Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 12-02-02.02 - Bilal 04/02/2012 22:48:17.1.2 - x64 NETWORK
- Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4095.2745 [GMT 1:00]
- Lancé depuis: c:\users\Bilal\Downloads\ComboFix.exe
- AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
- AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
- SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
- SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
- SP: Spybot - Search & Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
- SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- * Un nouveau point de restauration a été créé
- .
- .
- (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- c:\program files (x86)\Common Files\packardbell.ico
- c:\programdata\FullRemove.exe
- c:\users\Abs\AppData\Roaming\OfferBox
- c:\users\Abs\AppData\Roaming\OfferBox\config.dat
- c:\users\Abs\AppData\Roaming\OfferBox\config.xml
- c:\users\Bilal\errorlogmi.tmp
- c:\users\fatima\AppData\Roaming\.#
- c:\users\fatima\AppData\Roaming\OfferBox
- c:\users\fatima\AppData\Roaming\OfferBox\config.dat
- c:\users\fatima\AppData\Roaming\OfferBox\config.xml
- c:\users\fatima\AppData\Roaming\OfferBox\run.log
- c:\users\fatima\AppData\Roaming\OfferBox\temp.ico
- c:\users\sam'sOnit\AppData\Roaming\OfferBox
- c:\users\sam'sOnit\AppData\Roaming\OfferBox\config.dat
- c:\users\sam'sOnit\AppData\Roaming\OfferBox\config.xml
- c:\users\sam'sOnit\AppData\Roaming\OfferBox\run.log
- c:\users\sam'sOnit\AppData\Roaming\OfferBox\temp.ico
- c:\windows\XSxS
- D:\install.exe
- .
- .
- ((((((((((((((((((((((((((((( Fichiers créés du 2012-01-04 au 2012-02-04 ))))))))))))))))))))))))))))))))))))
- .
- .
- 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\Invité\AppData\Local\temp
- 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\fatima\AppData\Local\temp
- 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\sam'sOnit\AppData\Local\temp
- 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
- 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\Abs\AppData\Local\temp
- 2012-02-04 21:58 . 2012-02-04 21:58 -------- d-----w- c:\users\salim\AppData\Local\temp
- 2012-02-03 21:58 . 2012-02-04 21:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
- 2012-02-03 21:58 . 2009-01-25 12:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
- 2012-02-03 21:58 . 2012-02-03 21:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
- 2012-02-03 21:33 . 2012-02-03 21:33 -------- d-----w- c:\program files\CCleaner
- 2012-02-02 20:42 . 2012-02-02 20:42 126976 --sha-r- c:\windows\SysWow64\expsrv3.dll
- 2012-02-02 18:05 . 2012-02-02 18:05 237 ----a-w- C:\user.js
- 2012-02-02 17:00 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B1B3A659-C842-4272-B5EE-2432BCC4FDEE}\mpengine.dll
- 2012-02-01 23:47 . 2012-02-01 23:47 116224 --s-a-w- c:\windows\SysWow64\c6to4.dll
- 2012-02-01 23:47 . 2012-02-01 23:47 0 ----a-w- c:\windows\SysWow64\winlogon.exe
- 2012-02-01 23:47 . 2012-02-01 23:47 -------- d-----w- c:\users\Bilal\AppData\Roaming\HTML Help
- 2012-02-01 22:21 . 2012-02-02 18:11 -------- d-----w- c:\program files (x86)\Acunetix
- 2012-02-01 16:45 . 2012-02-01 16:46 -------- d-----w- c:\users\Bilal\AppData\Local\ApplicationHistory
- 2012-01-28 23:11 . 2005-08-03 05:10 32512 ----a-w- c:\windows\SysWow64\drivers\npf.sys
- 2012-01-28 23:11 . 2012-01-28 23:11 -------- d-----w- c:\program files (x86)\SwitchSniffer
- 2012-01-28 23:11 . 2005-08-03 05:24 53299 ----a-w- c:\windows\SysWow64\pthreadVC.dll
- 2012-01-28 23:11 . 2005-08-03 05:08 81920 ----a-w- c:\windows\SysWow64\packet.dll
- 2012-01-28 23:11 . 2005-08-03 05:08 61440 ----a-w- c:\windows\SysWow64\WanPacket.dll
- 2012-01-28 23:11 . 2003-04-04 13:54 208896 ----a-w- c:\windows\SysWow64\wpcap.dll
- 2012-01-27 16:53 . 2012-01-27 16:56 -------- d-----w- c:\users\Bilal\AppData\Roaming\.spoutcraft
