Format du document : text/plain
Prévisualisation
ComboFix 15-07-08.01 - moi 12/07/2015 13:57:42.5.2 - x86
Running from: c:\documents and settings\moi\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\USBSecurity\svighost.dll
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\moi\Application Data\3gp-video-converter-21713.exe
c:\documents and settings\moi\Error.log
c:\documents and settings\moi\Recent\Thumbs.db
C:\f_system!@#_$+__________________
C:\f_system!@#_$+__________________
c:\program files\Skype\Phone\Skype.exe
c:\windows\EventSystem.log
c:\windows\iun6002.exe
c:\windows\Microsoft Help\_desktop.ini
c:\windows\system\MSBIND.DLL
c:\windows\system\MSDBRPTR.DLL
c:\windows\system\MSSTDFMT.DLL
c:\windows\system\msvbvm60.dll
c:\windows\system\olepro32.dll
c:\windows\system\Stdole2.tlb
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\CoolXPProgress.ocx
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\msnphoto.scr
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICROSOFT_HELP_CENTER
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2015-06-12 to 2015-07-12 )))))))))))))))))))))))))))))))
.
.
2045-01-24 00:52 . 2014-07-09 22:05 -------- d-----w- c:\documents and settings\moi\Application Data\Software Informer
2045-01-24 00:52 . 2011-10-04 15:07 -------- d-----w- c:\documents and settings\moi\Application Data\Free Download Manager
2015-07-12 01:44 . 2015-07-12 01:44 -------- d-----w- c:\program files\MSXML 4.0
2015-07-12 01:37 . 2003-04-11 13:45 348160 ----a-w- c:\program files\xerox\Services\_common\PortraitLoader.dll
2015-07-12 01:37 . 2003-07-30 15:55 344064 ----a-w- c:\program files\xerox\ArcRes.dll
2015-07-12 01:37 . 2003-07-30 15:22 106496 ----a-w- c:\program files\xerox\gsws.dll
2015-07-12 01:37 . 2003-07-30 15:22 81920 ----a-w- c:\program files\xerox\gslan.dll
2015-07-12 01:37 . 2003-07-30 14:34 77824 ----a-w- c:\program files\xerox\GSAPak.exe
2015-07-12 01:37 . 2003-05-06 11:45 304640 ----a-w- c:\program files\xerox\Services\_common\RWVoice.exe
2015-07-12 01:37 . 2003-04-03 17:09 134144 ----a-w- c:\program files\xerox\RptCrash.exe
2015-07-12 01:37 . 2001-12-20 09:46 224768 ----a-w- c:\program files\xerox\fpupdate.exe
2015-07-12 01:37 . 2001-12-20 09:46 118784 ----a-w- c:\program files\xerox\pw32.dll
2015-07-12 01:37 . 2003-07-30 15:55 3518519 ----a-w- c:\program files\xerox\Aphex.exe
2015-07-12 01:37 . 1999-06-25 09:55 149504 ----a-w- c:\program files\xerox\UNWISE.EXE
2015-07-11 01:38 . 2014-02-26 23:28 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2015-07-11 01:38 . 2014-02-26 23:28 13312 ------w- c:\windows\system32\xp_eos.exe
2015-07-07 15:15 . 2015-07-07 15:16 368749 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TPWinPrn.dll
2015-07-07 14:09 . 2015-07-07 14:10 51200 -c--a-w- c:\windows\system32\dllcache\wmerrenu.dll
2015-07-07 14:09 . 2015-07-07 14:09 155648 -c--a-w- c:\windows\system32\dllcache\sysmod_a.dll
2015-07-07 14:09 . 2015-07-07 14:09 188416 -c--a-w- c:\windows\system32\dllcache\script_a.dll
2015-07-07 14:08 . 2015-07-07 14:09 655360 -c--a-w- c:\windows\system32\dllcache\mstscax.dll
2015-07-07 14:08 . 2015-07-07 14:08 192512 -c--a-w- c:\windows\system32\dllcache\migism_a.dll
2015-07-07 14:08 . 2015-07-07 14:08 108544 -c--a-w- c:\windows\system32\dllcache\guitrn_a.dll
2015-07-07 14:08 . 2015-07-07 14:08 -------- d-----w- c:\windows\system32\bits
2015-07-07 14:07 . 2015-07-07 14:08 51200 ----a-w- c:\windows\system32\wmerrenu.dll
2015-07-07 14:07 . 2015-07-07 14:07 16432 ----a-w- c:\windows\system32\vmx_mode.dll
2015-07-07 14:07 . 2015-07-07 14:07 173232 ----a-w- c:\windows\system32\vmx_fb.dll
