API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 4th, 2012
481
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.79 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-02-02.02 - Bilal 04/02/2012 22:48:17.1.2 - x64 NETWORK
  2. Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4095.2745 [GMT 1:00]
  3. Lancé depuis: c:\users\Bilal\Downloads\ComboFix.exe
  4. AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
  5. AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
  6. SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
  7. SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
  8. SP: Spybot - Search & Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
  9. SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  10. * Un nouveau point de restauration a été créé
  11. .
  12. .
  13. (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
  14. .
  15. .
  16. c:\program files (x86)\Common Files\packardbell.ico
  17. c:\programdata\FullRemove.exe
  18. c:\users\Abs\AppData\Roaming\OfferBox
  19. c:\users\Abs\AppData\Roaming\OfferBox\config.dat
  20. c:\users\Abs\AppData\Roaming\OfferBox\config.xml
  21. c:\users\Bilal\errorlogmi.tmp
  22. c:\users\fatima\AppData\Roaming\.#
  23. c:\users\fatima\AppData\Roaming\OfferBox
  24. c:\users\fatima\AppData\Roaming\OfferBox\config.dat
  25. c:\users\fatima\AppData\Roaming\OfferBox\config.xml
  26. c:\users\fatima\AppData\Roaming\OfferBox\run.log
  27. c:\users\fatima\AppData\Roaming\OfferBox\temp.ico
  28. c:\users\sam'sOnit\AppData\Roaming\OfferBox
  29. c:\users\sam'sOnit\AppData\Roaming\OfferBox\config.dat
  30. c:\users\sam'sOnit\AppData\Roaming\OfferBox\config.xml
  31. c:\users\sam'sOnit\AppData\Roaming\OfferBox\run.log
  32. c:\users\sam'sOnit\AppData\Roaming\OfferBox\temp.ico
  33. c:\windows\XSxS
  34. D:\install.exe
  35. .
  36. .
  37. ((((((((((((((((((((((((((((( Fichiers créés du 2012-01-04 au 2012-02-04 ))))))))))))))))))))))))))))))))))))
  38. .
  39. .
  40. 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\Invité\AppData\Local\temp
  41. 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\fatima\AppData\Local\temp
  42. 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\sam'sOnit\AppData\Local\temp
  43. 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
  44. 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\Abs\AppData\Local\temp
  45. 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\salim\AppData\Local\temp
  46. 2012-02-03 21:58 . 2012-02-04 21:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
  47. 2012-02-03 21:58 . 2009-01-25 12:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
  48. 2012-02-03 21:58 . 2012-02-03 21:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
  49. 2012-02-03 21:33 . 2012-02-03 21:33 -------- d-----w- c:\program files\CCleaner
  50. 2012-02-02 20:42 . 2012-02-02 20:42 126976 --sha-r- c:\windows\SysWow64\expsrv3.dll
  51. 2012-02-02 18:05 . 2012-02-02 18:05 237 ----a-w- C:\user.js
  52. 2012-02-02 17:00 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1B3A659-C842-4272-B5EE-2432BCC4FDEE}\mpengine.dll
  53. 2012-02-01 23:47 . 2012-02-01 23:47 116224 --s-a-w- c:\windows\SysWow64\c6to4.dll
  54. 2012-02-01 23:47 . 2012-02-01 23:47 0 ----a-w- c:\windows\SysWow64\winlogon.exe
  55. 2012-02-01 23:47 . 2012-02-01 23:47 -------- d-----w- c:\users\Bilal\AppData\Roaming\HTML Help