- 2012-01-24 17:21 . 2012-01-29 21:09 -------- d-----w- c:\program files (x86)\VPN4ALL
- 2012-01-24 06:04 . 2012-01-24 06:04 -------- d-----w- c:\users\Bilal\.swt
- 2012-01-24 06:04 . 2012-01-24 06:04 -------- d-----w- c:\users\Bilal\historique_ChatLand
- 2012-01-23 21:17 . 2012-01-24 20:09 -------- d-----w- c:\users\Bilal\AppData\Roaming\mIRC
- 2012-01-23 21:17 . 2012-01-23 21:17 -------- d-----w- c:\program files (x86)\mIRC
- 2012-01-23 21:17 . 2012-02-03 21:17 -------- d-----w- c:\users\Bilal\chat-land
- 2012-01-23 17:47 . 2012-01-23 17:54 -------- d-----w- c:\users\Bilal\AppData\Roaming\X-Chat 2
- 2012-01-23 17:41 . 2012-01-23 21:24 -------- d-----w- c:\users\Bilal\AppData\Roaming\.purple
- 2012-01-23 17:40 . 2012-01-23 17:40 -------- d-----w- c:\program files (x86)\Pidgin
- 2012-01-21 17:18 . 2012-01-21 17:25 -------- d-----w- c:\users\fatima\AppData\Roaming\X-Chat 2
- 2012-01-21 17:18 . 2012-01-21 17:18 -------- d-----w- c:\program files (x86)\xchat
- 2012-01-21 17:15 . 2009-07-23 16:39 -------- d-----w- c:\windows\system32\lib
- 2012-01-21 17:15 . 2009-07-23 16:39 -------- d-----w- c:\windows\system32\include
- 2012-01-21 17:15 . 2009-07-23 16:39 -------- d-----w- c:\windows\system32\bin
- 2012-01-21 12:08 . 2012-01-21 13:06 311968 ----a-w- c:\windows\system32\drivers\atksgt.sys
- 2012-01-21 12:08 . 2012-01-21 12:08 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
- 2012-01-21 11:36 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
- 2012-01-21 11:36 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
- 2012-01-21 11:36 . 2008-07-12 07:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
- 2012-01-21 11:36 . 2008-07-12 07:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
- 2012-01-21 11:36 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
- 2012-01-21 11:36 . 2008-07-12 07:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
- 2012-01-21 11:34 . 2007-10-22 02:38 77832 ----a-w- c:\windows\SysWow64\GameuxInstallHelper.dll
- 2012-01-21 11:34 . 2007-10-22 02:37 44552 ----a-w- c:\windows\SysWow64\FirewallInstallHelper.dll
- 2012-01-20 08:46 . 2012-01-20 08:46 -------- d-----w- c:\users\fatima\AppData\Local\GameSpy
- 2012-01-20 08:46 . 2012-02-04 08:34 -------- d-----w- c:\users\fatima\AppData\Local\ApplicationHistory
- 2012-01-19 20:45 . 2012-01-19 20:45 -------- d-----w- c:\program files (x86)\GameSpy
- 2012-01-19 20:44 . 2012-01-19 20:44 -------- d-----w- c:\windows\SysWow64\URTTEMP
- 2012-01-19 20:42 . 2012-01-19 20:42 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
- 2012-01-19 20:42 . 2012-01-19 20:42 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
- 2012-01-19 20:42 . 2012-01-19 20:42 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
- 2012-01-19 20:24 . 2012-01-19 20:36 -------- d-----w- c:\program files (x86)\Electronic Arts
- 2012-01-19 17:07 . 2012-01-19 17:11 -------- d-----w- c:\program files\CyberGhost VPN
- 2012-01-18 19:59 . 2012-01-18 20:00 -------- d-----w- c:\users\Bilal\AppData\Local\Downloader
- 2012-01-18 19:40 . 2012-01-18 19:40 -------- d--h--r- c:\users\Bilal\AppData\Roaming\SecuROM
- 2012-01-18 19:31 . 2012-01-18 19:31 -------- d--h--r- c:\users\fatima\AppData\Roaming\SecuROM
- 2012-01-17 19:20 . 2012-01-18 17:35 -------- d-----w- c:\program files (x86)\Rockstar Games
- 2012-01-17 15:31 . 2012-01-17 15:31 -------- d-----w- c:\users\fatima\AppData\Local\Downloader
- 2012-01-17 15:31 . 2012-01-17 15:31 -------- d-----w- c:\program files (x86)\Downloader
- 2012-01-15 21:36 . 2012-01-15 21:36 -------- d-----w- c:\users\fatima\AppData\Roaming\DivX
- 2012-01-15 21:32 . 2011-08-22 19:23 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
- 2012-01-15 21:32 . 2011-08-22 19:23 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
