API tools faq
paste
Advertisement
Guest User

Bobcat combo

a guest
Aug 31st, 2012
1,175
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 40.41 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 12-08-30.04 - FLORENT1 31/08/2012 13:39:16.2.2 - x64
  2. Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.4094.2587 [GMT 2:00]
  3. Lancé depuis: c:\users\FLORENT1\Desktop\bobcat.exe
  4. Commutateurs utilisés :: c:\users\FLORENT1\Desktop\CFScript.txt
  5. FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
  6. SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
  7. SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  8. * Un antivirus résident est actif
  9. .
  10. .
  11. FILE ::
  12. "c:\windows\system32\srvany.exe"
  13. .
  14. .
  15. (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
  16. .
  17. .
  18. c:\users\FLORENT1\AppData\Roaming\Spotify
  19. c:\users\FLORENT1\AppData\Roaming\Spotify\Data\chrome.pak
  20. c:\users\FLORENT1\AppData\Roaming\Spotify\Data\gnsdk_dsp.dll
  21. c:\users\FLORENT1\AppData\Roaming\Spotify\Data\gnsdk_musicid_file.dll
  22. c:\users\FLORENT1\AppData\Roaming\Spotify\Data\gnsdk_sdkmanager.dll
  23. c:\users\FLORENT1\AppData\Roaming\Spotify\Data\icudt.dll
  24. c:\users\FLORENT1\AppData\Roaming\Spotify\Data\libcef.dll
  25. c:\users\FLORENT1\AppData\Roaming\Spotify\Data\locales\en-US.pak
  26. c:\users\FLORENT1\AppData\Roaming\Spotify\Data\resources.zip
  27. c:\users\FLORENT1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
  28. c:\users\FLORENT1\AppData\Roaming\Spotify\inst_ver.dat
  29. c:\users\FLORENT1\AppData\Roaming\Spotify\settings
  30. c:\users\FLORENT1\AppData\Roaming\Spotify\spotify.exe
  31. c:\users\FLORENT1\AppData\Roaming\Spotify\SpotifyLauncher.exe
  32. c:\users\FLORENT1\AppData\Roaming\Spotify\user-cache.bnk
  33. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\ad.bnk
  34. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\Apps\album-header\Cookies
  35. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\Apps\feed\Cookies
  36. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\Apps\home\Cookies
  37. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\Apps\notification-popup\Cookies
  38. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\Apps\search-dropdown\Cookies
  39. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\Apps\search-header\Cookies
  40. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\Apps\share\Cookies
  41. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\Cookies\Cookies
  42. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\guistate
  43. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\hulkscrobble.bnk
  44. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\local-files.bnk
  45. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\LocalStorage\Local Storage\sp_feed_0.localstorage
  46. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\LocalStorage\Local Storage\sp_home_0.localstorage
  47. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\LocalStorage\Local Storage\sp_share_0.localstorage
  48. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\playlist-0000000000000000000000000000000003.bnk
  49. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\playlist-0000000000000000000000000000000005.bnk
  50. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\playlist-000000000000000000000000000000000a.bnk
  51. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\playlist-019896132ec5fa92cfe467dcc656588202.bnk
  52. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\playlist-6aeffc45c55fed40304b77190e1d2afe02.bnk
  53. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\playlist-bcd90f5e2b5f8fbce46467a04bbc1b0302.bnk
  54. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\playlist-ca2d19c2eb2112cd79734a5667b159e002.bnk
  55. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\playlist.bnk
  56. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\purchased.bnk
  57. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\social_manager.bnk
  58. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\track-player.bnk
  59. c:\users\FLORENT1\AppData\Roaming\Spotify\Users\1140987352-user\watch-sources.bnk
  60. .
  61. Une copie infectée de c:\windows\system32\Services.exe a été trouvée et désinfectée
  62. Copie restaurée à partir de - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
  63. .
  64. .
  65. ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  66. .
  67. .
  68. -------\Service_KMService
  69. .
  70. .
  71. ((((((((((((((((((((((((((((( Fichiers créés du 2012-07-28 au 2012-08-31 ))))))))))))))))))))))))))))))))))))
  72. .
  73. .