  56. 2012-02-01 22:21 . 2012-02-02 18:11 -------- d-----w- c:\program files (x86)\Acunetix
  57. 2012-02-01 16:45 . 2012-02-01 16:46 -------- d-----w- c:\users\Bilal\AppData\Local\ApplicationHistory
  58. 2012-01-28 23:11 . 2005-08-03 05:10 32512 ----a-w- c:\windows\SysWow64\drivers\npf.sys
  59. 2012-01-28 23:11 . 2012-01-28 23:11 -------- d-----w- c:\program files (x86)\SwitchSniffer
  60. 2012-01-28 23:11 . 2005-08-03 05:24 53299 ----a-w- c:\windows\SysWow64\pthreadVC.dll
  61. 2012-01-28 23:11 . 2005-08-03 05:08 81920 ----a-w- c:\windows\SysWow64\packet.dll
  62. 2012-01-28 23:11 . 2005-08-03 05:08 61440 ----a-w- c:\windows\SysWow64\WanPacket.dll
  63. 2012-01-28 23:11 . 2003-04-04 13:54 208896 ----a-w- c:\windows\SysWow64\wpcap.dll
  64. 2012-01-27 16:53 . 2012-01-27 16:56 -------- d-----w- c:\users\Bilal\AppData\Roaming\.spoutcraft
  65. 2012-01-24 17:21 . 2012-01-29 21:09 -------- d-----w- c:\program files (x86)\VPN4ALL
  66. 2012-01-24 06:04 . 2012-01-24 06:04 -------- d-----w- c:\users\Bilal\.swt
  67. 2012-01-24 06:04 . 2012-01-24 06:04 -------- d-----w- c:\users\Bilal\historique_ChatLand
  68. 2012-01-23 21:17 . 2012-01-24 20:09 -------- d-----w- c:\users\Bilal\AppData\Roaming\mIRC
  69. 2012-01-23 21:17 . 2012-01-23 21:17 -------- d-----w- c:\program files (x86)\mIRC
  70. 2012-01-23 21:17 . 2012-02-03 21:17 -------- d-----w- c:\users\Bilal\chat-land
  71. 2012-01-23 17:47 . 2012-01-23 17:54 -------- d-----w- c:\users\Bilal\AppData\Roaming\X-Chat 2
  72. 2012-01-23 17:41 . 2012-01-23 21:24 -------- d-----w- c:\users\Bilal\AppData\Roaming\.purple
  73. 2012-01-23 17:40 . 2012-01-23 17:40 -------- d-----w- c:\program files (x86)\Pidgin
  74. 2012-01-21 17:18 . 2012-01-21 17:25 -------- d-----w- c:\users\fatima\AppData\Roaming\X-Chat 2
  75. 2012-01-21 17:18 . 2012-01-21 17:18 -------- d-----w- c:\program files (x86)\xchat
  76. 2012-01-21 17:15 . 2009-07-23 16:39 -------- d-----w- c:\windows\system32\lib
  77. 2012-01-21 17:15 . 2009-07-23 16:39 -------- d-----w- c:\windows\system32\include
  78. 2012-01-21 17:15 . 2009-07-23 16:39 -------- d-----w- c:\windows\system32\bin
  79. 2012-01-21 12:08 . 2012-01-21 13:06 311968 ----a-w- c:\windows\system32\drivers\atksgt.sys
  80. 2012-01-21 12:08 . 2012-01-21 12:08 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
  81. 2012-01-21 11:36 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
  82. 2012-01-21 11:36 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
  83. 2012-01-21 11:36 . 2008-07-12 07:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
  84. 2012-01-21 11:36 . 2008-07-12 07:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
  85. 2012-01-21 11:36 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
  86. 2012-01-21 11:36 . 2008-07-12 07:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
  87. 2012-01-21 11:34 . 2007-10-22 02:38 77832 ----a-w- c:\windows\SysWow64\GameuxInstallHelper.dll
  88. 2012-01-21 11:34 . 2007-10-22 02:37 44552 ----a-w- c:\windows\SysWow64\FirewallInstallHelper.dll
  89. 2012-01-20 08:46 . 2012-01-20 08:46 -------- d-----w- c:\users\fatima\AppData\Local\GameSpy
  90. 2012-01-20 08:46 . 2012-02-04 08:34 -------- d-----w- c:\users\fatima\AppData\Local\ApplicationHistory
  91. 2012-01-19 20:45 . 2012-01-19 20:45 -------- d-----w- c:\program files (x86)\GameSpy
  92. 2012-01-19 20:44 . 2012-01-19 20:44 -------- d-----w- c:\windows\SysWow64\URTTEMP
  93. 2012-01-19 20:42 . 2012-01-19 20:42 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