- 2012-01-15 21:32 . 2011-08-22 19:23 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
- 2012-01-15 21:32 . 2011-08-22 19:23 361720 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
- 2012-01-15 21:32 . 2011-08-22 19:23 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
- 2012-01-15 21:32 . 2011-07-08 00:57 566008 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
- 2012-01-15 21:32 . 2010-12-24 10:43 29288 ---ha-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
- 2012-01-12 18:06 . 2012-01-12 18:06 -------- d-----w- c:\windows\SysWow64\wbem\en-US
- 2012-01-12 18:06 . 2012-01-12 18:06 -------- d-----w- c:\windows\system32\wbem\en-US
- 2012-01-12 17:38 . 2012-01-12 17:38 -------- d-----w- c:\users\fatima\AppData\Roaming\Megamedia
- 2012-01-12 17:38 . 2012-01-12 17:38 -------- d-----w- c:\programdata\Megamedia
- 2012-01-12 17:37 . 2012-01-12 17:37 -------- d-----w- c:\users\fatima\AppData\Local\Megamedia
- 2012-01-11 19:05 . 2012-01-11 19:05 -------- d-----w- c:\programdata\boost_interprocess
- 2012-01-11 12:53 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
- 2012-01-11 12:53 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
- 2012-01-11 12:53 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
- 2012-01-11 12:53 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
- 2012-01-11 12:53 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
- 2012-01-11 12:53 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
- 2012-01-11 12:53 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
- 2012-01-11 12:53 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
- 2012-01-10 13:33 . 2012-01-10 13:33 -------- d-----w- c:\users\fatima\AppData\Local\Procaster
- 2012-01-10 13:33 . 2012-01-10 13:33 -------- d-----w- c:\users\fatima\AppData\Local\CrashRpt
- 2012-01-07 17:14 . 2012-01-07 17:14 -------- d-----w- c:\users\fatima\AppData\Roaming\Megaupload
- .
- .
- .
- (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2012-01-31 12:44 . 2010-07-13 19:19 279656 ------w- c:\windows\system32\MpSigStub.exe
- 2012-01-26 21:28 . 2010-09-04 06:57 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
- 2012-01-24 21:16 . 2010-02-23 21:54 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
- 2012-01-24 21:15 . 2010-10-08 20:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
- 2012-01-15 08:24 . 2010-02-21 22:41 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
- 2012-01-15 08:23 . 2010-02-21 22:41 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
- 2012-01-08 10:46 . 2010-02-23 21:54 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
- 2012-01-06 05:15 . 2010-07-14 17:01 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
- 2011-12-24 10:49 . 2011-12-24 10:49 0 ---ha-w- c:\users\fatima\AppData\Local\BITB98E.tmp
- 2011-12-10 14:24 . 2010-07-13 19:01 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
- 2011-12-08 13:05 . 2011-12-08 13:05 0 ---ha-w- c:\users\sam'sOnit\AppData\Local\BITA13D.tmp
- 2011-12-05 07:43 . 2011-12-05 07:43 0 ---ha-w- c:\users\sam'sOnit\AppData\Local\BIT6983.tmp
- 2011-11-24 04:52 . 2011-12-14 11:11 3145216 ----a-w- c:\windows\system32\win32k.sys
- 2011-11-22 19:54 . 2011-11-22 19:54 0 ---ha-w- c:\users\fatima\AppData\Local\BIT65B7.tmp
- 2011-11-10 04:54 . 2010-06-13 18:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
- 2011-11-08 18:48 . 2011-11-08 18:48 0 ---ha-w- c:\users\Invité\AppData\Local\BIT590B.tmp
- 2011-11-08 18:48 . 2011-11-08 18:48 0 ---ha-w- c:\users\Invité\AppData\Local\BIT590B.tmp
- 2011-11-07 17:43 . 2011-11-07 17:43 34064 ----a-w- c:\windows\SysWow64\lhacm.acm
- .
- .
- ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
- REGEDIT4
- .
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
- "{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}"= "c:\program files (x86)\Avanquest_FR\prxtbAva2.dll" [2011-05-09 176936]
- .