2015-07-07 14:07 . 2015-07-07 14:07 35888 ----a-w- c:\windows\system32\vmhgfs.dll
2015-07-07 14:07 . 2015-07-07 14:07 111856 ----a-w- c:\windows\system32\TPVMW32.dll
2015-07-07 14:07 . 2015-07-07 14:07 9104 ----a-w- c:\windows\system32\TPVMMonUIjpn.dll
2015-07-07 14:07 . 2015-07-07 14:07 9104 ----a-w- c:\windows\system32\TPVMMonUIdeu.dll
2015-07-07 14:07 . 2015-07-07 14:07 79208 ----a-w- c:\windows\system32\TPVMMonUI.dll
2015-07-07 14:07 . 2015-07-07 14:07 9632 ----a-w- c:\windows\system32\TPVMMonjpn.dll
2015-07-07 14:07 . 2015-07-07 14:07 23960 ----a-w- c:\windows\system32\TPVMMondeu.dll
2015-07-07 14:07 . 2015-07-07 14:07 284016 ----a-w- c:\windows\system32\TPVMMon.dll
2015-07-07 14:07 . 2015-07-07 14:07 423208 ----a-w- c:\windows\system32\TPSvc.dll
2015-07-07 14:03 . 2015-07-07 14:03 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2015-07-06 18:22 . 2015-07-09 01:41 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-06 18:22 . 2015-06-18 07:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-06 18:22 . 2015-06-18 07:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-06 18:22 . 2015-07-06 18:22 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-07-06 17:39 . 2015-07-08 13:33 -------- d-----w- C:\AdwCleaner
2015-07-06 17:37 . 2015-07-06 17:38 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2015-07-06 17:37 . 2015-07-06 17:38 1041536 ----a-w- c:\windows\system32\drivers\hsfdpsp2.sys
2015-07-06 17:37 . 2015-07-06 17:37 220032 -c--a-w- c:\windows\system32\dllcache\hsfbs2s2.sys
2015-07-06 17:37 . 2015-07-06 17:37 220032 ----a-w- c:\windows\system32\drivers\hsfbs2s2.sys
2015-07-06 17:36 . 2015-07-06 17:37 19200 -c--a-w- c:\windows\system32\dllcache\hidir.sys
2015-07-06 17:36 . 2015-07-06 17:37 19200 ----a-w- c:\windows\system32\drivers\hidir.sys
2015-07-06 17:36 . 2015-07-06 17:36 14336 -c--a-w- c:\windows\system32\dllcache\atinpdxx.sys
2015-07-06 17:36 . 2015-07-06 17:36 14336 ----a-w- c:\windows\system32\drivers\atinpdxx.sys
2015-07-06 17:36 . 2015-07-06 17:36 29455 -c--a-w- c:\windows\system32\dllcache\ati1xbxx.sys
2015-07-06 17:36 . 2015-07-06 17:36 29455 ----a-w- c:\windows\system32\drivers\ati1xbxx.sys
2015-07-06 17:36 . 2015-07-06 17:36 36463 -c--a-w- c:\windows\system32\dllcache\ati1tuxx.sys
2015-07-06 17:36 . 2015-07-06 17:36 36463 ----a-w- c:\windows\system32\drivers\ati1tuxx.sys
2015-07-06 17:36 . 2015-07-06 17:36 26367 -c--a-w- c:\windows\system32\dllcache\ati1snxx.sys
2015-07-06 17:36 . 2015-07-06 17:36 26367 ----a-w- c:\windows\system32\drivers\ati1snxx.sys
2015-07-06 14:13 . 2015-07-06 14:14 -------- d-----w- c:\program files\ZHPFix
2015-07-06 12:41 . 2015-07-08 02:14 -------- d-----w- c:\documents and settings\moi\Application Data\ZHP
2015-07-06 12:23 . 2013-07-17 00:58 123008 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2015-07-06 12:22 . 2015-07-06 12:22 129535 -c--a-w- c:\windows\system32\dllcache\slnt7554.sys
2015-07-06 12:20 . 2015-07-06 12:20 180360 -c--a-w- c:\windows\system32\dllcache\ntmtlfax.sys
2015-07-06 12:20 . 2015-07-06 12:20 180360 ----a-w- c:\windows\system32\drivers\ntmtlfax.sys
2015-07-06 12:20 . 2015-07-06 12:20 12672 -c--a-w- c:\windows\system32\dllcache\mutohpen.sys
2015-07-06 12:20 . 2015-07-06 12:20 12672 ----a-w- c:\windows\system32\drivers\mutohpen.sys
2015-07-06 12:19 . 2015-07-06 12:20 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
2015-07-06 12:19 . 2015-07-06 12:20 452736 ----a-w- c:\windows\system32\drivers\mtxparhm.sys
2015-07-06 12:09 . 2015-07-06 12:09 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2015-07-06 12:09 . 2015-07-06 12:09 126686 ----a-w- c:\windows\system32\drivers\mtlmnt5.sys
2015-07-06 12:09 . 2015-07-06 12:09 11868 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2015-07-06 12:09 . 2013-07-17 00:58 46848 -c--a-w- c:\windows\system32\dllcache\irbus.sys
2015-07-06 12:09 . 2013-07-17 00:58 46848 ----a-w- c:\windows\system32\drivers\irbus.sys
2015-07-06 12:08 . 2015-07-06 12:08 685056 -c--a-w- c:\windows\system32\dllcache\hsfcxts2.sys
2015-07-06 12:08 . 2015-07-06 12:08 685056 ----a-w- c:\windows\system32\drivers\hsfcxts2.sys
2015-07-06 12:06 . 2015-07-06 12:06 28672 -c--a-w- c:\windows\system32\dllcache\atinsnxx.sys
2015-07-06 12:06 . 2015-07-06 12:06 28672 ----a-w- c:\windows\system32\drivers\atinsnxx.sys
2015-07-06 12:06 . 2015-07-06 12:06 104960 -c--a-w- c:\windows\system32\dllcache\atinrvxx.sys
2015-07-06 12:06 . 2015-07-06 12:06 104960 ----a-w- c:\windows\system32\drivers\atinrvxx.sys
2015-07-06 12:06 . 2015-07-06 12:06 52224 -c--a-w- c:\windows\system32\dllcache\atinraxx.sys
2015-07-06 12:06 . 2015-07-06 12:06 52224 ----a-w- c:\windows\system32\drivers\atinraxx.sys
2015-07-06 12:06 . 2015-07-06 12:06 13824 -c--a-w- c:\windows\system32\dllcache\atinmdxx.sys
2015-07-06 12:06 . 2015-07-06 12:06 13824 ----a-w- c:\windows\system32\drivers\atinmdxx.sys
2015-07-06 12:05 . 2015-07-06 12:06 57856 -c--a-w- c:\windows\system32\dllcache\atinbtxx.sys
2015-07-06 12:05 . 2015-07-06 12:06 57856 ----a-w- c:\windows\system32\drivers\atinbtxx.sys
2015-07-06 12:03 . 2015-07-06 12:03 42752 -c--a-w- c:\windows\system32\dllcache\alim1541.sys
2015-07-06 12:03 . 2015-07-06 12:03 42752 ----a-w- c:\windows\system32\drivers\alim1541.sys
2015-07-06 12:03 . 2015-07-06 12:03 44928 -c--a-w- c:\windows\system32\dllcache\agpcpq.sys
2015-07-06 12:03 . 2015-07-06 12:03 44928 ----a-w- c:\windows\system32\drivers\agpcpq.sys
2015-07-06 12:03 . 2015-07-06 12:03 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2015-07-06 12:03 . 2015-07-06 12:03 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2015-07-06 11:33 . 2015-07-06 11:33 -------- d-----w- c:\windows\OemDir
2015-07-05 23:12 . 2015-07-05 23:12 44544 -c--a-w- c:\windows\system32\dllcache\tscupgrd.exe
2015-07-05 23:12 . 2015-07-05 23:12 407552 -c--a-w- c:\windows\system32\dllcache\mstsc.exe
2015-07-05 23:12 . 2015-07-05 23:12 236032 -c--a-w- c:\windows\system32\dllcache\migwiz_a.exe
2015-07-05 23:11 . 2015-07-05 23:12 294912 -c--a-w- c:\windows\system32\dllcache\dlimport.exe
2015-07-05 23:11 . 2015-07-05 23:11 28672 ----a-w- c:\windows\system32\verclsid.exe
2015-07-05 23:11 . 2015-07-05 23:11 44544 ----a-w- c:\windows\system32\tscupgrd.exe
2015-07-05 23:11 . 2015-07-05 23:11 20992 ----a-w- c:\windows\system32\spupdwxp.exe
2015-07-05 23:11 . 2015-07-05 23:11 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2015-07-05 23:11 . 2015-07-05 23:11 32866 ----a-w- c:\windows\system32\slrundll.exe
2015-07-05 23:11 . 2015-07-05 23:11 20992 ----a-w- c:\windows\system32\faxpatch.exe
2015-07-05 23:11 . 2015-07-05 23:11 9728 ----a-w- c:\windows\system32\comsdupd.exe
2015-07-05 19:05 . 2001-08-23 16:21 161664 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2015-07-05 18:59 . 2015-07-05 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Weskysoft
2015-07-05 18:55 . 2015-07-05 23:10 -------- d-----w- c:\windows\ServicePackFiles
2015-07-05 18:55 . 2015-07-05 18:55 -------- d-----w- c:\windows\mui
2015-07-05 18:54 . 2015-07-05 18:54 -------- d-----w- c:\program files\DLLSuite
2015-07-05 18:54 . 2004-08-04 02:31 340023 -c----w- c:\windows\system32\dllcache\SET9CF.tmp
2015-07-05 18:44 . 2001-08-23 16:46 91264 -c--a-w- c:\windows\system32\dllcache\SET55D.tmp
2015-07-04 00:57 . 2015-07-04 00:57 -------- d-----w- c:\documents and settings\moi\Application Data\PowerISO
2015-07-04 00:44 . 2015-07-08 02:00 -------- d-----w- c:\program files\PowerISO
2015-07-03 21:13 . 2015-07-03 21:13 0 ---ha-w- c:\documents and settings\moi\Local Settings\Application Data\BIT4.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-06 17:39 . 2014-11-16 15:22 1309184 ----a-w- c:\windows\system32\drivers\mtlstrm.sys
2015-05-25 11:40 . 2014-06-17 05:11 0 -c--a-w- c:\documents and settings\moi\TempWmicBatchFile.bat
2015-05-04 16:53 . 2015-05-04 16:53 0 -c-ha-w- c:\documents and settings\moi\Local Settings\Application Data\BITA.tmp
2015-04-29 21:30 . 2015-04-29 21:30 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-04-29 21:30 . 2015-04-29 21:30 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-29 21:30 . 2015-04-29 21:30 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-29 21:30 . 2015-04-29 21:30 427992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-29 21:30 . 2015-04-29 21:30 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-29 21:30 . 2015-04-29 21:30 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-04-29 21:30 . 2015-04-29 21:30 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-29 21:30 . 2015-04-29 21:30 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-29 21:30 . 2015-04-29 21:30 43112 ----a-w- c:\windows\avastSS.scr
2015-04-29 21:30 . 2015-04-29 21:30 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-14 11:49 . 2012-08-14 11:49 218 -c--a-w- c:\program files\out.reg
2012-06-06 04:06 . 2012-06-06 04:06 2174976 -c--a-w- c:\program files\Fichiers communs\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\documents and settings\moi\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\documents and settings\moi\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\documents and settings\moi\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\documents and settings\moi\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\documents and settings\moi\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\documents and settings\moi\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\documents and settings\moi\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-14 01:42 151576 ----a-w- c:\documents and settings\moi\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-29 21:30 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-09-12 3878480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-cleaner"="c:\windows\system32\wscript.exe" [2008-05-08 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Reboot.exe]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Reboot.exe
backup=c:\windows\pss\Reboot.exeCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^moi^Start Menu^Programs^Startup^Chat-Land messenger.lnk]
backup=c:\windows\pss\Chat-Land messenger.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^moi^Start Menu^Programs^Startup^MultiSkypeLauncher.lnk]
backup=c:\windows\pss\MultiSkypeLauncher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^moi^Start Menu^Programs^Startup^MustaphaCDRom.exe.lnk]
backup=c:\windows\pss\MustaphaCDRom.exe.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^moi^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]
backup=c:\windows\pss\Notification de cadeaux MSN.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^moi^Start Menu^Programs^Startup^x11.exe]
path=c:\documents and settings\moi\Start Menu\Programs\Startup\x11.exe
.
