ComboFix 12-06-23.06 - GOTNN 24/06/2012 14:12:35.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3949.2427 [GMT 2:00]
Lancé depuis: C:\Users\GOTNN\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Pare-feu personnel d'ESET *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\FullRemove.exe
D:\install.exe
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-24 au 2012-06-24 ))))))))))))))))))))))))))))))))))))
2012-06-24 12:42:47 . 2012-06-24 12:42:47 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-12 12:42:05 . 2012-03-01 06:54:38 22896 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-06-12 12:42:05 . 2012-03-01 06:45:41 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-06-12 12:42:05 . 2012-03-01 06:40:14 80896 ----a-w- C:\Windows\system32\imagehlp.dll
2012-06-12 12:42:05 . 2012-03-01 06:35:16 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-06-12 12:42:05 . 2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-12 12:42:05 . 2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-12 12:42:05 . 2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-12 12:32:58 . 2011-04-27 02:57:40 102400 ----a-w- C:\Windows\system32\drivers\dfsc.sys
2012-06-12 12:31:42 . 2011-04-29 03:13:10 461312 ----a-w- C:\Windows\system32\drivers\srv.sys
2012-06-12 12:30:59 . 2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-06-12 12:27:11 . 2012-04-02 05:26:41 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-12 12:27:11 . 2012-04-02 05:24:59 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-12 12:27:11 . 2012-04-02 05:24:58 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-12 12:27:11 . 2012-04-02 04:40:25 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-12 12:27:10 . 2012-04-02 05:24:58 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-12 12:23:23 . 2011-11-19 15:07:41 77312 ----a-w- C:\Windows\system32\packager.dll
2012-06-12 12:23:23 . 2011-11-19 14:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-12 12:23:17 . 2011-11-17 07:14:10 1739160 ----a-w- C:\Windows\system32\ntdll.dll
2012-06-12 12:23:16 . 2011-11-17 05:41:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-06-10 22:34:30 . 2012-06-10 22:34:30 -------- d-----w- C:\Users\GOTNN\AppData\Local\Macromedia
2012-05-25 12:49:56 . 2012-05-25 12:49:56 -------- d-----w- C:\Users\GOTNN\AppData\Roaming\LolClient2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
2012-06-24 11:46:36 . 2012-04-01 16:54:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-24 11:46:36 . 2011-05-15 16:36:39 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 11:46:07 . 2012-04-04 13:46:07 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 05:22:40 . 2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\system32\drivers\atikmdag.sys
2012-04-06 02:22:00 . 2012-04-06 02:22:00 159744 ----a-w- C:\Windows\system32\atiapfxx.exe
2012-04-06 02:21:52 . 2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 . 2011-04-20 02:07:46 1067520 ----a-w- C:\Windows\system32\aticfx64.dll
2012-04-06 02:16:52 . 2012-04-06 02:16:52 442368 ----a-w- C:\Windows\system32\ATIDEMGX.dll
2012-04-06 02:16:46 . 2012-04-06 02:16:46 503808 ----a-w- C:\Windows\system32\atieclxx.exe
2012-04-06 02:16:02 . 2012-04-06 02:16:02 236544 ----a-w- C:\Windows\system32\atiesrxx.exe
2012-04-06 02:14:44 . 2012-04-06 02:14:44 120320 ----a-w- C:\Windows\system32\atitmm64.dll
2012-04-06 02:14:30 . 2012-04-06 02:14:30 21504 ----a-w- C:\Windows\system32\atimuixx.dll
2012-04-06 02:14:26 . 2012-04-06 02:14:26 59392 ----a-w- C:\Windows\system32\atiedu64.dll
2012-04-06 02:14:20 . 2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 . 2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 . 2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\system32\atio6axx.dll
2012-04-06 02:00:10 . 2011-04-20 01:27:00 64000 ----a-w- C:\Windows\system32\coinst.dll
2012-04-06 01:54:46 . 2009-11-11 08:16:21 7479296 ----a-w- C:\Windows\system32\atidxx64.dll
2012-04-06 01:50:56 . 2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 . 2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\system32\atiumd6v.dll
2012-04-06 01:34:50 . 2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 . 2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\system32\atiumd6a.dll
2012-04-06 01:34:04 . 2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 . 2012-04-06 01:30:16 51200 ----a-w- C:\Windows\system32\aticalrt64.dll
2012-04-06 01:30:14 . 2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 . 2012-04-06 01:30:08 44544 ----a-w- C:\Windows\system32\aticalcl64.dll
2012-04-06 01:30:06 . 2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 . 2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\system32\aticaldd64.dll
2012-04-06 01:25:30 . 2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 . 2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\system32\atiumd64.dll
