cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 13-04-25.01 - st�phanie 25/04/2013 12:59:02.8.2 - x86
Microsoft� Windows Vista� �dition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1999 [GMT 2:00]
Lanc� depuis: c:\users\st�phanie\Searches\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\E2C24CF311.sys
c:\programdata\pswi_preloaded.exe
c:\users\STPHAN~1\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\st�phanie\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\system32\9fc1711b.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\UA000082.DLL
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2013-03-25 au 2013-04-25 ))))))))))))))))))))))))))))))))))))
.
.
2013-04-25 11:08 . 2013-04-25 11:12 -------- d-----w- c:\users\st�phanie\AppData\Local\temp
2013-04-25 11:08 . 2013-04-25 11:08 -------- d-----w- c:\users\STPHAN~2\AppData\Local\temp
2013-04-25 11:08 . 2013-04-25 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-25 10:50 . 2013-04-25 10:50 -------- d-----w- c:\users\st�phanie\AppData\Local\{34642C86-6930-4C67-907A-D5B1F8C277C1}
2013-04-24 08:50 . 2013-04-24 08:50 -------- d-----w- c:\users\st�phanie\AppData\Local\{9DC46C9C-5005-457D-9285-7452995CB73E}
2013-04-23 08:34 . 2013-04-23 08:34 -------- d-----w- c:\users\st�phanie\AppData\Local\{254BC726-7714-4CFF-83C3-48B2D89766B1}
2013-04-23 08:25 . 2013-04-17 04:31 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84DA4AE8-54E1-4FFC-80D7-006B4F77236D}\mpengine.dll
2013-04-22 20:22 . 2013-04-22 20:22 -------- d-----w- c:\users\st�phanie\AppData\Local\{CEA733D9-A77D-408D-80BE-825DA3A01195}
2013-04-22 08:21 . 2013-04-22 08:21 -------- d-----w- c:\users\st�phanie\AppData\Local\{94FAFD97-34B4-4F64-BDAB-5DE86BAD4E66}
2013-04-21 09:22 . 2013-04-21 09:22 -------- d-----w- c:\users\st�phanie\AppData\Local\{3A5A59D9-ACCD-4730-8DDD-D86434C0A8D9}
2013-04-20 11:57 . 2013-04-20 11:58 -------- d-----w- c:\users\st�phanie\AppData\Local\{5F5DBE67-33BA-4FEC-971A-98555279D5E6}
2013-04-20 08:52 . 2013-04-22 21:40 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-04-20 08:43 . 2013-04-23 10:49 -------- d-----w- C:\ZHP
2013-04-20 08:43 . 2013-04-22 21:40 -------- d-----w- c:\program files\ZHPDiag
2013-04-19 10:59 . 2013-04-19 10:59 -------- d-----w- c:\users\st�phanie\AppData\Local\{97E25B34-47B4-45D2-8910-AA7579983D6E}
2013-04-18 08:15 . 2013-04-18 21:37 -------- d-----w- c:\users\st�phanie\AppData\Local\{217F840F-299F-48A3-9E35-261D84232D7A}
2013-04-17 20:13 . 2013-04-17 20:14 -------- d-----w- c:\users\st�phanie\AppData\Local\{F4FB92B9-335E-49D8-B6FE-2377095346BE}
2013-04-17 08:01 . 2013-04-17 08:01 -------- d-----w- c:\users\st�phanie\AppData\Local\{DCCD1246-2D4C-40CB-BBE6-9207209A62A0}
2013-04-16 07:59 . 2013-04-16 20:00 -------- d-----w- c:\users\st�phanie\AppData\Local\{905DF8A5-D915-4649-986F-3CCBB274A450}
2013-04-15 07:57 . 2013-04-15 19:58 -------- d-----w- c:\users\st�phanie\AppData\Local\{1F7A1E10-4EBC-4EBD-A08F-D37409F2B625}
2013-04-14 10:36 . 2013-04-14 10:36 -------- d-----w- c:\users\st�phanie\AppData\Local\{C8FD6521-3594-41BA-A82C-442F98A23211}
2013-04-13 09:02 . 2013-04-13 21:22 -------- d-----w- c:\users\st�phanie\AppData\Local\{D1EC9E66-2B9A-4A65-ABD8-C0518F761651}
2013-04-12 07:46 . 2013-04-12 20:59 -------- d-----w- c:\users\st�phanie\AppData\Local\{ED9BD165-EEAE-4E97-BA00-658201811CB3}
2013-04-11 07:39 . 2013-04-11 19:46 -------- d-----w- c:\users\st�phanie\AppData\Local\{159572AD-03EF-414D-A76F-7D6FA32BF8A5}
2013-04-10 07:25 . 2013-04-10 19:33 -------- d-----w- c:\users\st�phanie\AppData\Local\{03CBC5F7-AFFE-4E7E-92AD-3CB3080537D6}
