cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 14-03-24.01 - Pascal 02/04/2014 8:56.1.4 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.2978.1535 [GMT 2:00]
Lanc� depuis: c:\users\Pascal\Downloads\ComboFix.exe
AV: G Data TotalProtection 2014 *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: Pare-feu personnel G Data *Disabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G Data TotalProtection 2014 *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\winrar_winrar_4.11_32_bits_francais_9632.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2014-03-02 au 2014-04-02 ))))))))))))))))))))))))))))))))))))
.
.
2014-04-02 00:09 . 2014-04-02 00:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E9B09F7-CFCE-45C8-87B3-87CA57834A8B}\offreg.dll
2014-04-01 16:13 . 2014-03-07 04:35 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E9B09F7-CFCE-45C8-87B3-87CA57834A8B}\mpengine.dll
2014-04-01 12:07 . 2014-04-01 12:07 -------- d-----w- c:\windows\system32\wbem\MOF\good
2014-04-01 12:07 . 2014-04-01 12:07 -------- d-----w- c:\windows\system32\wbem\MOF\bad
2014-04-01 12:07 . 2014-04-01 12:07 -------- d-----w- c:\windows\system32\wbem\Logs
2014-03-31 16:23 . 2014-03-31 16:23 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2014-03-31 15:34 . 2014-04-01 18:36 -------- d-----w- c:\users\Pascal\AppData\Roaming\ZHP
2014-03-31 15:34 . 2014-04-01 18:35 -------- d-----w- c:\program files\ZHPDiag
2014-03-30 16:56 . 2014-04-01 07:52 -------- d-----w- c:\programdata\Trymedia
2014-03-27 11:37 . 2014-03-27 11:37 -------- d-----w- c:\users\Pascal\AppData\Roaming\SketchUp
2014-03-23 20:03 . 2014-04-01 15:07 -------- d-----w- C:\Shortcut_Module
2014-03-23 08:59 . 2014-03-23 08:59 -------- d-----w- c:\windows\ERUNT
2014-03-17 07:36 . 2014-03-17 07:36 -------- d-----w- c:\program files\Common Files\Skype
2014-03-17 07:09 . 2014-03-17 07:09 -------- d-----w- c:\windows\en
2014-03-17 07:08 . 2014-03-17 07:08 -------- d-----w- c:\windows\fr
2014-03-15 13:59 . 2014-03-15 13:59 -------- d-----w- c:\users\Pascal\AppData\Local\Skype
2014-03-04 11:19 . 2014-03-09 14:01 -------- d-----w- c:\users\Pascal\AppData\Roaming\FarmMystery
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 18:42 . 2012-03-29 16:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 18:42 . 2012-03-29 16:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-16 14:37 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-01-10 12:40 . 2014-01-10 12:40 58560 ----a-w- c:\windows\system32\sirenacm.dll
2014-01-10 12:31 . 2014-01-10 12:31 322240 ----a-w- c:\windows\WLXPGSS.SCR
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-21 09:24 222920 ----a-w- c:\users\Pascal\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-21 09:24 222920 ----a-w- c:\users\Pascal\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-21 09:24 222920 ----a-w- c:\users\Pascal\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Pascal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Pascal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Pascal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Pascal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-02-21 257224]
"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2011-06-10 959880]
"EADM"="c:\program files\Origin\Origin.exe" [2014-03-16 3588952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-10-26 11680400]
"DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2013-12-11 101728]
"GDFirewallTray"="c:\program files\G Data\TotalProtection\Firewall\GDFirewallTray.exe" [2013-03-22 1854928]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2014-01-10 892608]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"G Data AntiVirus Tray"="c:\program files\G Data\TotalProtection\AVKTray\AVKTray.exe" [2013-08-21 1444472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 145880]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 181208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 189912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dropbox.lnk - c:\users\Pascal\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files\Fujitsu\LaunchCenter\LaunchCenter.exe [2012-3-29 375296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeSearchqudatamngr]
RD [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\removeSearchqutoolbar]
RD [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-03-22 04:07 248208 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R1 GLogin;GLogin; [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2013-03-20 6272]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 GDTunerSvc;G Data Tuner Service;c:\program files\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [2013-02-25 1711568]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-04-13 132480]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2013-03-26 26240]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2013-03-19 21376]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2013-03-19 23936]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2013-03-20 11264]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2012-09-03 543336]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-29 1343400]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2013-11-20 45912]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-01-14 524784]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-01-14 26608]
S0 TS4NT;TS4nt driver;c:\windows\System32\Drivers\TS4nt.sys [2013-11-20 103928]
S1 gddcv;G Data DCV Driver;c:\windows\system32\drivers\gddcv32.sys [2013-11-20 53208]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2013-11-20 96600]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2013-11-20 54104]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2014-01-01 30040]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2013-11-20 51032]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2013-08-26 1970296]
S2 AVKService;Planificateur G Data;c:\program files\G Data\TotalProtection\AVK\AVKService.exe [2013-08-21 635000]
S2 AVKWCtl;Gardien du syst�me de fichiers G�Data;c:\program files\G Data\TotalProtection\AVK\AVKWCtl.exe [2013-10-15 2101280]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-03-03 1363584]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-03-03 1748608]
S2 GDBackupSvc;Service G Data Backup;c:\program files\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [2013-08-21 1947768]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2014-03-27 581568]
S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2013-03-22 93072]
S2 TSNxGService;G Data Coffre-fort Service;c:\program files\G Data\TotalProtection\TSNxG\TSNxGService.exe [2013-09-17 255608]
S3 gddcd;G Data DCD Driver;c:\windows\system32\drivers\gddcd32.sys [2013-11-20 70488]
S3 GDFwSvc;Pare-feu personnel G Data;c:\program files\G Data\TotalProtection\Firewall\GDFwSvc.exe [2013-10-17 2373712]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2013-11-20 52056]
S3 GDScan;G�Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2013-08-22 695416]
S3 IntcDAud;Son Intel(R) pour �crans;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-08-21 289792]
S3 RTL8192cu;Cl� USB Wifi Essentiel B;c:\windows\system32\DRIVERS\RTL8192cu.sys [2012-06-12 734312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-17 17:50 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2014-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:42]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\4vsyclq3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-FileParade bundle uninstaller - c:\program files\sweetpacks bundle uninstaller\uninstaller.exe
AddRemove-UnityWebPlayer - c:\users\Pascal\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_USERS\S-1-5-21-3384981992-3658989634-1448604780-1001\Software\SecuROM\License information*]
"datasecu"=hex:7e,06,46,e6,22,8e,ca,39,86,64,a5,73,86,16,e0,0e,e4,af,1c,fd,45,
95,e5,a7,23,23,ce,16,f6,c3,f6,d5,8c,c0,e9,ac,d1,2e,2a,5d,28,48,f9,eb,72,ae,\
"rkeysecu"=hex:b0,f5,cd,c0,25,27,c2,81,43,f0,3d,c8,80,3c,8e,78
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2014-04-02 09:40:21
ComboFix-quarantined-files.txt 2014-04-02 07:40
.
Avant-CF: 291�311�960�064 octets libres
Apr�s-CF: 291�200�454�656 octets libres
.
- - End Of File - - 71DAF43CCC031581F51E91E162597B0C
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité