API tools faq
paste
Advertisement
Guest User

ComboFix

a guest
Jul 12th, 2012
56
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.33 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-07-11.03 - Gurvan 12/07/2012 12:45:15.1.4 - x64
  2. Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.8190.6374 [GMT 2:00]
  3. Lancé depuis: c:\users\Gurvan\Downloads\AntiBackdoor.exe
  4. AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
  5. SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
  6. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. .
  8. .
  9. (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
  10. .
  11. .
  12. c:\users\Gurvan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7E266E91-CCE1-4EB3-A620-2C6A6E303806}.xps
  13. c:\users\Gurvan\AppData\Local\Temp\svchost.exe
  14. c:\users\Gurvan\AppData\Roaming\3K30KTHSP8XHLVJava Update.exe
  15. c:\users\Gurvan\AppData\Roaming\app
  16. c:\users\Gurvan\AppData\Roaming\app\Jerakine_lang.dat
  17. c:\users\Gurvan\AppData\Roaming\app\Jerakine_lang_vesrion.dat
  18. c:\users\Gurvan\AppData\Roaming\DFH0086Java Update 5.exe
  19. c:\users\Gurvan\AppData\Roaming\dxsBAc7zjr.exe
  20. c:\users\Gurvan\AppData\Roaming\E6I39Java D.exe
  21. c:\users\Gurvan\AppData\Roaming\n4iaY.exe
  22. E:\Autorun.inf
  23. .
  24. .
  25. ((((((((((((((((((((((((((((( Fichiers créés du 2012-06-12 au 2012-07-12 ))))))))))))))))))))))))))))))))))))
  26. .
  27. .
  28. 2012-07-12 10:56 . 2012-07-12 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
  29. 2012-07-12 10:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B824AB5-781D-4CB0-99D9-5395DB5EE0C2}\mpengine.dll
  30. 2012-07-12 00:53 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
  31. 2012-07-12 00:24 . 2012-07-12 00:25 -------- d-----w- C:\rei
  32. 2012-07-12 00:24 . 2012-07-12 00:24 -------- d-----w- c:\program files\Reimage
  33. 2012-07-12 00:24 . 2012-07-12 00:24 -------- d-----w- c:\program files (x86)\ReImageCompanion
  34. 2012-07-11 23:52 . 2012-07-11 23:52 -------- d-----w- c:\programdata\RegCure
  35. 2012-07-11 23:52 . 2012-07-11 23:54 -------- d-----w- c:\program files (x86)\RegCure
  36. 2012-07-11 23:28 . 2012-07-11 23:28 -------- d-----w- C:\VundoFix Backups
  37. 2012-07-11 22:09 . 2012-07-11 22:09 -------- d-----w- c:\users\Gurvan\AppData\Roaming\SUPERAntiSpyware.com
  38. 2012-07-11 22:09 . 2012-07-11 22:09 -------- d-----w- c:\program files\SUPERAntiSpyware
  39. 2012-07-11 22:09 . 2012-07-11 22:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
  40. 2012-07-11 11:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
  41. 2012-07-11 11:20 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
  42. 2012-07-11 11:20 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
  43. 2012-07-11 11:20 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
  44. 2012-07-11 11:20 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
  45. 2012-07-11 11:20 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
  46. 2012-07-09 22:27 . 2012-07-09 22:27 -------- d-----w- C:\Ace of Spades
  47. 2012-07-07 11:31 . 2012-07-11 23:30 -------- d-----w- c:\users\Gurvan\riotsGamesLogs
  48. 2012-06-30 02:11 . 2012-06-30 02:12 -------- d-----w- c:\program files\ma-config.com
  49. 2012-06-30 02:11 . 2012-06-30 02:11 -------- d-----w- c:\programdata\ma-config.com
  50. 2012-06-29 17:50 . 2012-06-29 17:50 -------- d-----w- c:\users\Gurvan\AppData\Roaming\LolClient
  51. 2012-06-29 09:22 . 2012-06-29 09:22 -------- d-----w- c:\programdata\ATI
  52. 2012-06-29 09:22 . 2012-06-29 09:22 -------- d-----w- c:\program files (x86)\AMD APP
  53. 2012-06-28 10:28 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
  54. 2012-06-28 10:28 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
  55. 2012-06-28 10:28 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