2013-04-10 07:23 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 07:23 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 07:23 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 07:23 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 07:23 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 07:23 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 07:23 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 07:23 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 10:18 . 2013-04-09 10:18 -------- d-----w- c:\users\st�phanie\AppData\Local\{00ACED3E-3ABC-4385-93B7-6528398DC070}
2013-04-08 09:15 . 2013-04-08 21:16 -------- d-----w- c:\users\st�phanie\AppData\Local\{F398BEE2-6DAC-47F4-A530-AF8D129E47AF}
2013-04-07 21:15 . 2013-04-07 21:15 -------- d-----w- c:\users\st�phanie\AppData\Local\{04D5A0A1-9C98-40D6-8515-BBFA6A174708}
2013-04-07 09:13 . 2013-04-07 09:13 -------- d-----w- c:\users\st�phanie\AppData\Local\{762915B0-0190-48D9-998B-D3C92E29BF5E}
2013-04-06 09:11 . 2013-04-06 21:13 -------- d-----w- c:\users\st�phanie\AppData\Local\{F35E2C9A-A638-4ED3-986A-8D8D91FB7710}
2013-04-05 08:45 . 2013-04-05 21:11 -------- d-----w- c:\users\st�phanie\AppData\Local\{587055DB-464B-4E84-BB4F-81E59798A709}
2013-04-04 08:37 . 2013-04-10 08:40 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-04-04 08:33 . 2013-04-04 20:33 -------- d-----w- c:\users\st�phanie\AppData\Local\{01708870-5ED5-45E7-9D83-C61BF8F9D35B}
2013-04-03 08:13 . 2013-04-03 20:13 -------- d-----w- c:\users\st�phanie\AppData\Local\{B52F8FA0-A526-49B0-9082-0C4753C7ED1A}
2013-04-02 06:37 . 2013-04-02 20:12 -------- d-----w- c:\users\st�phanie\AppData\Local\{34A3BFA2-F623-4748-B520-93659ACFE68B}
2013-04-01 11:31 . 2013-04-01 11:32 -------- d-----w- c:\users\st�phanie\AppData\Local\{7E80DAA1-24B8-44F1-9956-5869E43C88AB}
2013-03-31 21:56 . 2013-03-31 21:56 -------- d-----w- c:\users\st�phanie\AppData\Local\{2E383B75-6AA0-436E-B8BD-86EAB71E6E11}
2013-03-30 11:16 . 2013-03-30 23:17 -------- d-----w- c:\users\st�phanie\AppData\Local\{2A4D72AE-E439-45CB-AE61-D8E16F538ADF}
2013-03-29 10:05 . 2013-03-29 22:18 -------- d-----w- c:\users\st�phanie\AppData\Local\{B7437E69-68DB-4F97-AA0D-4B5193C17090}
2013-03-28 10:03 . 2013-03-28 22:03 -------- d-----w- c:\users\st�phanie\AppData\Local\{AD3480CE-1690-42D4-8274-A3D866CEF45C}
2013-03-27 09:59 . 2013-03-27 22:00 -------- d-----w- c:\users\st�phanie\AppData\Local\{59EF3E13-FD17-4063-88BF-7227E3C8311E}
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-13 07:45 . 2012-04-27 07:47 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-13 07:45 . 2011-05-19 06:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 12:50 . 2012-04-13 20:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-11 23:10 . 2009-10-03 08:26 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-09 15:53 . 2013-03-09 15:53 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 15:53 . 2012-06-16 13:15 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-09 15:53 . 2010-04-20 07:46 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-17 19:28 . 2010-01-05 19:22 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-02-12 01:57 . 2013-03-14 21:58 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2007-11-03 14:17 . 2007-11-03 14:17 348 ----a-w- c:\program files\mpc4.reg
2007-11-03 14:17 . 2007-11-03 14:17 3476 ----a-w- c:\program files\mpc7.reg
2007-11-03 14:17 . 2007-11-03 14:17 3026 ----a-w- c:\program files\mpc3.reg
2007-11-03 14:17 . 2007-11-03 14:17 18156 ----a-w- c:\program files\mpc6.reg
2007-11-03 14:17 . 2007-11-03 14:17 16220 ----a-w- c:\program files\mpc5.reg
2007-11-03 14:17 . 2007-11-03 14:17 680 ----a-w- c:\program files\mpc2.reg