- [HKEY_CLASSES_ROOT\clsid\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}]
- .
- [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}]
- 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Avanquest_FR\prxtbAva2.dll
- .
- [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
- 2011-01-13 04:16 64000 ----a-w- c:\users\fatima\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
- "{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}"= "c:\program files (x86)\Avanquest_FR\prxtbAva2.dll" [2011-05-09 176936]
- .
- [HKEY_CLASSES_ROOT\clsid\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}]
- .
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "VPN4ALL"="c:\program files (x86)\VPN4ALL\VPN4ALL.exe" [2011-09-02 1784832]
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
- "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
- "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
- "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
- "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
- "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
- "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
- "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
- "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
- "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
- "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
- .
- c:\users\salim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
- IMVU.lnk - c:\users\Bilal\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]
- .
- c:\users\sam'sOnit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
- Notification de cadeaux MSN.lnk - c:\users\Bilal\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [N/A]
- .
- c:\users\Bilal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
- OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
- .
- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
- Assistant SMART WIZARD NETGEAR pour WG111v3.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2072576]
- NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2009-11-6 2072576]
- Philips Device Manager.lnk - c:\philips\SA32xx Device Manager\SA32xx_DeviceManager.exe [2010-12-27 1615216]
- Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 100352]
- .
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
- "ConsentPromptBehaviorAdmin"= 5 (0x5)
- "ConsentPromptBehaviorUser"= 3 (0x3)
- "EnableUIADesktopToggle"= 0 (0x0)
- .
- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
- BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
- .
- [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
- Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
- .
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
- @="Service"
- .
- R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
- R1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [x]
- R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
- R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
- R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
- R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
- R2 CrossLoopService;CrossLoop Service;c:\users\Bilal\AppData\Local\CrossLoop\CrossLoopService.exe [2009-12-16 86016]
- R2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
- R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 133104]
- R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-05-26 329544]
- R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
- R2 Realtek11nCU;Realtek11nCU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-04-16 36864]
- R2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Olitec\Olitec 11n USB Wireless LAN Utility\RtlService.exe [2009-12-21 40960]
- R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
- R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
- R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
- R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
- R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
- R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
- R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
- R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [x]
- R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-12-06 2430128]
- R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
- R3 dump_wmimmc;dump_wmimmc;c:\gpotato.eu\Dragonica\Release\GameGuard\dump_wmimmc.sys [x]
- R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
- R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 133104]
- R3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP 2009\HideMyIpSrv.exe [2009-11-28 2396464]
- R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
- R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
- R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
- R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
- R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
- R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
- R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
- R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
- R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
- R3 RTL8187B;Carte réseau USB 2.0 Realtek RTL8187B sans fil 802.11b/g 54 Mbits/s;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
- R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
- R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
- R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
- R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [x]
- R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
- R3 uvnc_service;uvnc_service;c:\users\Bilal\AppData\Local\CrossLoop\winvnc.exe [2009-12-06 1590216]
- R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
- R3 X6va003;X6va003;c:\users\Bilal\AppData\Local\Temp\0033F1.tmp [x]
- R3 X6va005;X6va005;c:\users\fatima\AppData\Local\Temp\005C959.tmp [x]
- R4 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;c:\program files (x86)\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe [2007-11-15 655872]
- S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
- S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
- S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
- S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
- S3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\DRIVERS\tscomm.sys [x]
- .
- .
- [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
- nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
- Akamai REG_MULTI_SZ Akamai
- .
- Contenu du dossier 'Tâches planifiées'
- .
- 2012-02-04 c:\windows\Tasks\bfjxy.job
- - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
- .
- 2012-02-04 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- - c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-02-03 14:46]
- .
- 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 20:35]
- .
- 2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 20:35]
- .
- 2012-02-03 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- - c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-02-03 14:46]
- .
- 2012-02-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- - c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2012-02-03 14:46]
- .
- .
- --------- x86-64 -----------
- .
- .
- [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77F4E711-789B-447F-9614-96759B2F83C6}]
- 2011-01-13 04:19 78336 ----a-w- c:\users\fatima\AppData\Local\Megamedia\Megakey\x64\MegaIeHelper64.dll
- .
- [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
- 2011-06-20 17:37 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
- "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
- .
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
- "LoadAppInit_DLLs"=0x1
- .
- ------- Examen supplémentaire -------
- .