[HKLM\~\startupfolder\^3de9e00614a430f1cda.details]
path=\3de9e00614a430f1cda.details
backup=c:\windows\pss\3de9e00614a430f1cda.detailsCommon Startup
.
[HKLM\~\startupfolder\^3de9e00614a430f1cda.notes]
path=\3de9e00614a430f1cda.notes
backup=c:\windows\pss\3de9e00614a430f1cda.notesCommon Startup
.
[HKLM\~\startupfolder\^attrib]
path=\attrib
backup=c:\windows\pss\attribCommon Startup
.
[HKLM\~\startupfolder\^CustomChat.dat]
path=\CustomChat.dat
backup=c:\windows\pss\CustomChat.datCommon Startup
.
[HKLM\~\startupfolder\^daemonprocess.txt]
path=\daemonprocess.txt
backup=c:\windows\pss\daemonprocess.txtCommon Startup
.
[HKLM\~\startupfolder\^default.pls]
path=\default.pls
backup=c:\windows\pss\default.plsCommon Startup
.
[HKLM\~\startupfolder\^del]
path=\del
backup=c:\windows\pss\delCommon Startup
.
[HKLM\~\startupfolder\^error.log]
path=\error.log
backup=c:\windows\pss\error.logCommon Startup
.
[HKLM\~\startupfolder\^masks]
path=\masks
backup=c:\windows\pss\masksCommon Startup
.
[HKLM\~\startupfolder\^Menu Démarrer.rar]
path=\Menu Démarrer.rar
backup=c:\windows\pss\Menu Démarrer.rarCommon Startup
.
[HKLM\~\startupfolder\^mpofc.dat]
path=\mpofc.dat
backup=c:\windows\pss\mpofc.datCommon Startup
.
[HKLM\~\startupfolder\^ntuser.dat]
path=\ntuser.dat
backup=c:\windows\pss\ntuser.datCommon Startup
.
[HKLM\~\startupfolder\^ntuser.dat.LOG]
path=\ntuser.dat.LOG
backup=c:\windows\pss\ntuser.dat.LOGCommon Startup
.
[HKLM\~\startupfolder\^ntuser.ini]
path=\ntuser.ini
backup=c:\windows\pss\ntuser.iniCommon Startup
.
[HKLM\~\startupfolder\^ntuser.pol]
path=\ntuser.pol
backup=c:\windows\pss\ntuser.polCommon Startup
.
[HKLM\~\startupfolder\^SWAT.cfg]
path=\SWAT.cfg
backup=c:\windows\pss\SWAT.cfgCommon Startup
.
[HKLM\~\startupfolder\^TempWmicBatchFile.bat]
path=\TempWmicBatchFile.bat
backup=c:\windows\pss\TempWmicBatchFile.batCommon Startup
.
[HKLM\~\startupfolder\^youtubetomp3.org.save]
path=\youtubetomp3.org.save
backup=c:\windows\pss\youtubetomp3.org.saveCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IERESETATTRIB]
%SystemRoot%\system32\ieudinit.exe -ResetFileAttributes [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Wallpaper Changer]
wallpaper.exe -minimize [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdopeFlash]
2012-01-30 00:34 750320 ----a-w- c:\google\AutoIt3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdopeUpdate]
2012-01-30 00:34 750320 ----a-w- c:\google\AutoIt3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiWormUpdate]
2012-01-30 00:34 750320 ----a-w- c:\google\AutoIt3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08 59720 -c--a-w- c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2015-04-29 21:30 5515496 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray]
2015-04-10 14:19 130048 ----a-w- c:\program files\Avira\My Avira\Avira.OE.Systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 18:34 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-cleaner]
2008-05-08 11:24 155648 -c----w- c:\windows\system32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-13 18:34 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4300 Series]
2007-03-01 05:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-09-01 00:52 138096 -c--atw- c:\documents and settings\moi\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2012-10-25 09:25 41134712 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 10:46 166912 -c--a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2014-09-12 21:01 3878480 ----a-r- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 10:46 134656 -c--a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35 152392 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewJavaInstall]
2012-01-30 00:34 750320 ----a-w- c:\google\AutoIt3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-13 10:46 135680 -c--a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2015-04-08 02:01 366904 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 10:07 252296 -c--a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-08-15 10:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-13 18:34 143872 ------w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2015-07-01 19:06 1994592 ----a-w- c:\documents and settings\moi\Application Data\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoLAN]
2008-05-08 11:24 155648 -c----w- c:\windows\system32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update]
2008-04-13 18:33 401408 ----a-w- c:\windows\system32\cmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppMgmt"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Internet Download Manager\\IDMan.exe"=
"c:\\Program Files\\Internet Download Manager\\IEMonitor.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
"c:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\Driver\\9\\INTEL3~1\\IDriver.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Documents and Settings\\moi\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\moi\\Application Data\\uTorrent\\uTorrent.exe"=
.
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys [x]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe [2015-04-10 205104]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-02-18 315488]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-10-18 78136]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-07-09 98520]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk.sys [x]
R3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2010-09-17 179520]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2010-09-17 179520]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-11-24 116184]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-29 787760]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-04-29 427992]
S1 IDMTDI;IDMTDI;c:\windows\system32\DRIVERS\idmtdi.sys [2014-06-09 121440]
S2 AIPS;Arp Intelligent Protection Service;c:\program files\netcut\services\AIPS.exe [2011-07-28 262144]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-29 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-29 74976]
S2 KaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\KaraokeSer.exe [2012-10-22 88696]
S2 litdpl;litdpl;c:\windows\system32\DRIVERS\litdpl.sys [2002-10-13 4736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-10-22 2558200]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-08 00:57 991048 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-29 21:30]
.
2015-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-04 12:55]
.
2015-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-04 12:55]
.
2015-07-12 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
- c:\windows\system32\xp_eos.exe [2015-07-11 23:28]
.