  56. 2012-06-28 10:25 . 2012-06-28 10:25 -------- d-----w- C:\Riot Games
  57. 2012-06-28 07:57 . 2012-06-28 07:57 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
  58. 2012-06-27 23:51 . 2012-07-11 23:47 -------- d-----w- c:\users\Gurvan\AppData\Local\PMB Files
  59. 2012-06-27 23:51 . 2012-07-11 23:47 -------- d-----w- c:\programdata\PMB Files
  60. 2012-06-27 23:50 . 2012-06-27 23:50 -------- d-----w- c:\program files (x86)\Pando Networks
  61. 2012-06-27 09:43 . 2012-06-27 09:43 -------- d-----w- c:\users\Gurvan\AppData\Roaming\AnkamaCertificates
  62. 2012-06-26 22:31 . 2010-11-05 01:57 32072 ---h--w- c:\users\Gurvan\AppData\Roaming\Mozilla Firefox.exe
  63. 2012-06-26 09:54 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
  64. 2012-06-26 09:54 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
  65. 2012-06-26 09:54 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
  66. 2012-06-26 09:54 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
  67. 2012-06-26 09:53 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
  68. 2012-06-26 09:53 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
  69. 2012-06-26 09:53 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
  70. 2012-06-26 09:53 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
  71. 2012-06-26 09:53 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
  72. 2012-06-25 22:05 . 2012-06-25 22:05 -------- d-----w- c:\users\Gurvan\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
  73. 2012-06-20 19:35 . 2012-06-20 19:35 -------- d-----w- c:\users\Gurvan\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
  74. 2012-06-20 18:32 . 2012-06-20 18:32 -------- d-----w- c:\users\Gurvan\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
  75. 2012-06-20 18:32 . 2012-06-29 16:15 -------- d-----w- c:\users\Gurvan\AppData\Roaming\Dofus2
  76. 2012-06-20 18:32 . 2012-06-20 18:32 -------- d-----w- c:\users\Gurvan\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
  77. 2012-06-19 21:02 . 2012-07-12 00:48 -------- d-----w- c:\users\Gurvan\AppData\Roaming\.minecraft
  78. 2012-06-19 21:00 . 2012-06-20 15:50 -------- d-----w- c:\users\Gurvan\AppData\Roaming\.minecraft - Copie (2)
  79. 2012-06-18 12:38 . 2012-06-18 12:38 -------- d-----w- c:\users\Gurvan\AppData\Local\Macromedia
  80. 2012-06-16 09:24 . 2012-06-16 09:24 -------- d-----w- c:\program files\Microsoft Silverlight
  81. 2012-06-16 09:24 . 2012-06-16 09:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
  82. 2012-06-13 16:40 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
  83. 2012-06-13 16:40 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
  84. 2012-06-13 16:40 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
  85. 2012-06-13 16:40 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
  86. 2012-06-13 16:40 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
  87. 2012-06-13 16:40 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
  88. 2012-06-13 16:40 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
  89. 2012-06-13 16:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
  90. 2012-06-13 16:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
  91. 2012-06-13 16:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
  92. 2012-06-13 16:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
  93. 2012-06-13 16:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
  94. 2012-06-13 16:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
  95. 2012-06-13 16:39 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
  96. 2012-06-13 16:39 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
  97. 2012-06-13 16:39 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
  98. .
  99. .
  100. .
  101. (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
  102. .