- uLocal Page = c:\windows\system32\blank.htm
- uStart Page = hxxp://www.google.fr
- uDefault_Search_URL = hxxp://www.google.fr
- mStart Page = hxxp://www.google.fr
- mLocal Page = c:\windows\SysWOW64\blank.htm
- uInternet Settings,ProxyOverride = 127.0.0.1:9421
- IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
- IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
- LSP: c:\programdata\Megamedia\Megakey\msadm.dll
- LSP: c:\windows\system32\HMIPCore.dll
- FF - ProfilePath - c:\users\Bilal\AppData\Roaming\Mozilla\Firefox\Profiles\tn7fcql4.default\
- .
- - - - - ORPHELINS SUPPRIMES - - - -
- .
- URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
- URLSearchHooks-{4daac69c-cba7-45e2-9bc8-1044483d3352} - (no file)
- URLSearchHooks-{1c491116-c175-45e1-a570-6fb14fea8b7b} - (no file)
- BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
- Toolbar-Locked - (no file)
- Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
- Toolbar-10 - (no file)
- Wow6432Node-HKLM-Run-TaskTray - (no file)
- Notify-SDWinLogon - SDWinLogon.dll
- Toolbar-Locked - (no file)
- Toolbar-10 - (no file)
- WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
- WebBrowser-{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - (no file)
- WebBrowser-{6EC85FCF-87AD-41D7-AE1F-F116F8AD4848} - (no file)
- WebBrowser-{1C491116-C175-45E1-A570-6FB14FEA8B7B} - (no file)
- WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
- AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
- AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
- .
- .
- .
- [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
- "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
- .
- [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
- "ImagePath"="c:\windows\system32\GameMon.des -service"
- .
- [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
- "ImagePath"="\??\c:\users\Bilal\AppData\Local\Temp\0033F1.tmp"
- .
- [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
- "ImagePath"="\??\c:\users\fatima\AppData\Local\Temp\005C959.tmp"
- .
- --------------------- CLES DE REGISTRE BLOQUEES ---------------------
- .
- [HKEY_USERS\S-1-5-21-3809555165-3482574201-1184881471-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
- @Denied: (2) (S-1-5-21-3809555165-3482574201-1184881471-1003)
- @Denied: (2) (LocalSystem)
- "Progid"="ThunderbirdEML"
- .
- [HKEY_USERS\S-1-5-21-3809555165-3482574201-1184881471-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
- @Denied: (2) (LocalSystem)
- "Progid"="WindowsLiveMail.VCard.1"
- .
- [HKEY_USERS\S-1-5-21-3809555165-3482574201-1184881471-1003\Software\SecuROM\License information*]
- "datasecu"=hex:f0,b7,29,e1,48,bf,cd,88,ab,c9,14,33,55,e1,73,e9,80,1d,2a,01,ed,
- ad,8b,bc,2f,38,ef,04,5d,ac,8f,82,e3,ce,8b,fc,0d,ee,90,67,32,e1,9b,e2,81,9c,\
- "rkeysecu"=hex:a2,23,90,68,b6,ba,99,29,1f,b9,2d,f8,4c,a6,4b,2d
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
- @Denied: (A 2) (Everyone)
- @="FlashBroker"
- "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
- "Enabled"=dword:00000001
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
- @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
- @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
- @Denied: (A 2) (Everyone)
- @="Shockwave Flash Object"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
- @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
- "ThreadingModel"="Apartment"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
- @="0"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
- @="ShockwaveFlash.ShockwaveFlash.10"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
- @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
- @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
- @="1.0"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
- @="ShockwaveFlash.ShockwaveFlash"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
- @Denied: (A 2) (Everyone)
- @="Macromedia Flash Factory Object"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
- @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
- "ThreadingModel"="Apartment"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
- @="FlashFactory.FlashFactory.1"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
- @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
- @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
- @="1.0"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
- @="FlashFactory.FlashFactory"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
- @Denied: (A 2) (Everyone)
- @="IFlashBroker4"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
- @="{00020424-0000-0000-C000-000000000046}"
- .
- [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
- @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
- "Version"="1.0"
- .
- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
- @Denied: (Full) (Everyone)
- .
- Heure de fin: 2012-02-04 23:02:36
- ComboFix-quarantined-files.txt 2012-02-04 22:02
- .
- Avant-CF: 14 723 031 040 octets libres
- Après-CF: 20 868 169 728 octets libres
- .
- - - End Of File - - 074AF4C96064152BC5A4470995534131
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement