. 2010-07-09 14:21 111608 ----a-w- c:\program files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
  164. .
  165. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d0b1518e-3e45-4d16-a23b-4d90ef938e44}]
  166. 2010-05-20 13:35 2675296 ----a-w- c:\program files (x86)\Audacity-tools\tbAuda.dll
  167. .
  168. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  169. 2012-06-06 19:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
  170. .
  171. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
  172. "{d0b1518e-3e45-4d16-a23b-4d90ef938e44}"= "c:\program files (x86)\Audacity-tools\tbAuda.dll" [2010-05-20 2675296]
  173. "{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\program files (x86)\iSquint 1.5.2\mybarnsrCD7F.tmp\tbcore3.dll" [2011-09-20 2662216]
  174. "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
  175. .
  176. [HKEY_CLASSES_ROOT\clsid\{d0b1518e-3e45-4d16-a23b-4d90ef938e44}]
  177. .
  178. [HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
  179. [HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
  180. [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
  181. [HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
  182. .
  183. [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  184. [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  185. [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  186. [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  187. .
  188. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  189. "OrangePlayer"="c:\program files (x86)\Orange\Media Player\Media Player.exe" [2009-02-16 319488]
  190. "Spotify Web Helper"="c:\users\FLORENT1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-15 1193176]
  191. "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-05 39408]
  192. .
  193. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
  194. "EasyTuneVI"="c:\program files (x86)\Gigabyte\ET6\ETCall.exe" [2007-07-26 20480]
  195. .
  196. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  197. "OrangePlayer"="c:\program files (x86)\Orange\Media Player\Media Player.exe" [2009-02-16 319488]
  198. .
  199. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  200. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  201. "ConsentPromptBehaviorUser"= 3 (0x3)
  202. "EnableLUA"= 0 (0x0)
  203. "EnableUIADesktopToggle"= 0 (0x0)
  204. "PromptOnSecureDesktop"= 0 (0x0)
  205. .
  206. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
  207. "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
  208. .
  209. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  210. BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0lsdelete
  211. .
  212. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  213. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  214. .
  215. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
  216. @="Service"
  217. .
  218. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
  219. @="Service"
  220. .
  221. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
  222. @="Service"
  223. .
  224. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  225. R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
  226. R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
  227. R2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL -D C:/METASP~1/POSTGR~1/data [x]
  228. R2 metasploitProSvc;Metasploit Pro Service;c:\metasp~1\ruby\bin\rubyw.exe [x]
  229. R2 metasploitThin;Metasploit Thin Service;c:\metasp~1\ruby\bin\rubyw.exe [x]
  230. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
  231. R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 257224]
  232. R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
  233. R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files (x86)\Astrill\ASOvpnSvc.exe [2011-11-13 434928]
  234. R3 ASProxy;ASProxy;c:\program files (x86)\Astrill\ASProxy.exe [2011-11-11 1928616]
  235. R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
  236. R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
  237. R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
  238. R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2010-04-01 21608]
  239. R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-02 16640]
  240. R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-27 25640]
  241. R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
  242. R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
  243. R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-08-30 30528]
  244. R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-04-29 76696]
  245. R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
  246. R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
  247. R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]
  248. R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
  249. R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]
  250. R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
  251. R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-18 113120]
  252. R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
  253. R3 netr7364;Pilote de carte LAN sans fil USB RT73 pour Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
  254. R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
  255. R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
  256. R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
  257. R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
  258. R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-07-14 19952]
  259. R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 450048]
  260. R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
  261. R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
  262. R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
  263. R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
  264. R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
  265. R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
  266. R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-03-23 30720]
  267. R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-01-12 35112]
  268. R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 22120]
  269. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
  270. R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
  271. R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1255736]
  272. R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
  273. R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-07-05 2428968]
  274. R4 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