  103. 2012-06-23 22:37 . 2012-05-28 08:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  104. 2012-06-23 22:37 . 2011-12-29 10:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  105. 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
  106. 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
  107. 2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
  108. 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
  109. 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
  110. 2012-06-11 17:24 . 2011-09-08 17:34 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
  111. 2012-06-11 17:23 . 2011-09-08 17:32 1090560 ----a-w- c:\windows\system32\aticfx64.dll
  112. 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
  113. 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
  114. 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
  115. 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
  116. 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
  117. 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
  118. 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
  119. 2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
  120. 2012-06-11 17:01 . 2011-09-08 17:16 6914560 ----a-w- c:\windows\system32\atidxx64.dll
  121. 2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
  122. 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
  123. 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
  124. 2012-06-11 16:45 . 2011-09-08 17:05 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
  125. 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
  126. 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
  127. 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
  128. 2012-06-11 16:43 . 2011-09-08 17:08 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
  129. 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
  130. 2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
  131. 2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
  132. 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
  133. 2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
  134. 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
  135. 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
  136. 2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
  137. 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
  138. 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
  139. 2012-06-11 16:25 . 2011-09-08 16:52 54784 ----a-w- c:\windows\system32\atiuxp64.dll
  140. 2012-06-11 16:25 . 2012-04-06 01:09 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
  141. 2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
  142. 2012-06-11 16:24 . 2011-09-08 16:51 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
  143. 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
  144. 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
  145. 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
  146. 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
  147. 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
  148. 2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe
  149. 2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
  150. 2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
  151. 2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
  152. 2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
  153. 2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
  154. 2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
  155. 2012-05-31 20:51 . 2012-05-31 20:51 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
  156. 2012-05-31 20:51 . 2012-05-31 20:51 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
  157. 2012-05-31 20:51 . 2012-05-31 20:51 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
  158. .
  159. .
  160. ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
  161. .
  162. .
  163. *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
  164. REGEDIT4
  165. .
  166. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  167. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  168. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  169. 2012-02-14 22:58 94208 ----a-w- c:\users\Gurvan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  170. .
  171. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  172. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  173. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  174. 2012-02-14 22:58 94208 ----a-w- c:\users\Gurvan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  175. .
  176. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  177. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  178. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  179. 2012-02-14 22:58 94208 ----a-w- c:\users\Gurvan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
  180. .
  181. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  182. "Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2012-06-21 1097464]
  183. "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
  184. "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
  185. .
  186. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  187. "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
  188. "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-01 258512]
  189. "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
  190. "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
  191. "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
  192. "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
  193. .
  194. c:\users\Gurvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  195. Dropbox.lnk - c:\users\Gurvan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
  196. DUC 3.0.lnk - c:\program files (x86)\No-IP\DUC30.exe [2010-6-18 1423520]
  197. OneNote 2010 - Capture d’écran et lancement.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
  198. .
  199. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  200. EasySetPackage.lnk - c:\program files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe [2011-12-29 159744]
  201. .
  202. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  203. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  204. "ConsentPromptBehaviorUser"= 3 (0x3)
  205. "EnableLUA"= 0 (0x0)
  206. "EnableUIADesktopToggle"= 0 (0x0)
  207. "PromptOnSecureDesktop"= 0 (0x0)
  208. .
  209. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  210. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  211. .
  212. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
  213. @=""
  214. .
  215. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
  216. "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
  217. "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
  218. "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
  219. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
  220. "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
  221. .
  222. R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
  223. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  224. R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648]
  225. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-14 160944]
  226. R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
  227. R3 cpuz134;cpuz134;c:\users\Gurvan\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
  228. R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 16640]
  229. R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 116648]
  230. R3 LGDDCDevice;LGDDCDevice;c:\windows\system32\LGI2CDriver.sys [x]
  231. R3 LGII2CDevice;LGII2CDevice;c:\windows\system32\LGPII2CDriver.sys [x]
  232. R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-11-25 427640]
  233. R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
  234. R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
  235. R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
  236. R3 SilvrLnk;SilverLink (USB GraphLink) Cable;c:\windows\system32\DRIVERS\silvrlnk.sys [2009-09-10 129536]
  237. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
  238. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
  239. R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-29 1255736]
  240. S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
  241. S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
  242. S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-01 27760]
  243. S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-29 270912]
  244. S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
  245. S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
  246. S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
  247. S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
  248. S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
  249. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
  250. S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
  251. S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-01 86224]
  252. S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
  253. S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
  254. S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
  255. S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
  256. S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-30 2123584]
  257. S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
  258. S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
  259. S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
  260. S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
  261. S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
  262. S3 netr28ux;Pilote de carte réseau sans fil RT2870 USB pour Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
  263. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
  264. S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-24 11856]
  265. S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
  266. S3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
  267. .