  94. 2012-01-19 20:42 . 2012-01-19 20:42 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
  95. 2012-01-19 20:42 . 2012-01-19 20:42 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
  96. 2012-01-19 20:24 . 2012-01-19 20:36 -------- d-----w- c:\program files (x86)\Electronic Arts
  97. 2012-01-19 17:07 . 2012-01-19 17:11 -------- d-----w- c:\program files\CyberGhost VPN
  98. 2012-01-18 19:59 . 2012-01-18 20:00 -------- d-----w- c:\users\Bilal\AppData\Local\Downloader
  99. 2012-01-18 19:40 . 2012-01-18 19:40 -------- d--h--r- c:\users\Bilal\AppData\Roaming\SecuROM
  100. 2012-01-18 19:31 . 2012-01-18 19:31 -------- d--h--r- c:\users\fatima\AppData\Roaming\SecuROM
  101. 2012-01-17 19:20 . 2012-01-18 17:35 -------- d-----w- c:\program files (x86)\Rockstar Games
  102. 2012-01-17 15:31 . 2012-01-17 15:31 -------- d-----w- c:\users\fatima\AppData\Local\Downloader
  103. 2012-01-17 15:31 . 2012-01-17 15:31 -------- d-----w- c:\program files (x86)\Downloader
  104. 2012-01-15 21:36 . 2012-01-15 21:36 -------- d-----w- c:\users\fatima\AppData\Roaming\DivX
  105. 2012-01-15 21:32 . 2011-08-22 19:23 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
  106. 2012-01-15 21:32 . 2011-08-22 19:23 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
  107. 2012-01-15 21:32 . 2011-08-22 19:23 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
  108. 2012-01-15 21:32 . 2011-08-22 19:23 361720 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
  109. 2012-01-15 21:32 . 2011-08-22 19:23 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
  110. 2012-01-15 21:32 . 2011-07-08 00:57 566008 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
  111. 2012-01-15 21:32 . 2010-12-24 10:43 29288 ---ha-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
  112. 2012-01-12 18:06 . 2012-01-12 18:06 -------- d-----w- c:\windows\SysWow64\wbem\en-US
  113. 2012-01-12 18:06 . 2012-01-12 18:06 -------- d-----w- c:\windows\system32\wbem\en-US
  114. 2012-01-12 17:38 . 2012-01-12 17:38 -------- d-----w- c:\users\fatima\AppData\Roaming\Megamedia
  115. 2012-01-12 17:38 . 2012-01-12 17:38 -------- d-----w- c:\programdata\Megamedia
  116. 2012-01-12 17:37 . 2012-01-12 17:37 -------- d-----w- c:\users\fatima\AppData\Local\Megamedia
  117. 2012-01-11 19:05 . 2012-01-11 19:05 -------- d-----w- c:\programdata\boost_interprocess
  118. 2012-01-11 12:53 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
  119. 2012-01-11 12:53 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
  120. 2012-01-11 12:53 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
  121. 2012-01-11 12:53 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
  122. 2012-01-11 12:53 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
  123. 2012-01-11 12:53 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
  124. 2012-01-11 12:53 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
  125. 2012-01-11 12:53 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
  126. 2012-01-10 13:33 . 2012-01-10 13:33 -------- d-----w- c:\users\fatima\AppData\Local\Procaster
  127. 2012-01-10 13:33 . 2012-01-10 13:33 -------- d-----w- c:\users\fatima\AppData\Local\CrashRpt
  128. 2012-01-07 17:14 . 2012-01-07 17:14 -------- d-----w- c:\users\fatima\AppData\Roaming\Megaupload
  129. .
  130. .
  131. .
  132. (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
  133. .