  74. 2012-08-31 11:56 . 2012-08-31 11:56 -------- d-----w- c:\users\Game\AppData\Local\temp
  75. 2012-08-31 11:56 . 2012-08-31 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
  76. 2012-08-31 11:56 . 2012-08-31 11:56 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
  77. 2012-08-22 21:14 . 2012-08-22 21:14 -------- d-----w- c:\windows\SysWow64\Hotspot Shield
  78. 2012-08-22 20:00 . 2012-08-22 20:00 -------- d-----w- c:\program files (x86)\SProtector
  79. 2012-08-13 11:35 . 2012-08-13 11:35 5115584 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
  80. 2012-08-09 22:14 . 2002-01-05 05:48 974848 ----a-w- c:\windows\SysWow64\mfc70.dll
  81. 2012-08-09 22:14 . 2002-01-05 04:40 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
  82. 2012-08-09 22:08 . 2012-08-09 22:15 -------- d-----w- c:\program files (x86)\Game Cam
  83. 2012-08-09 22:07 . 2000-01-04 04:39 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
  84. 2012-08-09 21:48 . 2012-02-29 18:39 257784 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
  85. 2012-08-09 21:48 . 2012-02-29 18:39 175864 ---ha-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
  86. 2012-08-09 21:48 . 2012-08-09 21:48 -------- d-----w- c:\users\FLORENT1\AppData\Roaming\Apowersoft
  87. 2012-08-09 21:48 . 2012-02-29 18:39 421624 ---ha-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
  88. 2012-08-09 21:48 . 2012-02-29 18:39 362232 ----a-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
  89. 2012-08-09 21:48 . 2012-02-29 18:39 231672 ----a-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
  90. 2012-08-09 21:48 . 2012-02-29 18:39 574200 ----a-w- c:\windows\system32\BytescoutScreenCapturing.dll
  91. 2012-08-09 21:48 . 2010-12-24 09:43 29288 ----a-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
  92. 2012-08-09 21:48 . 2008-09-23 17:23 65536 ---ha-w- c:\windows\SysWow64\WebCamLib.dll
  93. 2012-08-09 21:48 . 2012-08-09 21:48 -------- d-----w- c:\program files (x86)\Apowersoft
  94. 2012-08-09 13:10 . 2012-08-09 13:11 -------- d-----w- c:\users\FLORENT1\AppData\Local\CRE
  95. 2012-08-05 17:45 . 2012-08-05 17:45 -------- d-----w- c:\users\FLORENT1\Podcasts
  96. 2012-08-05 17:39 . 2012-08-05 17:39 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
  97. 2012-08-05 17:38 . 2012-08-05 17:39 -------- d-----w- c:\programdata\Sony Corporation
  98. 2012-08-05 17:37 . 2012-08-05 17:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  99. 2012-08-05 17:37 . 2012-08-05 17:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  100. 2012-08-05 17:37 . 2012-08-05 17:37 -------- d-----w- c:\windows\system32\Macromed
  101. 2012-08-05 17:36 . 2012-08-05 17:38 -------- d-----w- c:\program files (x86)\Sony Media Go Install
  102. 2012-08-04 15:06 . 2012-08-04 15:06 -------- d-----w- c:\windows\fr
  103. 2012-08-04 14:56 . 2012-08-04 14:56 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6053a3c31cd725101\DXSETUP.exe
  104. 2012-08-04 14:56 . 2012-08-04 14:56 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6053a3c31cd725101\DSETUP.dll
  105. 2012-08-04 14:56 . 2012-08-04 14:56 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6053a3c31cd725101\dsetup32.dll
  106. 2012-08-04 01:22 . 2012-08-04 01:22 -------- d-----w- c:\users\FLORENT1\AppData\Roaming\MaskMyIP
  107. 2012-08-04 01:22 . 2012-08-04 01:22 -------- d-----w- c:\programdata\MaskMyIP
  108. 2012-08-04 01:18 . 2012-08-04 01:18 -------- d-----w- c:\program files (x86)\Ask.com
  109. 2012-08-04 01:17 . 2012-08-04 01:17 -------- d-----w- c:\users\FLORENT1\AppData\Local\APN
  110. 2012-08-04 01:17 . 2012-08-04 01:17 -------- d-----w- c:\program files (x86)\MaskMyIP
  111. 2012-08-01 18:13 . 2012-08-01 18:13 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
  112. 2012-08-01 18:13 . 2012-08-01 18:13 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
  113. .