  268. .
  269. --- Autres Services/Pilotes en mémoire ---
  270. .
  271. *NewlyCreated* - WS2IFSL
  272. .
  273. Contenu du dossier 'Tâches planifiées'
  274. .
  275. 2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
  276. - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 22:37]
  277. .
  278. 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  279. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 19:53]
  280. .
  281. 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  282. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-30 19:53]
  283. .
  284. 2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232414852-395253565-4101861292-1000Core.job
  285. - c:\users\Gurvan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 19:26]
  286. .
  287. 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4232414852-395253565-4101861292-1000UA.job
  288. - c:\users\Gurvan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 19:26]
  289. .
  290. 2012-07-12 c:\windows\Tasks\RegCure Program Check.job
  291. - c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
  292. .
  293. 2012-07-12 c:\windows\Tasks\RegCure.job
  294. - c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 23:20]
  295. .
  296. 2012-07-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3b95a0ab-237c-4274-bc92-cbb9089994c2.job
  297. - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
  298. .
  299. 2012-07-12 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ee355027-66da-4693-b1da-548b8baf2997.job
  300. - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
  301. .
  302. .
  303. --------- X64 Entries -----------
  304. .
  305. .
  306. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  307. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  308. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  309. 2012-02-14 22:58 97792 ----a-w- c:\users\Gurvan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
  310. .
  311. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  312. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  313. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  314. 2012-02-14 22:58 97792 ----a-w- c:\users\Gurvan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
  315. .
  316. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  317. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  318. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  319. 2012-02-14 22:58 97792 ----a-w- c:\users\Gurvan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
  320. .
  321. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
  322. @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
  323. [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
  324. 2012-02-14 22:58 97792 ----a-w- c:\users\Gurvan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
  325. .
  326. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  327. "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-06-24 7233640]
  328. "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
  329. .
  330. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  331. "LoadAppInit_DLLs"=0x0
  332. .
  333. ------- Examen supplémentaire -------
  334. .
  335. uLocal Page = c:\windows\system32\blank.htm
  336. uStart Page = hxxp://google.fr/
  337. mLocal Page = c:\windows\SysWOW64\blank.htm
  338. uInternet Settings,ProxyOverride = *.local
  339. IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
  340. IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
  341. FF - ProfilePath - c:\users\Gurvan\AppData\Roaming\Mozilla\Firefox\Profiles\qe9nz0hn.default\
  342. FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?hl=fr&shva=1#inbox
  343. FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=060612_7_&babsrc=KW_ss&mntrId=7c638ea60000000000000014d15bc5c7&q=
  344. FF - user.js: network.http.max-persistent-connections-per-server - 4
  345. FF - user.js: nglayout.initialpaint.delay - 600
  346. FF - user.js: content.notify.interval - 600000
  347. FF - user.js: content.max.tokenizing.time - 1800000
  348. FF - user.js: content.switch.threshold - 600000
  349. FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_7_
  350. FF - user.js: extensions.BabylonToolbar_i.babExt -
  351. FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
  352. FF - user.js: extensions.BabylonToolbar_i.id - 7c638ea60000000000000014d15bc5c7
  353. FF - user.js: extensions.BabylonToolbar_i.hardId - 7c638ea60000000000000014d15bc5c7
  354. FF - user.js: extensions.BabylonToolbar_i.instlDay - 15502
  355. FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
  356. FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
  357. FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:17
  358. FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
  359. FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
  360. FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
  361. FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
  362. FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
  363. FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
  364. .
  365. - - - - ORPHELINS SUPPRIMES - - - -
  366. .
  367. Wow6432Node-HKLM-Run-Browser companion helper - c:\program files (x86)\BrowserCompanion\BCHelper.exe
  368. .
  369. .
  370. .
  371. --------------------- CLES DE REGISTRE BLOQUEES ---------------------
  372. .