  134. 2012-01-31 12:44 . 2010-07-13 19:19 279656 ------w- c:\windows\system32\MpSigStub.exe
  135. 2012-01-26 21:28 . 2010-09-04 06:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
  136. 2012-01-24 21:16 . 2010-02-23 21:54 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
  137. 2012-01-24 21:15 . 2010-10-08 20:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
  138. 2012-01-15 08:24 . 2010-02-21 22:41 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
  139. 2012-01-15 08:23 . 2010-02-21 22:41 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
  140. 2012-01-08 10:46 . 2010-02-23 21:54 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
  141. 2012-01-06 05:15 . 2010-07-14 17:01 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
  142. 2011-12-24 10:49 . 2011-12-24 10:49 0 ---ha-w- c:\users\fatima\AppData\Local\BITB98E.tmp
  143. 2011-12-10 14:24 . 2010-07-13 19:01 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
  144. 2011-12-08 13:05 . 2011-12-08 13:05 0 ---ha-w- c:\users\sam'sOnit\AppData\Local\BITA13D.tmp
  145. 2011-12-05 07:43 . 2011-12-05 07:43 0 ---ha-w- c:\users\sam'sOnit\AppData\Local\BIT6983.tmp
  146. 2011-11-24 04:52 . 2011-12-14 11:11 3145216 ----a-w- c:\windows\system32\win32k.sys
  147. 2011-11-22 19:54 . 2011-11-22 19:54 0 ---ha-w- c:\users\fatima\AppData\Local\BIT65B7.tmp
  148. 2011-11-10 04:54 . 2010-06-13 18:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
  149. 2011-11-08 18:48 . 2011-11-08 18:48 0 ---ha-w- c:\users\Invité\AppData\Local\BIT590B.tmp
  150. 2011-11-08 18:48 . 2011-11-08 18:48 0 ---ha-w- c:\users\Invité\AppData\Local\BIT590B.tmp
  151. 2011-11-07 17:43 . 2011-11-07 17:43 34064 ----a-w- c:\windows\SysWow64\lhacm.acm
  152. .
  153. .
  154. ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
  155. .
  156. .
  157. *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
  158. REGEDIT4
  159. .
  160. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  161. "{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}"= "c:\program files (x86)\Avanquest_FR\prxtbAva2.dll" [2011-05-09 176936]
  162. .
  163. [HKEY_CLASSES_ROOT\clsid\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}]
  164. .
  165. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}]
  166. 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Avanquest_FR\prxtbAva2.dll
  167. .
  168. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
  169. 2011-01-13 04:16 64000 ----a-w- c:\users\fatima\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
  170. .
  171. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
  172. "{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}"= "c:\program files (x86)\Avanquest_FR\prxtbAva2.dll" [2011-05-09 176936]
  173. .
  174. [HKEY_CLASSES_ROOT\clsid\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}]
  175. .
  176. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  177. "VPN4ALL"="c:\program files (x86)\VPN4ALL\VPN4ALL.exe" [2011-09-02 1784832]
  178. .
  179. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  180. "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
  181. "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
  182. "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
  183. "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
  184. "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
  185. "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
  186. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
  187. "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
  188. "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
  189. "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
  190. .
  191. c:\users\salim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  192. IMVU.lnk - c:\users\Bilal\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]
  193. .
  194. c:\users\sam'sOnit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  195. Notification de cadeaux MSN.lnk - c:\users\Bilal\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [N/A]
  196. .
  197. c:\users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  198. OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
  199. .
  200. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  201. Assistant SMART WIZARD NETGEAR pour WG111v3.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2072576]
  202. NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2072576]
  203. Philips Device Manager.lnk - c:\philips\SA32xx Device Manager\SA32xx_DeviceManager.exe [2010-12-27 1615216]
  204. Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
  205. .
  206. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  207. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  208. "ConsentPromptBehaviorUser"= 3 (0x3)
  209. "EnableUIADesktopToggle"= 0 (0x0)
  210. .
  211. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  212. BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
  213. .
  214. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  215. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  216. .
  217. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
  218. @="Service"
  219. .