  275. R4 Dyn Updater;Dyn Updater;c:\program files (x86)\Dyn Updater\DynUpSvc.exe [2011-09-06 95608]
  276. R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]
  277. R4 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe [2010-07-06 3039536]
  278. R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-26 2152720]
  279. R4 maconfservice;Ma-Config Service;c:\program files (x86)\ma-config.com\maconfservice.exe [2011-07-03 311416]
  280. R4 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-29 19720]
  281. R4 MSR Service;Virtual Disk Service Manager;c:\program files (x86)\Clarus\Samsung SecretZone\MSSvc.exe [2009-05-12 102400]
  282. R4 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-03-23 24064]
  283. R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
  284. R4 S3D Service (Win32);S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-03-18 360960]
  285. R4 S3D Service (Win64);S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-03-18 614400]
  286. R4 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
  287. R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
  288. R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
  289. R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
  290. R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
  291. R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
  292. R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 716024]
  293. R4 VhdAttach;VHD Attach;c:\program files\Josip Medved\VHD Attach\VhdAttachService.exe [2010-11-08 152064]
  294. R4 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
  295. S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
  296. S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
  297. S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 574216]
  298. S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 43248]
  299. S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-08-01 41704]
  300. S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
  301. S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [2011-01-26 26728]
  302. S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2010-06-15 32872]
  303. S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
  304. S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
  305. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-19 202752]
  306. S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
  307. S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
  308. S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]
  309. S2 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
  310. S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-04-29 78992]
  311. S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
  312. S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048]
  313. S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
  314. S2 SensticPocketService;Senstic Pocket Service;c:\program files (x86)\Senstic\PocketControl\\SensticPocketServiceWin.exe [2012-02-19 141680]
  315. S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
  316. S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
  317. S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
  318. S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
  319. S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
  320. S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
  321. S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
  322. S3 avshws;Senstic PocketCam;c:\windows\system32\DRIVERS\camsource64.sys [2012-02-19 31560]
  323. S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
  324. S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-08-14 82816]
  325. S3 PocketAudio;Senstic PocketAudio (WDM);c:\windows\system32\drivers\senaudio64.sys [2012-02-19 37192]
  326. S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-04-06 27160]
  327. S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 760168]
  328. S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 268648]
  329. S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 25960]
  330. S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 22376]
  331. S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
  332. .
  333. .
  334. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
  335. hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
  336. Akamai REG_MULTI_SZ Akamai
  337. .
  338. Contenu du dossier 'Tâches planifiées'
  339. .
  340. 2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
  341. - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 17:37]
  342. .
  343. 2012-08-30 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
  344. - c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-02-04 14:46]
  345. .
  346. 2012-08-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4042182855-3482161552-1276249374-1000Core.job
  347. - c:\users\FLORENT1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-21 20:49]
  348. .
  349. 2012-08-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4042182855-3482161552-1276249374-1000UA.job
  350. - c:\users\FLORENT1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-21 20:49]
  351. .
  352. 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  353. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 15:17]
  354. .
  355. 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  356. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 15:17]
  357. .
  358. 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4042182855-3482161552-1276249374-1000Core.job
  359. - c:\users\FLORENT1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 18:41]
  360. .
  361. 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4042182855-3482161552-1276249374-1000UA.job
  362. - c:\users\FLORENT1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 18:41]
  363. .
  364. 2012-08-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
  365. - c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-02-04 14:46]
  366. .
  367. 2012-08-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
  368. - c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2012-02-04 14:46]
  369. .
  370. .
  371. --------- X64 Entries -----------
  372. .
  373. .
  374. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
  375. .
  376. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  377. "combofix"="c:\bobcat\CF17957.3XE" [2009-07-14 344576]
  378. .
  379. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  380. "LoadAppInit_DLLs"=0x1
  381. "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
  382. .
  383. ------- Examen supplémentaire -------
  384. .