2007-11-03 14:17 . 2007-11-03 14:17 596 ----a-w- c:\program files\mpc1.reg
2007-11-03 14:17 . 2007-11-03 14:17 1658 ----a-w- c:\program files\ffdssetts.reg
2007-11-03 14:17 . 2007-11-03 14:17 1292 ----a-w- c:\program files\ffdsasetts.reg
2007-08-15 13:00 . 2007-08-15 13:01 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-05-01 21:02 . 2013-04-12 08:00 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2013-04-12 08:00 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2013-04-12 08:00 . 2013-04-12 08:00 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Win Startup Manager"="c:\users\st�phanie\AppData\Roaming\Windows NT\recovery.exe" [2009-03-30 32064]
"Facebook Update"="c:\users\st�phanie\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-06-08 958392]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2012-03-08 4280184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
STK014 PNP Monitor.lnk - c:\program files\STK014_V2.01\STK014M.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^st�phanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Free Stuff.url]
path=c:\users\st�phanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free Stuff.url
backup=c:\windows\pss\Free Stuff.url.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^st�phanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\st�phanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^st�phanie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\st�phanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-11-11 09:44 2001648 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-05-12 10:13 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TViXNetShare]
2008-06-25 21:54 883200 ----a-w- c:\program files\DVICO\TViXNetShare\TViXNetShare.exe
.
--- Autres Services/Pilotes en m�moire ---
.
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswTdi
*Deregistered* - eeCtrl
*Deregistered* - SRTSPX
*Deregistered* - SymEvent
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'T�ches planifi�es'
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 07:45]
.
.
------- Examen suppl�mentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title =
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\st�phanie\AppData\Roaming\Mozilla\Firefox\Profiles\k0u2daf0.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{7C523BE6-3EB3-4FD5-87D1-FC95E65AA763} - (no file)
WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
WebBrowser-{7C523BE6-3EB3-4FD5-87D1-FC95E65AA763} - (no file)
WebBrowser-{00090572-041B-0000-0000-000000000000} - (no file)
WebBrowser-{77325C39-C5BF-74EB-0000-000040BE4903} - (no file)
WebBrowser-{0000041B-0000-0000-0000-0000D4E32D01} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BitTorrent DNA - c:\users\st�phanie\Program Files\DNA\btdna.exe
MSConfigStartUp-Pokki - c:\users\st�phanie\AppData\Local\Pokki\v0.260.8.396\pokki.exe
MSConfigStartUp-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSConfigStartUp-UVS11 Preload - c:\program files\Ulead Systems\uvPL.exe
AddRemove-9fc1711b - c:\windows\system32\9fc1711b.exe
AddRemove-HP PSC 2170 Series - c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe
AddRemove-{74440C01-075E-4B10-AD97-60834BC4C2A0}_is1 - c:\program files\Webplayer setup\unins000.exe
AddRemove-{7E265513-8CDA-4631-B696-F40D983F3B07}_is1 - c:\program files\CDBurnerXP\unins000.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-BitTorrent - c:\program files\BitTorrent\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-25 13:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\Borland\Delphi]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\KasperskyLab\protected]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\Microsoft\Internet Explorer\Main\Default Feeds\{025B6513-4224-4C63-8CA1-B98447382001}]