  220. R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
  221. R1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [x]
  222. R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
  223. R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
  224. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  225. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  226. R2 CrossLoopService;CrossLoop Service;c:\users\Bilal\AppData\Local\CrossLoop\CrossLoopService.exe [2009-12-16 86016]
  227. R2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
  228. R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 133104]
  229. R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-05-26 329544]
  230. R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
  231. R2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
  232. R2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Olitec\Olitec 11n USB Wireless LAN Utility\RtlService.exe [2009-12-21 40960]
  233. R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
  234. R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
  235. R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
  236. R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
  237. R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
  238. R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
  239. R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
  240. R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
  241. R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-12-06 2430128]
  242. R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
  243. R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
  244. R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
  245. R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 133104]
  246. R3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP 2009\HideMyIpSrv.exe [2009-11-28 2396464]
  247. R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
  248. R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
  249. R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
  250. R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
  251. R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
  252. R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
  253. R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
  254. R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
  255. R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
  256. R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
  257. R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
  258. R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
  259. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
  260. R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [x]
  261. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
  262. R3 uvnc_service;uvnc_service;c:\users\Bilal\AppData\Local\CrossLoop\winvnc.exe [2009-12-06 1590216]
  263. R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
  264. R3 X6va003;X6va003;c:\users\Bilal\AppData\Local\Temp\0033F1.tmp [x]
  265. R3 X6va005;X6va005;c:\users\fatima\AppData\Local\Temp\005C959.tmp [x]
  266. R4 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;c:\program files (x86)\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe [2007-11-15 655872]
  267. S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
  268. S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
  269. S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
  270. S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
  271. S3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\DRIVERS\tscomm.sys [x]
  272. .
  273. .
  274. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
  275. nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
  276. Akamai REG_MULTI_SZ Akamai
  277. .
  278. Contenu du dossier 'Tâches planifiées'
  279. .
  280. 2012-02-04 c:\windows\Tasks\bfjxy.job
  281. - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
  282. .
  283. 2012-02-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
  284. - c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-02-03 14:46]
  285. .
  286. 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  287. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 20:35]
  288. .
  289. 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  290. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 20:35]
  291. .
  292. 2012-02-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
  293. - c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-02-03 14:46]
  294. .
  295. 2012-02-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
  296. - c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2012-02-03 14:46]
  297. .
  298. .
  299. --------- x86-64 -----------
  300. .
  301. .
  302. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
  303. 2011-01-13 04:19 78336 ----a-w- c:\users\fatima\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll
  304. .
  305. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
  306. 2011-06-20 17:37 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
  307. .
  308. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  309. "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
  310. "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
  311. .
  312. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  313. "LoadAppInit_DLLs"=0x1
  314. .
  315. ------- Examen supplémentaire -------
  316. .
  317. uLocal Page = c:\windows\system32\blank.htm
  318. uStart Page = hxxp://www.google.fr
  319. uDefault_Search_URL = hxxp://www.google.fr
  320. mStart Page = hxxp://www.google.fr
  321. mLocal Page = c:\windows\SysWOW64\blank.htm
  322. uInternet Settings,ProxyOverride = 127.0.0.1:9421
  323. IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
  324. IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
  325. LSP: c:\programdata\Megamedia\Megakey\msadm.dll
  326. LSP: c:\windows\system32\HMIPCore.dll
  327. FF - ProfilePath - c:\users\Bilal\AppData\Roaming\Mozilla\Firefox\Profiles\tn7fcql4.default\
  328. .
  329. - - - - ORPHELINS SUPPRIMES - - - -
  330. .
  331. URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
  332. URLSearchHooks-{4daac69c-cba7-45e2-9bc8-1044483d3352} - (no file)
  333. URLSearchHooks-{1c491116-c175-45e1-a570-6fb14fea8b7b} - (no file)
  334. BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
  335. Toolbar-Locked - (no file)
  336. Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
  337. Toolbar-10 - (no file)
  338. Wow6432Node-HKLM-Run-TaskTray - (no file)
  339. Notify-SDWinLogon - SDWinLogon.dll
  340. Toolbar-Locked - (no file)
  341. Toolbar-10 - (no file)
  342. WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
  343. WebBrowser-{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - (no file)
  344. WebBrowser-{6EC85FCF-87AD-41D7-AE1F-F116F8AD4848} - (no file)
  345. WebBrowser-{1C491116-C175-45E1-A570-6FB14FEA8B7B} - (no file)
  346. WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
  347. AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
  348. AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
  349. .