2012-04-06 01:22:54 . 2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 . 2012-04-06 01:11:28 514560 ----a-w- C:\Windows\system32\atiadlxx.dll
2012-04-06 01:11:20 . 2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 . 2012-04-06 01:11:06 17408 ----a-w- C:\Windows\system32\atig6pxx.dll
2012-04-06 01:11:04 . 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 . 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\system32\atiglpxx.dll
2012-04-06 01:11:00 . 2012-04-06 01:11:00 41984 ----a-w- C:\Windows\system32\atig6txx.dll
2012-04-06 01:10:52 . 2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 . 2012-04-06 01:10:44 343040 ----a-w- C:\Windows\system32\drivers\atikmpag.sys
2012-04-06 01:09:56 . 2011-04-20 01:21:44 54784 ----a-w- C:\Windows\system32\atiuxp64.dll
2012-04-06 01:09:48 . 2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 . 2012-04-06 01:09:42 44544 ----a-w- C:\Windows\system32\atiu9p64.dll
2012-04-06 01:09:34 . 2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 . 2012-04-06 01:09:02 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll
2012-04-06 01:06:08 . 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\system32\atimpc64.dll
2012-04-06 01:06:08 . 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\system32\amdpcom64.dll
2012-04-06 01:06:04 . 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 . 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 20:34:26 . 2012-04-05 20:34:26 187392 ----a-w- C:\Windows\system32\clinfo.exe
2012-04-05 20:34:10 . 2012-04-05 20:34:10 74752 ----a-w- C:\Windows\system32\OpenVideo64.dll
2012-04-05 20:34:04 . 2012-04-05 20:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 20:33:56 . 2012-04-05 20:33:56 63488 ----a-w- C:\Windows\system32\OVDecode64.dll
2012-04-05 20:33:52 . 2012-04-05 20:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-05 20:33:44 . 2012-04-05 20:33:44 16457216 ----a-w- C:\Windows\system32\amdocl64.dll
2012-04-05 20:32:56 . 2012-04-05 20:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08:18 143360 ----a-w- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Boingo Wi-Fi"="C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-27 13:00:36 2429]
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 03:29:32 6998656]
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 03:31:48 170624]
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 17:29:42 105016]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 23:24:32 641664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 13:00:16 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 11:46:36 250056]
R3 driverhardwarev2x64;driverhardwarev2x64;C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [2011-07-21 18:55:50 16640]
R3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 13:00:16 135664]
R3 ipswuio;ipswuio;C:\Windows\system32\DRIVERS\ipswuio.sys [x]
R3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\x64\maconfservice.exe [2011-11-14 11:54:06 427640]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-08 18:55:14 113120]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys [x]
S0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;C:\Windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 00:36:14 15416]
S2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 11:03:30 974944]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 15:18:12 2329480]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 02:34:22 2314240]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [x]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - WS2IFSL
Contenu du dossier 'Tâches planifiées'
2012-06-24 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:54:07 . 2012-06-24 11:46:36]
2012-06-24 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 13:00:18 . 2010-09-27 13:00:16]
2012-06-24 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 13:00:18 . 2010-09-27 13:00:16]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:52:58 159744 ----a-w- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49:40 70656 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49:40 70656 ----a-w- C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="C:\Program Files\Elantech\ETDCtrl.exe" [2009-09-30 03:55:25 621440]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2009-11-27 03:39:45 487424]
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 07:10:27 323584]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 00:57:29 825184]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2011-09-22 11:03:04 4035152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
------- Examen supplémentaire -------
uStart Page =
hxxp://www.google.com/webhp?hl=fruLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\GOTNN\AppData\Roaming\Mozilla\Firefox\Profiles\csjzt8ng.default\
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-K_Series_ScreenSaver_EN - C:\Windows\system32\K_Series_ScreenSaver_EN.scr