@DACL=(02 0000)
"Title"="Flux Microsoft\\MSN Actualit�s"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\2809983650\GroupState]
@DACL=(02 0000)
".ViewByOnline"=dword:00000001
"Online"=dword:00000000
"Mobile"=dword:00000000
"Offline"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\2809983650\WinksMRUList]
@DACL=(02 0000)
"CurrentEntries"=dword:00000008
"0"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,73,00,74,00,65,00,70,00,68,00,2e,00,65,00,\
"1"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,73,00,74,00,65,00,70,00,68,00,2e,00,65,00,\
"2"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,73,00,74,00,65,00,70,00,68,00,2e,00,65,00,\
"3"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,73,00,74,00,65,00,70,00,68,00,2e,00,65,00,\
"4"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,73,00,74,00,65,00,70,00,68,00,2e,00,65,00,\
"5"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,73,00,74,00,65,00,70,00,68,00,2e,00,65,00,\
"6"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,73,00,74,00,65,00,70,00,68,00,2e,00,65,00,\
"7"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,73,00,74,00,65,00,70,00,68,00,2e,00,65,00,\
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\2980017467\GroupState]
@DACL=(02 0000)
".ViewByOnline"=dword:00000000
"0ac935fb-668b-4926-b29a-8b52a3437d46"=dword:00000000
"99a09d89-3be7-4054-8213-0c890d340001"=dword:00000000
"0e261402-e7ad-4c60-af0b-ad9eeab7725a"=dword:00000000
"Individuals"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\Microsoft\MSNMessenger\PerPassportSettings\2980017467\WinksMRUList]
@DACL=(02 0000)
"CurrentEntries"=dword:00000008
"0"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,64,00,65,00,76,00,69,00,73,00,6d,00,65,00,\
"1"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,64,00,65,00,76,00,69,00,73,00,6d,00,65,00,\
"2"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,64,00,65,00,76,00,69,00,73,00,6d,00,65,00,\
"3"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,64,00,65,00,76,00,69,00,73,00,6d,00,65,00,\
"4"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,64,00,65,00,76,00,69,00,73,00,6d,00,65,00,\
"5"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,64,00,65,00,76,00,69,00,73,00,6d,00,65,00,\
"6"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,64,00,65,00,76,00,69,00,73,00,6d,00,65,00,\
"7"=hex:3c,00,6d,00,73,00,6e,00,6f,00,62,00,6a,00,20,00,43,00,72,00,65,00,61,
00,74,00,6f,00,72,00,3d,00,22,00,64,00,65,00,76,00,69,00,73,00,6d,00,65,00,\
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,03,00,00,00,00,00,00,00,b0,e2,2b,d8,
64,57,d0,11,a9,6e,00,c0,4f,d7,05,a2,22,00,1c,00,0a,11,00,00,1a,00,00,00,01,\
"Upgrade"=dword:00000001
"Toolbars"=hex:11,00,00,00,00,00,00,00
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\Nico Mak Computing\Winzip]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2555148778-847838647-376290905-1000\Software\Skype\Phone\UI]
@DACL=(02 0000)
"Version"=dword:030500ef
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Orange\Assistance Livebox\AssistanceLivebox.exe
c:\program files\Orange\Assistance Livebox\dist\ST2.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2013-04-25 13:20:05 - La machine a red�marr�
ComboFix-quarantined-files.txt 2013-04-25 11:20
ComboFix2.txt 2008-05-12 09:02
.
Avant-CF: 39�199�707�136 octets libres
Apr�s-CF: 39�345�225�728 octets libres
.
- - End Of File - - CBB2FA6DB3EEB07CBEAEA2CAC0282769

Publicité


Signaler le contenu de ce document

Publicité