  114. .
  115. .
  116. (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
  117. .
  118. 2012-08-31 12:03 . 2011-07-21 09:09 30528 ----a-w- c:\windows\GVTDrv64.sys
  119. 2012-08-31 12:03 . 2010-07-23 03:53 25640 ----a-w- c:\windows\gdrv.sys
  120. 2012-08-30 20:24 . 2011-07-21 09:10 25640 ----a-w- c:\windows\etdrv.sys
  121. 2012-07-13 12:08 . 2012-07-31 15:16 504136 ----a-w- c:\windows\system32\EasyRedirect64.dll
  122. 2012-07-13 12:08 . 2012-07-31 15:16 364360 ----a-w- c:\windows\SysWow64\EasyRedirect.dll
  123. 2012-06-02 22:19 . 2012-06-22 12:21 38424 ----a-w- c:\windows\system32\wups.dll
  124. 2012-06-02 22:19 . 2012-06-22 12:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
  125. 2012-06-02 22:19 . 2012-06-22 12:22 44056 ----a-w- c:\windows\system32\wups2.dll
  126. 2012-06-02 22:19 . 2012-06-22 12:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
  127. 2012-06-02 22:19 . 2012-06-22 12:21 701976 ----a-w- c:\windows\system32\wuapi.dll
  128. 2012-06-02 22:15 . 2012-06-22 12:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
  129. 2012-06-02 22:15 . 2012-06-22 12:21 99840 ----a-w- c:\windows\system32\wudriver.dll
  130. 2012-06-02 13:19 . 2012-06-22 12:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
  131. 2012-06-02 13:15 . 2012-06-22 12:20 36864 ----a-w- c:\windows\system32\wuapp.exe
  132. 2010-11-18 01:43 . 2010-11-29 17:56 765485 ----a-w- c:\program files (x86)\BOLoader.exe
  133. .
  134. .
  135. ((((((((((((((((((((((((((((( SnapShot@2012-08-30_20.08.40 )))))))))))))))))))))))))))))))))))))))))
  136. .
  137. - 2009-07-14 05:10 . 2012-08-30 20:08 50630 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
  138. + 2009-07-14 05:10 . 2012-08-31 12:04 50630 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
  139. + 2010-07-23 03:51 . 2012-08-31 12:04 19966 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4042182855-3482161552-1276249374-1000_UserData.bin
  140. - 2009-07-14 05:30 . 2012-08-30 20:04 86016 c:\windows\system32\DriverStore\infpub.dat
  141. + 2009-07-14 05:30 . 2012-08-31 11:15 86016 c:\windows\system32\DriverStore\infpub.dat
  142. - 2010-07-23 03:21 . 2012-08-22 21:15 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  143. + 2010-07-23 03:21 . 2012-08-31 11:59 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  144. - 2010-07-23 03:21 . 2012-08-22 21:15 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  145. + 2010-07-23 03:21 . 2012-08-31 11:59 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  146. - 2009-07-14 04:54 . 2012-08-22 21:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  147. + 2009-07-14 04:54 . 2012-08-31 11:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  148. - 2012-08-30 20:00 . 2012-08-30 20:00 1606 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
  149. + 2012-08-31 11:57 . 2012-08-31 11:57 1606 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
  150. - 2012-08-30 20:02 . 2012-08-30 20:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  151. + 2012-08-31 11:59 . 2012-08-31 11:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  152. - 2012-08-30 20:02 . 2012-08-30 20:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  153. + 2012-08-31 11:59 . 2012-08-31 11:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  154. + 2010-08-14 11:32 . 2012-08-31 11:13 437922 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
  155. + 2009-07-14 05:30 . 2012-08-31 11:15 239616 c:\windows\system32\DriverStore\infstrng.dat
  156. - 2009-07-14 05:30 . 2012-08-30 20:04 239616 c:\windows\system32\DriverStore\infstrng.dat
  157. + 2009-07-14 05:30 . 2012-08-31 11:15 143360 c:\windows\system32\DriverStore\infstor.dat
  158. - 2009-07-14 05:30 . 2012-08-30 20:04 143360 c:\windows\system32\DriverStore\infstor.dat
  159. + 2009-07-14 05:12 . 2012-08-31 11:59 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
  160. - 2009-07-14 05:12 . 2012-08-22 21:15 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
  161. - 2009-07-14 05:01 . 2012-08-30 20:00 477608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
  162. + 2009-07-14 05:01 . 2012-08-31 11:57 477608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
  163. + 2009-07-14 02:34 . 2012-08-30 20:18 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
  164. - 2009-07-14 02:34 . 2012-08-30 16:21 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
  165. - 2010-07-29 19:34 . 2012-08-30 20:00 19463256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4042182855-3482161552-1276249374-1000-12288.dat
  166. + 2010-07-29 19:34 . 2012-08-31 11:20 19463256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4042182855-3482161552-1276249374-1000-12288.dat
  167. .