2015-07-12 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\windows\system32\xp_eos.exe [2015-07-11 23:28]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = about:blank
mStart Page = about:blank
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Akamai NetSession Interface - c:\documents and settings\moi\Local Settings\Application Data\Akamai\netsession_win.exe
MSConfigStartUp-AntiUsbWorm - start c:\google\AutoIt3.exe
MSConfigStartUp-AppsHat - c:\documents and settings\moi\Local Settings\Application Data\WebPlayer\AppsHat\WebPlayer.exe
MSConfigStartUp-AutorunRemover - (no file)
MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
MSConfigStartUp-CCleaner Monitoring - c:\program files\CCleaner\CCleaner.exe
MSConfigStartUp-EPSON BX305 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE
MSConfigStartUp-FixCamera - c:\windows\FixCamera.exe
MSConfigStartUp-FlashGet 3 - c:\documents and settings\moi\Desktop\FlashGet\FlashGet3.exe
MSConfigStartUp-FUFAXSTM - c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
MSConfigStartUp-Google Update - c:\documents and settings\moi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-JavaUpdate - c:\google\GoogleUpdate.lnk
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-Micnosoft DLL Registnation - c:\documents and settings\moi\Application Data\regsrv45.exe
MSConfigStartUp-Micnosoft DLL Registnrtion - c:\documents and settings\moi\Application Data\regsrv65.exe
MSConfigStartUp-Microsoft DXT Registration - c:\documents and settings\moi\Application Data\regsrv69.exe
MSConfigStartUp-MSIDLL - msivna32.dll
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-NokiaSuite - c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
MSConfigStartUp-RDReminder - c:\program files\Dll-Files.com Fixer\DLLFixer.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-snp325 - c:\windows\vsnp325.exe
MSConfigStartUp-Software Informer - c:\program files\Software Informer\softinfo.exe
MSConfigStartUp-SoloSentry - c:\srnmic~1\SOLOSENT.EXE
MSConfigStartUp-tsnp325 - c:\windows\tsnp325.exe
MSConfigStartUp-UpdateReminder - c:\program files\Eset\UpdateReminder.exe
AddRemove-4shared Desktop - c:\program files\4shared Desktop\Uninstall.exe
AddRemove-Halo - c:\program files\Google\Google Earth\PASTORE\Game\HaLLo\UNINSTAL.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-12 14:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,b6,77,e1,50,2a,eb,4d,af,db,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,b6,77,e1,50,2a,eb,4d,af,db,1b,\
.
[HKEY_USERS\S-1-5-21-1708537768-412668190-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*, \OpenWithList]
@Class="Shell"
"a"="IDMan.exe"
"MRUList"="ba"
"b"="vlc.exe"
.
[HKEY_USERS\S-1-5-21-1708537768-412668190-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*m*v*, \OpenWithProgids]
"wmv??_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-1708537768-412668190-1644491937-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A83945C8-1DD4-4AD0-3F97-F49A9F26B53B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"japjooahpepipidifppo"=hex:62,61,64,68,00,00
"japjooahpepipidifpdp"=hex:62,61,69,67,00,00
"iapkbkgnbapbhllpfa"=hex:6b,61,61,68,68,67,62,64,65,64,6f,65,67,69,6b,70,64,6f,
68,69,6e,6e,00,00
"hafkhkbgjkoojcbi"=hex:6b,61,61,68,68,67,62,64,70,63,63,66,68,62,66,68,68,68,
68,6a,63,70,00,00
.
[HKEY_USERS\S-1-5-21-1708537768-412668190-1644491937-1003\Software\SecuROM\License information*]
"datasecu"=hex:5f,73,bc,e7,f7,f8,a9,34,8b,8a,7f,f3,08,be,11,ed,a4,1a,80,af,86,
9f,50,3f,a3,4f,d7,5d,29,e6,16,5c,ce,9d,cb,0c,d2,77,45,b7,e8,aa,bf,92,32,97,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_USERS\S-1-5-21-1708537768-412668190-1644491937-1003\Software\Xtï*N*R* *L*a*b*s*\8tï*Àï*Éï*Àï*ü*e*\Data]