  385. uLocal Page = c:\windows\system32\blank.htm
  386. uStart Page = hxxp://fr.ask.com/?l=dis&o=102875&gct=hp
  387. mLocal Page = c:\windows\system32\blank.htm
  388. IE: &Envoyer à OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
  389. IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
  390. IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
  391. IE: Liens de téléchargement avec Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm
  392. IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
  393. IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files (x86)\iSquint 1.5.2\mybarnsrCD7F.tmp\tbcore3.dll
  394. LSP: %SystemRoot%\system32\vsocklib.dll
  395. Trusted Zone: orange.fr\logicielsgratuits
  396. TCP: Interfaces\{01D3EE9B-D806-45E0-9378-662EC57AB475}: NameServer = 192.168.1.23,192.168.1.1
  397. TCP: Interfaces\{5F480A59-F683-436C-AFBF-68AA4E5CEF93}: DhcpNameServer = 192.168.237.1
  398. Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  399. DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://emagic2.homelinux.com:8090/img/NetCamPlayerWeb11g.ocx
  400. DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_9418.cab
  401. DPF: {E1B26101-23FB-4855-9171-F79F29CC7728} - hxxp://192.168.1.27:8090/UltraCamX.cab
  402. DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.opticiens-atol.com/pages/collections/adriana/total-immersion/plugin/DFusionHomeWebPlugIn.InstallerFull.exe
  403. FF - ProfilePath - c:\users\FLORENT1\AppData\Roaming\Mozilla\Firefox\Profiles\ts4bl84k.default\
  404. FF - prefs.js: browser.search.defaulturl - hxxp://search.gboxapp.com/?q=
  405. FF - prefs.js: browser.search.selectedEngine - GadgetBox
  406. FF - prefs.js: browser.startup.homepage - hxxp://fr.ask.com/?l=dis&o=102875&gct=hp
  407. FF - user.js: keyword.URL - hxxp://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
  408. .
  409. - - - - ORPHELINS SUPPRIMES - - - -
  410. .
  411. BHO-{3E1CE522-F41D-97B3-EF01-61B8051DEC6A} - c:\programdata\Bcool\bhoclass.dll
  412. BHO-{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C} - c:\program files (x86)\Facecons\facecons.dll
  413. Toolbar-Locked - (no file)
  414. Toolbar-10 - (no file)
  415. Wow6432Node-HKLM-Run-XSECVA - c:\users\FLORENT1\AppData\Roaming\xsecva\xsecva.exe
  416. Notify-SDWinLogon - SDWinLogon.dll
  417. SafeBoot-MsMpSvc
  418. HKLM_Wow6432Node-ActiveSetup-{5FFEF4DD-DEEC-AEF6-ACCD-5EA8FB1CDE27} - c:\users\FLORENT1\AppData\Roaming\scvhost.exe
  419. HKLM_Wow6432Node-ActiveSetup-{C99BCCDA-F0EC-8310-AEEF-EA92FBBCDEAB} - c:\users\Pirato\AppData\Roaming\serpentus.exe
  420. HKLM_Wow6432Node-ActiveSetup-{FAE2FBFE-CFBF-BEEB-0EAC-9A5E5BDBB5B0} - c:\users\FLORENT1\AppData\Roaming\local.exe
  421. BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
  422. Toolbar-10 - (no file)
  423. WebBrowser-{D0B1518E-3E45-4D16-A23B-4D90EF938E44} - (no file)
  424. HKLM-Run-crefr - c:\users\FLORENT1\AppData\Roaming\crefr.dll
  425. AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
  426. AddRemove-FIFA 12 (c) EA_is1 - c:\program files (x86)\FIFA 12\unins000.exe
  427. AddRemove-IPCameraDSFilter - c:\program files (x86)\wLite\ipds-uninst.exe
  428. AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
  429. AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
  430. AddRemove-{4B7IL77L-LKS1-75B1-CODMW3-18CD6E6334R1}_is1 - c:\program files (x86)\Black_Box\Call of Duty Modern Warfare 3\unins000.exe
  431. AddRemove-{75D84EF7-0D8C-4e70-MAXP3-7B42A5D4E0EB}_is1 - c:\program files (x86)\Black_Box\Max Payne 3\unins000.exe
  432. .
  433. .
  434. .
  435. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\metasploitPostgreSQL]
  436. "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""
  437. .
  438. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
  439. "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
  440. .
  441. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\metasploitPostgreSQL]
  442. "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""
  443. .