  168. ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
  169. .
  170. .
  171. *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
  172. REGEDIT4
  173. .
  174. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  175. "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
  176. "{84FF7BD6-B47F-46F8-9130-01B2696B36CB}"= "c:\program files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll" [2010-07-09 111608]
  177. "{d0b1518e-3e45-4d16-a23b-4d90ef938e44}"= "c:\program files (x86)\Audacity-tools\tbAuda.dll" [2010-05-20 2675296]
  178. .
  179. [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
  180. .
  181. [HKEY_CLASSES_ROOT\clsid\{84ff7bd6-b47f-46f8-9130-01b2696b36cb}]
  182. [HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO.1]
  183. [HKEY_CLASSES_ROOT\TypeLib\{59E6E159-57CC-4DA5-8700-2AD17DC31DD1}]
  184. [HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO]
  185. .
  186. [HKEY_CLASSES_ROOT\clsid\{d0b1518e-3e45-4d16-a23b-4d90ef938e44}]
  187. .
  188. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3E1CE522-F41D-97B3-EF01-61B8051DEC6A}]
  189. c:\programdata\Bcool\bhoclass.dll [BU]
  190. .
  191. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
  192. 2010-07-09 14:21 111608 ----a-w- c:\program files (x86)\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
  193. .
  194. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B2A44031-7EAD-434C-AC9E-7F1DA176BA8C}]
  195. c:\program files (x86)\Facecons\facecons.dll [BU]
  196. .
  197. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d0b1518e-3e45-4d16-a23b-4d90ef938e44}]
  198. 2010-05-20 13:35 2675296 ----a-w- c:\program files (x86)\Audacity-tools\tbAuda.dll
  199. .
  200. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  201. 2012-06-06 19:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
  202. .
  203. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
  204. "{d0b1518e-3e45-4d16-a23b-4d90ef938e44}"= "c:\program files (x86)\Audacity-tools\tbAuda.dll" [2010-05-20 2675296]
  205. "{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\program files (x86)\iSquint 1.5.2\mybarnsrCD7F.tmp\tbcore3.dll" [2011-09-20 2662216]
  206. "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
  207. .
  208. [HKEY_CLASSES_ROOT\clsid\{d0b1518e-3e45-4d16-a23b-4d90ef938e44}]
  209. .
  210. [HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
  211. [HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
  212. [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
  213. [HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
  214. .
  215. [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  216. [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  217. [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  218. [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  219. .
  220. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  221. "OrangePlayer"="c:\program files (x86)\Orange\Media Player\Media Player.exe" [2009-02-16 319488]
  222. "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-05 39408]
  223. .
  224. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
  225. "EasyTuneVI"="c:\program files (x86)\Gigabyte\ET6\ETCall.exe" [2007-07-26 20480]
  226. .
  227. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  228. "OrangePlayer"="c:\program files (x86)\Orange\Media Player\Media Player.exe" [2009-02-16 319488]
  229. .