"UpdateTimeYear"=dword:000007db
"UpdateTimeMonth"=dword:00000007
"UpdateTimeDay"=dword:00000006
"UpdateTimeHour"=dword:00000002
"UpdateTimeMinute"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6d,34,5a,39,34,b4,23,f7,fa,dd,28,f5,81,9a,8e,c6,d9,ea,e8,35,61,
ed,72,2f,e9,70,20,f5,14,a8,d3,eb,c9,85,0c,e1,0a,28,2a,3d,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75592c5c-c657-4bcb-9e0b-ae87a980e485}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001d
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,7c,a3,58,23,ec,af,2d,15,15,ef,a1,46,54,19,6c,0d,35,95,e0,f3,7c,6d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):14,9b,5d,48,f0,70,d0,a8,b3,93,a3,b5,7d,f6,8a,93,a4,f0,bf,fc,7b,
bf,ab,af,05,a8,78,6e,5b,e3,ec,8c,ff,80,5c,38,03,b2,51,d9,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b158d5fa-3445-4eb7-88a2-40e22477608c}]
@Denied: (Full) (Everyone)
"Model"=dword:00000046
"Therad"=dword:0000000f
"SpecVersion"=dword:0000010f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="CF3E68A60B336D4EC2901D787E7B8047DAE92DEEADACDFDB754CBF94F6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC7933C038D530D6EB3452B7BF1D5B45E8A277682B314D5BF0F8425F760E70524C01391CEC9379896A53F62AB7473DC905EDE7054B26BB316FDB6E81180778263056EC51910D9FDE7081918CFCAB807638BA79D21D345895F86D9CFBA2FEE6A7E90095CF6F99D822B7D0AADE318B81587E3A35D33D25E16896B74BEECCE8FE272F83C4FCFC7490B2C15A0CE4A50CF081C444BA4C7B28EE88BFEA0DC2069A5E76A609A4FBE53C8475016211A7E3B6D1846CCF3B465D50665EE7D70B9FF051EEEB6C5BEF3C8678C75060CCADF227F97BFA4C7D7D0F991287D16EF77EF4DF2CF462916B7769F28FC130BCA0E4575D251B82AF8CDAB69EC8E0D02CE4B775DE2E85B919CB1FF7704E2D83E60D5128ACEEAEB95165C3130D34584DEB5D1A952A3F8952FAB6E09F7B6517BE24629EFDE9718BC5669038BC37F327BDECC41C1135A9BF15A406C6DB41E8655AAC1590352129D8D0143B5091A711591A6121CA64229DBA6B743972E9A3D0CB502E3E7A6E93761106F23935B11B74CFE1701E4353CEAE5EC3BE7697CDB97A56A0C91B468CB4A00796927FA583006CBE94B50BB9E2C4D3E5914B847F504F2764CF940DF1B829505BB774A772307C2CAFB9BF59F5DDC769DDCBD7CE84796178A76597170E5E4F1208A08F700524E84AFEDA12A253D1CCADA96B92E5999B237828EBCE63BF2EB5D8D70F4BBA549052405E04241E3F917DC37DEF21FC4048FA143F742CBFBF9B2079EA44890D70EAF76DD1C7DE2DBEB337B464DD9AEC92D5839A9C91161BDCDF062D34031912FBEBCE13B13D23D2E8118B6A3B388AB13CE00B41C2DB630BF6F592117C1541952C11FE582B7BC434E8C84035348DF0E9FCC8949F08EE60C9841F252760C63C0B4B9BE647BFA2089E7E3CCE48D46943D9AAAF5633986951338E5F52554CE93709391015CEC352A97FFB92643AF6DF68EA2CFC3ADBF170E7C631FD606308D155C6E5B84FC0DFB0D8E8C8B5628749073CA6FDDB60DC67A9CF2C9E08CCFE29D7ABA459228CD411E7B89360D25E8F4CFA103F31BB99609FC1A52B1CCC44BB9BD7C4242C1DFA23A625DF59525CA215D558A686694F6D729569783003612C0C1F331FEA8EBFFAAC479B58B9C109AC3F904338F55E0E150317534F4C411D9CCA484FABC1C1E19F516B7EA3D666D3AD9A79617129DDB38166C8362234D61DDE36FD13D0181DA133D9DF09B1F70AF80B95E3DDF1DFC63E53559F4F5FC15941746EFC6C6900895FB16EC378EC880DFBDD0473674DFC0EF1E1ECE65E6570F1AC1178D34BC12E85C1CA1F8E8F2D96E2A1F31D"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
"LastWPAEventLogged"=hex:d5,07,05,00,06,00,07,00,0f,00,38,00,24,00,fd,02
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3096)
c:\documents and settings\moi\Application Data\Dropbox\bin\DropboxExt.25.dll
c:\windows\system32\msi.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Google\Update\1.3.27.5\GoogleCrashHandler.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2015-07-12 14:13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-12 13:13
.
Pre-Run: 47 783 047 168 octets libres
Post-Run: 47 784 755 200 octets libres
.
- - End Of File - - B02B1381192EDB405EC5E3566B4D625F
C99C3199CFAA4CBDCD91493F6D113A50