  444. --------------------- CLES DE REGISTRE BLOQUEES ---------------------
  445. .
  446. [HKEY_USERS\S-1-5-21-4042182855-3482161552-1276249374-1000\Software\SecuROM\License information*]
  447. "datasecu"=hex:99,fe,0a,2d,1b,10,23,60,cf,d9,97,ab,a6,7a,b6,12,0d,39,ea,3e,70,
  448. c7,26,d8,a2,62,f1,6a,50,4a,55,c0,f2,c0,61,95,f2,8f,0e,11,b1,6b,3f,01,76,3e,\
  449. "rkeysecu"=hex:d0,04,7d,84,0c,cf,e4,38,71,59,57,ef,5e,99,be,7d
  450. .
  451. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  452. @Denied: (A 2) (Everyone)
  453. @="FlashBroker"
  454. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
  455. .
  456. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  457. "Enabled"=dword:00000001
  458. .
  459. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  460. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
  461. .
  462. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  463. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  464. .
  465. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  466. @Denied: (A 2) (Everyone)
  467. @="Shockwave Flash Object"
  468. .
  469. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  470. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
  471. "ThreadingModel"="Apartment"
  472. .
  473. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  474. @="0"
  475. .
  476. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  477. @="ShockwaveFlash.ShockwaveFlash.11"
  478. .
  479. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  480. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
  481. .
  482. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  483. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  484. .
  485. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  486. @="1.0"
  487. .
  488. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  489. @="ShockwaveFlash.ShockwaveFlash"
  490. .
  491. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  492. @Denied: (A 2) (Everyone)
  493. @="Macromedia Flash Factory Object"
  494. .
  495. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  496. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
  497. "ThreadingModel"="Apartment"
  498. .
  499. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  500. @="FlashFactory.FlashFactory.1"
  501. .
  502. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  503. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
  504. .
  505. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  506. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  507. .
  508. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  509. @="1.0"
  510. .
  511. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  512. @="FlashFactory.FlashFactory"
  513. .
  514. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  515. @Denied: (A 2) (Everyone)
  516. @="IFlashBroker4"
  517. .
  518. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  519. @="{00020424-0000-0000-C000-000000000046}"
  520. .
  521. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  522. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  523. "Version"="1.0"
  524. .
  525. [HKEY_LOCAL_MACHINE\software\McAfee]
  526. "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  527. 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
  528. .
  529. [HKEY_LOCAL_MACHINE\software\Network Associates]
  530. "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  531. 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
  532. .
  533. [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  534. @Denied: (A) (Everyone)
  535. "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
  536. .
  537. [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  538. @Denied: (A) (Everyone)
  539. .
  540. [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  541. "Key"="ActionsPane3"
  542. "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
  543. .
  544. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  545. @Denied: (A) (Users)
  546. @Denied: (A) (Everyone)
  547. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  548. "BlindDial"=dword:00000000
  549. .
  550. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  551. @Denied: (A) (Users)
  552. @Denied: (A) (Everyone)
  553. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  554. "BlindDial"=dword:00000000
  555. .
  556. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  557. @Denied: (Full) (Everyone)
  558. .
  559. ------------------------ Autres processus actifs ------------------------
  560. .
  561. c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
  562. c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
  563. c:\windows\SysWOW64\PnkBstrA.exe
  564. c:\program files (x86)\Senstic\PocketControl\SensticPocketServiceWin.exe
  565. c:\windows\SysWOW64\vmnat.exe
  566. c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
  567. c:\windows\SysWOW64\vmnetdhcp.exe
  568. c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
  569. .
  570. **************************************************************************
  571. .
  572. Heure de fin: 2012-08-30 22:17:34 - La machine a redémarré
  573. ComboFix-quarantined-files.txt 2012-08-30 20:17
  574. .
  575. Avant-CF: 36 061 868 032 octets libres
  576. Après-CF: 100 882 702 336 octets libres
  577. .
  578. - - End Of File - - C16F9FD6F6833E48A75EE2B24D586F1A
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!