  230. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  231. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  232. "ConsentPromptBehaviorUser"= 3 (0x3)
  233. "EnableLUA"= 0 (0x0)
  234. "EnableUIADesktopToggle"= 0 (0x0)
  235. "PromptOnSecureDesktop"= 0 (0x0)
  236. .
  237. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
  238. SDWinLogon.dll [BU]
  239. .
  240. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
  241. "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
  242. .
  243. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
  244. BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0lsdelete
  245. .
  246. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  247. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  248. .
  249. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
  250. @="Service"
  251. .
  252. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
  253. @="Service"
  254. .
  255. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
  256. @="Service"
  257. .
  258. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  259. R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
  260. R2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL -D C:/METASP~1/POSTGR~1/data [x]
  261. R2 metasploitProSvc;Metasploit Pro Service;c:\metasp~1\ruby\bin\rubyw.exe [x]
  262. R2 metasploitThin;Metasploit Thin Service;c:\metasp~1\ruby\bin\rubyw.exe [x]
  263. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
  264. R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 257224]
  265. R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
  266. R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files (x86)\Astrill\ASOvpnSvc.exe [2011-11-13 434928]
  267. R3 ASProxy;ASProxy;c:\program files (x86)\Astrill\ASProxy.exe [2011-11-11 1928616]
  268. R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
  269. R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
  270. R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
  271. R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2010-04-01 21608]
  272. R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-02 16640]
  273. R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-08-30 25640]
  274. R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
  275. R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
  276. R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-08-31 30528]
  277. R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-04-29 76696]
  278. R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
  279. R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
  280. R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]
  281. R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
  282. R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]
  283. R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
  284. R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-18 113120]
  285. R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
  286. R3 netr7364;Pilote de carte LAN sans fil USB RT73 pour Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
  287. R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
  288. R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
  289. R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
  290. R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-28 41280]
  291. R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-07-14 19952]
  292. R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 450048]
  293. R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
  294. R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
  295. R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
  296. R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
  297. R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
  298. R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
  299. R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-03-23 30720]
  300. R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-01-12 35112]
  301. R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 22120]
  302. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
  303. R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
  304. R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1255736]
  305. R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
  306. R4 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2011-07-05 2428968]
  307. R4 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
  308. R4 Dyn Updater;Dyn Updater;c:\program files (x86)\Dyn Updater\DynUpSvc.exe [2011-09-06 95608]
  309. R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]
  310. R4 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe [2010-07-06 3039536]
  311. R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-26 2152720]
  312. R4 maconfservice;Ma-Config Service;c:\program files (x86)\ma-config.com\maconfservice.exe [2011-07-03 311416]
  313. R4 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-29 19720]
  314. R4 MSR Service;Virtual Disk Service Manager;c:\program files (x86)\Clarus\Samsung SecretZone\MSSvc.exe [2009-05-12 102400]
  315. R4 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-03-23 24064]
  316. R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
  317. R4 S3D Service (Win32);S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2010-03-18 360960]
  318. R4 S3D Service (Win64);S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2010-03-18 614400]
  319. R4 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
  320. R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
  321. R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
  322. R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
  323. R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
  324. R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
  325. R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2010-09-14 716024]
  326. R4 VhdAttach;VHD Attach;c:\program files\Josip Medved\VHD Attach\VhdAttachService.exe [2010-11-08 152064]
  327. R4 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
  328. S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
  329. S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
  330. S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 574216]
  331. S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 43248]
  332. S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-08-01 41704]
  333. S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
  334. S1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\DRIVERS\TsLwWfF.sys [2011-01-26 26728]
  335. S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2010-06-15 32872]
  336. S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
  337. S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
  338. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-19 202752]
  339. S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
  340. S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
  341. S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-12-23 3304768]
  342. S2 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
  343. S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-04-29 78992]
  344. S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
  345. S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048]
  346. S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
  347. S2 SensticPocketService;Senstic Pocket Service;c:\program files (x86)\Senstic\PocketControl\\SensticPocketServiceWin.exe [2012-02-19 141680]
  348. S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
  349. S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
  350. S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
  351. S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
  352. S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
  353. S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
  354. S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
  355. S3 avshws;Senstic PocketCam;c:\windows\system32\DRIVERS\camsource64.sys [2012-02-19 31560]
  356. S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
  357. S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-08-14 82816]
  358. S3 PocketAudio;Senstic PocketAudio (WDM);c:\windows\system32\drivers\senaudio64.sys [2012-02-19 37192]
  359. S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-04-06 27160]
  360. S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 760168]
  361. S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 268648]
  362. S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 25960]
  363. S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 22376]
  364. S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
  365. .