  373. [HKEY_USERS\S-1-5-21-4232414852-395253565-4101861292-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]
  374. "GameDir"="c:\\Users\\Gurvan\\Documents\\Sports Interactive\\Football Manager 2012\\games"
  375. "ShortlistDir"="c:\\Users\\Gurvan\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"
  376. "FMPath"=""
  377. "ScreenshotsDir"="c:\\Users\\Gurvan\\Documents\\Sports Interactive\\Football Manager 2012"
  378. "SaveDir"="c:\\Users\\Gurvan\\Documents\\Sports Interactive\\Football Manager 2012\\"
  379. "HistoryDir"="c:\\FM Genie Scout 12\\History Points"
  380. "LangDB"="c:\\FM Genie Scout 12\\lang_db.dat"
  381. "LastSaveGame"="c:\\Users\\Gurvan\\Documents\\Sports Interactive\\Football Manager 2012\\games\\Olympique Lyonnais.fm"
  382. "Language"="French"
  383. "LoadLangDB"=dword:00000001
  384. "CompressHistoryPoints"=dword:00000000
  385. "HighlightedAttributes"=dword:00000000
  386. "MinCondition"=dword:00000050
  387. "GraphStep"=dword:00000000
  388. "SkinName"="Steklo Black"
  389. "LastUpdateCheck"=dword:00009fe7
  390. "VersionOf201"=dword:0000007b
  391. "HighQualityGUI"=dword:00000001
  392. "AutomaticallyUpdateCheck"=dword:00000001
  393. "AdvancedGeneration"=dword:00000000
  394. "TranslateStaffSkills"=dword:00000001
  395. "TranslatePlayerSkills"=dword:00000001
  396. "TranslatePositions"=dword:00000001
  397. "ShowHistory"=dword:00000001
  398. "ShowGuidNotification"=dword:00000000
  399. "ShowDonateNotification"=dword:00000000
  400. "Version"=dword:000000cc
  401. "UniqueID"="94-FC65-2983"
  402. "Currency"=dword:00000056
  403. "UseProxy"=dword:00000000
  404. "ProxyHost"=""
  405. "ProxyPort"=""
  406. "UseAuthentication"=dword:00000000
  407. "UserName"=""
  408. "UserPassword"=""
  409. "PlayerSearchFeatureNum"=dword:00000002
  410. "StaffSearchFeatureNum"=dword:00000000
  411. "ClubSearchFeatureNum"=dword:00000000
  412. "FilterByClubFeatureNum"=dword:00000000
  413. "CompareFeatureNum"=dword:00000000
  414. "ShortlistFeatureNum"=dword:00000000
  415. "ExportFeatureNum"=dword:00000000
  416. "HistoryFeatureNum"=dword:00000000
  417. "LanguageDBFeatureNum"=dword:00000002
  418. "HintsFeatureNum"=dword:00000001
  419. "GenieReportFeatureNum"=dword:00000000
  420. "TopFormationFeatureNum"=dword:00000000
  421. "ScreenshotFeatureNum"=dword:00000000
  422. "AdClicksNum"=dword:00000000
  423. "AdImpressionsNum"=dword:0000000d
  424. "GameLoadedCounter"=dword:00000002
  425. .
  426. [HKEY_USERS\S-1-5-21-4232414852-395253565-4101861292-1000\Software\SecuROM\License information*]
  427. "datasecu"=hex:b4,f4,0f,9c,e4,f4,3a,42,32,59,7c,6f,7b,8a,a0,c8,fe,b4,d9,70,2d,
  428. 1c,e7,6b,5f,65,a2,e4,a3,c3,47,2a,d5,00,d3,3e,e6,bb,d9,2e,14,90,7c,f8,cd,2c,\
  429. "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
  430. .
  431. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  432. @Denied: (Full) (Everyone)
  433. .
  434. ------------------------ Autres processus actifs ------------------------
  435. .
  436. c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
  437. c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  438. c:\windows\SysWOW64\PnkBstrA.exe
  439. c:\windows\SysWOW64\DllHost.exe
  440. .
  441. **************************************************************************
  442. .
  443. Heure de fin: 2012-07-12 13:20:32 - La machine a redémarré
  444. ComboFix-quarantined-files.txt 2012-07-12 11:20
  445. .
  446. Avant-CF: 111 056 953 344 octets libres
  447. Après-CF: 110 764 589 056 octets libres
  448. .
  449. - - End Of File - - D2044CB1910B13BA4274C011E9630943
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!