  350. .
  351. .
  352. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
  353. "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
  354. .
  355. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
  356. "ImagePath"="c:\windows\system32\GameMon.des -service"
  357. .
  358. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
  359. "ImagePath"="\??\c:\users\Bilal\AppData\Local\Temp\0033F1.tmp"
  360. .
  361. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
  362. "ImagePath"="\??\c:\users\fatima\AppData\Local\Temp\005C959.tmp"
  363. .
  364. --------------------- CLES DE REGISTRE BLOQUEES ---------------------
  365. .
  366. [HKEY_USERS\S-1-5-21-3809555165-3482574201-1184881471-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
  367. @Denied: (2) (S-1-5-21-3809555165-3482574201-1184881471-1003)
  368. @Denied: (2) (LocalSystem)
  369. "Progid"="ThunderbirdEML"
  370. .
  371. [HKEY_USERS\S-1-5-21-3809555165-3482574201-1184881471-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
  372. @Denied: (2) (LocalSystem)
  373. "Progid"="WindowsLiveMail.VCard.1"
  374. .
  375. [HKEY_USERS\S-1-5-21-3809555165-3482574201-1184881471-1003\Software\SecuROM\License information*]
  376. "datasecu"=hex:f0,b7,29,e1,48,bf,cd,88,ab,c9,14,33,55,e1,73,e9,80,1d,2a,01,ed,
  377. ad,8b,bc,2f,38,ef,04,5d,ac,8f,82,e3,ce,8b,fc,0d,ee,90,67,32,e1,9b,e2,81,9c,\
  378. "rkeysecu"=hex:a2,23,90,68,b6,ba,99,29,1f,b9,2d,f8,4c,a6,4b,2d
  379. .
  380. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  381. @Denied: (A 2) (Everyone)
  382. @="FlashBroker"
  383. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
  384. .
  385. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  386. "Enabled"=dword:00000001
  387. .
  388. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  389. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
  390. .
  391. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  392. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  393. .
  394. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  395. @Denied: (A 2) (Everyone)
  396. @="Shockwave Flash Object"
  397. .
  398. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  399. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
  400. "ThreadingModel"="Apartment"
  401. .
  402. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  403. @="0"
  404. .
  405. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  406. @="ShockwaveFlash.ShockwaveFlash.10"
  407. .
  408. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  409. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
  410. .
  411. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  412. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  413. .
  414. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  415. @="1.0"
  416. .
  417. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  418. @="ShockwaveFlash.ShockwaveFlash"
  419. .
  420. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  421. @Denied: (A 2) (Everyone)
  422. @="Macromedia Flash Factory Object"
  423. .
  424. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  425. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
  426. "ThreadingModel"="Apartment"
  427. .
  428. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  429. @="FlashFactory.FlashFactory.1"
  430. .
  431. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  432. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
  433. .
  434. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  435. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  436. .
  437. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  438. @="1.0"
  439. .
  440. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  441. @="FlashFactory.FlashFactory"
  442. .
  443. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  444. @Denied: (A 2) (Everyone)
  445. @="IFlashBroker4"
  446. .
  447. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  448. @="{00020424-0000-0000-C000-000000000046}"
  449. .
  450. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  451. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  452. "Version"="1.0"
  453. .
  454. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  455. @Denied: (Full) (Everyone)
  456. .
  457. Heure de fin: 2012-02-04 23:02:36
  458. ComboFix-quarantined-files.txt 2012-02-04 22:02
  459. .
  460. Avant-CF: 14 723 031 040 octets libres
  461. Après-CF: 20 868 169 728 octets libres
  462. .
  463. - - End Of File - - 074AF4C96064152BC5A4470995534131
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!