  366. .
  367. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
  368. hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
  369. Akamai REG_MULTI_SZ Akamai
  370. .
  371. Contenu du dossier 'Tâches planifiées'
  372. .
  373. 2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
  374. - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 17:37]
  375. .
  376. 2012-08-31 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
  377. - c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-02-04 14:46]
  378. .
  379. 2012-08-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4042182855-3482161552-1276249374-1000Core.job
  380. - c:\users\FLORENT1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-21 20:49]
  381. .
  382. 2012-08-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4042182855-3482161552-1276249374-1000UA.job
  383. - c:\users\FLORENT1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-21 20:49]
  384. .
  385. 2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  386. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 15:17]
  387. .
  388. 2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  389. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 15:17]
  390. .
  391. 2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4042182855-3482161552-1276249374-1000Core.job
  392. - c:\users\FLORENT1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 18:41]
  393. .
  394. 2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4042182855-3482161552-1276249374-1000UA.job
  395. - c:\users\FLORENT1\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 18:41]
  396. .
  397. 2012-08-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
  398. - c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-02-04 14:46]
  399. .
  400. 2012-08-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
  401. - c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2012-02-04 14:46]
  402. .
  403. .
  404. --------- X64 Entries -----------
  405. .
  406. .
  407. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
  408. c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
  409. .
  410. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  411. "combofix"="c:\bobcat\CF7954.3XE" [2009-07-14 344576]
  412. .
  413. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  414. "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
  415. .
  416. ------- Examen supplémentaire -------
  417. .
  418. uLocal Page = c:\windows\system32\blank.htm
  419. uStart Page = hxxp://fr.ask.com/?l=dis&o=102875&gct=hp
  420. mLocal Page = c:\windows\system32\blank.htm
  421. IE: &Envoyer à OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
  422. IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
  423. IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
  424. IE: Liens de téléchargement avec Mega Manager... - c:\program files (x86)\Megaupload\Mega Manager\mm_file.htm
  425. IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
  426. IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files (x86)\iSquint 1.5.2\mybarnsrCD7F.tmp\tbcore3.dll
  427. LSP: %SystemRoot%\system32\vsocklib.dll
  428. Trusted Zone: orange.fr\logicielsgratuits
  429. TCP: Interfaces\{01D3EE9B-D806-45E0-9378-662EC57AB475}: NameServer = 192.168.1.23,192.168.1.1
  430. TCP: Interfaces\{5F480A59-F683-436C-AFBF-68AA4E5CEF93}: DhcpNameServer = 192.168.237.1
  431. Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
  432. DPF: {4A026B12-94F3-4D2F-A468-96AA55DE20A5} - hxxp://emagic2.homelinux.com:8090/img/NetCamPlayerWeb11g.ocx
  433. DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_9418.cab
  434. DPF: {E1B26101-23FB-4855-9171-F79F29CC7728} - hxxp://192.168.1.27:8090/UltraCamX.cab
  435. DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.opticiens-atol.com/pages/collections/adriana/total-immersion/plugin/DFusionHomeWebPlugIn.InstallerFull.exe
  436. FF - ProfilePath - c:\users\FLORENT1\AppData\Roaming\Mozilla\Firefox\Profiles\ts4bl84k.default\
  437. FF - prefs.js: browser.search.defaulturl - hxxp://search.gboxapp.com/?q=
  438. FF - prefs.js: browser.search.selectedEngine - GadgetBox
  439. FF - prefs.js: browser.startup.homepage - hxxp://fr.ask.com/?l=dis&o=102875&gct=hp
  440. FF - user.js: keyword.URL - hxxp://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
  441. .
  442. - - - - ORPHELINS SUPPRIMES - - - -
  443. .
  444. Toolbar-Locked - (no file)
  445. Toolbar-10 - (no file)
  446. WebBrowser-{D0B1518E-3E45-4D16-A23B-4D90EF938E44} - (no file)
  447. AddRemove-Spotify - c:\users\FLORENT1\AppData\Roaming\Spotify\Spotify.exe
  448. .
  449. .
  450. .
  451. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\metasploitPostgreSQL]
  452. "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""
  453. .
  454. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
  455. "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
  456. .
  457. [HKEY_LOCAL_MACHINE\system\ControlSet001\services\metasploitPostgreSQL]
  458. "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""
  459. .
  460. --------------------- CLES DE REGISTRE BLOQUEES ---------------------
  461. .
  462. [HKEY_USERS\S-1-5-21-4042182855-3482161552-1276249374-1000\Software\SecuROM\License information*]
  463. "datasecu"=hex:99,fe,0a,2d,1b,10,23,60,cf,d9,97,ab,a6,7a,b6,12,0d,39,ea,3e,70,
  464. c7,26,d8,a2,62,f1,6a,50,4a,55,c0,f2,c0,61,95,f2,8f,0e,11,b1,6b,3f,01,76,3e,\
  465. "rkeysecu"=hex:d0,04,7d,84,0c,cf,e4,38,71,59,57,ef,5e,99,be,7d
  466. .
  467. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  468. @Denied: (A 2) (Everyone)
  469. @="FlashBroker"
  470. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
  471. .
  472. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  473. "Enabled"=dword:00000001
  474. .
  475. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  476. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
  477. .
  478. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  479. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  480. .
  481. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  482. @Denied: (A 2) (Everyone)
  483. @="Macromedia Flash Factory Object"
  484. .
  485. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  486. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
  487. "ThreadingModel"="Apartment"
  488. .
  489. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  490. @="FlashFactory.FlashFactory.1"
  491. .
  492. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  493. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
  494. .
  495. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  496. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  497. .
  498. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  499. @="1.0"
  500. .
  501. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  502. @="FlashFactory.FlashFactory"
  503. .
  504. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  505. @Denied: (A 2) (Everyone)
  506. @="IFlashBroker4"
  507. .
  508. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  509. @="{00020424-0000-0000-C000-000000000046}"
  510. .
  511. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  512. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  513. "Version"="1.0"
  514. .
  515. [HKEY_LOCAL_MACHINE\software\McAfee]
  516. "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  517. 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
  518. .
  519. [HKEY_LOCAL_MACHINE\software\Network Associates]
  520. "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  521. 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
  522. .
  523. [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  524. @Denied: (A) (Everyone)
  525. "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
  526. .
  527. [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  528. @Denied: (A) (Everyone)
  529. .
  530. [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  531. "Key"="ActionsPane3"
  532. "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
  533. .
  534. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  535. @Denied: (A) (Users)
  536. @Denied: (A) (Everyone)
  537. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  538. "BlindDial"=dword:00000000
  539. .
  540. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  541. @Denied: (A) (Users)
  542. @Denied: (A) (Everyone)
  543. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  544. "BlindDial"=dword:00000000
  545. .
  546. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  547. @Denied: (Full) (Everyone)
  548. .
  549. ------------------------ Autres processus actifs ------------------------
  550. .
  551. c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
  552. c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
  553. c:\windows\SysWOW64\PnkBstrA.exe
  554. c:\program files (x86)\Senstic\PocketControl\SensticPocketServiceWin.exe
  555. c:\windows\SysWOW64\vmnat.exe
  556. c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
  557. c:\windows\SysWOW64\vmnetdhcp.exe
  558. c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
  559. c:\windows\SysWOW64\DllHost.exe
  560. .
  561. **************************************************************************
  562. .
  563. Heure de fin: 2012-08-31 14:18:12 - La machine a redémarré
  564. ComboFix-quarantined-files.txt 2012-08-31 12:18
  565. ComboFix2.txt 2012-08-30 20:17
  566. .
  567. Avant-CF: 100 303 237 120 octets libres
  568. Après-CF: 99 342 098 432 octets libres
  569. .
  570. - - End Of File - - 972F2E0386C4DC93C4B9A7023CDB038F
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!