cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 14-12-25.01 - ordi 25/12/2014 20:51:30.1.2 - x86
Microsoft� Windows Vista� �dition Familiale Premium 6.0.6002.2.1252.33.1036.18.2815.1156 [GMT 1:00]
Lanc� depuis: c:\users\ordi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFRCD9F.tmp
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\ma-config.inf
c:\program files\ma-config.com\Drivers\ma-config_amd64.cat
c:\program files\ma-config.com\Drivers\ma-config_amd64.sys
c:\program files\ma-config.com\Drivers\ma-config_x86.cat
c:\program files\ma-config.com\Drivers\ma-config_x86.sys
c:\program files\ma-config.com\Langues\LangueMC.ar.resx
c:\program files\ma-config.com\Langues\LangueMC.de.resx
c:\program files\ma-config.com\Langues\LangueMC.en.resx
c:\program files\ma-config.com\Langues\LangueMC.es.resx
c:\program files\ma-config.com\Langues\LangueMC.fr.resx
c:\program files\ma-config.com\Langues\LangueMC.pt.resx
c:\program files\ma-config.com\Langues\LangueMC.ru.resx
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\MaConfigAgent.exe
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\MCDetection.exe
c:\program files\ma-config.com\MCNoyau.dll
c:\program files\ma-config.com\MCrypt.dll
c:\program files\ma-config.com\MCSettings.exe
c:\program files\ma-config.com\MCStubUser.exe
c:\program files\ma-config.com\sqlite3.dll
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\mcdetection.txt
c:\programdata\ma-config.com\Logs\mcstubuser.txt
c:\programdata\ma-config.com\Logs\websocketpp.log
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ma-config.com\server.pem
c:\programdata\ma-config.com\Temp\componenttemp.gz
c:\programdata\windows
c:\programdata\windows\dsdd.dat
c:\programdata\windows\nudr.dat
c:\users\ordi\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\ordi\AppData\Roaming\Local
c:\users\ordi\pbsvc.exe
c:\users\ordi\videos\GSpot.exe
c:\users\Public\jz4740_usbtool_drivers.exe
c:\users\Public\videos\hl.exe
c:\users\Public\videos\hlds.exe
c:\users\Public\videos\SETUP.EXE
c:\users\Public\VOBMerge.exe
c:\windows\msdownld.tmp
c:\windows\system32\
c:\windows\system32\SETCBC3.tmp
D:\setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ma-config_x86
-------\Legacy_ma-config_x86
-------\Service_ma-config_x86
-------\Service_MaConfigAgent
-------\Service_ma-config_x86
-------\Service_MaConfigAgent
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2014-11-25 au 2014-12-25 ))))))))))))))))))))))))))))))))))))
.
.
2014-12-23 19:26 . 2014-12-25 14:55 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2014-12-23 19:16 . 2014-12-25 19:36 -------- d-----w- c:\users\ordi\AppData\Roaming\ZHP
2014-12-09 19:56 . 2014-11-04 00:19 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-09 19:55 . 2014-11-07 01:33 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-09 19:41 . 2014-12-03 02:06 278528 ----a-w- c:\windows\system32\schannel.dll
2014-12-03 18:06 . 2014-12-03 18:06 188304 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-11-30 16:38 . 2014-12-25 19:45 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-30 16:37 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-30 16:37 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-30 16:37 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-30 15:14 . 2014-11-30 15:14 -------- d-----w- c:\windows\ERUNT
2014-11-28 18:52 . 2014-12-09 19:35 -------- d-----w- c:\users\ordi\AppData\Local\Battle.net
2014-11-28 18:52 . 2014-11-28 18:53 -------- d-----w- c:\users\ordi\AppData\Roaming\Battle.net
2014-11-28 18:51 . 2014-12-07 15:41 -------- d-----w- c:\program files\Battle.net
2014-11-28 09:15 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-28 09:15 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-28 09:15 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-28 09:15 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-28 09:13 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-28 09:13 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-28 09:12 . 2014-10-24 01:03 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-28 09:12 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-28 09:10 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-28 09:08 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-28 09:08 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-28 09:08 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-28 09:08 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-28 09:08 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-28 08:59 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-20 21:05 . 2013-03-04 19:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-20 21:05 . 2013-03-04 19:57 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-15 03:13 . 2014-12-24 22:58 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B4D3FA2-C5CC-44AF-A6CA-3FDCE48DA691}\mpengine.dll
2014-11-24 13:04 . 2009-10-02 17:56 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-10-14 17:38 . 2013-04-13 12:50 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-14 17:38 . 2013-04-13 12:50 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-02 12:23 . 2014-10-02 12:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-10-02 12:23 . 2014-10-02 12:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-04-14 21:57 . 2011-04-14 21:57 37142 ----a-w- c:\program files\ffdsvsetts.reg
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]
"Steam"="d:\program files\Steam\Steam.exe" [2014-11-18 1940160]
"iFunBox Price Watch"="d:\program files\iFunbox 2014\iFunBox2014.exe" [2014-10-14 7440384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-08 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 09:46 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD@ccess.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD@ccess.lnk
backup=c:\windows\pss\DVD@ccess.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^ordi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\users\ordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ordi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DeliveryManager.lnk]
path=c:\users\ordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeliveryManager.lnk
backup=c:\windows\pss\DeliveryManager.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ordi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'�cran et lancement.lnk]
path=c:\users\ordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'�cran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'�cran et lancement.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-11-20 18:13 1021128 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-10-11 11:05 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-01-17 16:51 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX110 Series]
2008-09-27 00:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iFunBox Price Watch]
2014-10-14 23:38 7440384 ----a-w- d:\program files\iFunbox 2014\iFunBox2014.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-10-15 03:42 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2011-05-13 14:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2007-12-07 13:28 196128 ----a-w- c:\windows\System32\nvraidservice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2007-06-21 17:33 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-10-11 18:53 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-03-09 02:52 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-196820185-3977035112-1684796494-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kdpfngur
.
Contenu du dossier 'T�ches planifi�es'
.
2014-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-04 21:05]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://google.fr/
uDefault_search_url = hxxp://google.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Tout t�l�charger avec NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: T�l�charger avec NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\ordi\AppData\Roaming\Mozilla\Firefox\Profiles\k8s7s6xh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.fr
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-07-22 21:13; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-eRecoveryService - (no file)
HKU-Default-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
MSConfigStartUp-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
MSConfigStartUp-Steam - c:\users\Public\Videos\steam\Steam.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM_ActiveSetup-{81C8EE73-B8F1-BE3D-FED7-E0D7706844AA} - c:\program files\Windows Live\setuip.exe
HKLM_ActiveSetup-{8D880B4D-9648-8CB8-3D10-F01B83E57CE8} - c:\program files\Outlook Express\settups.exe
AddRemove-InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-MultiBit 0.5.15 - c:\program files\Java\jre7\bin\javaw.exe
AddRemove-ShalSoft.GigaTribe_is1 - c:\program files\GigaTribe\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-25 21:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
d:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
d:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Heure de fin: 2014-12-25 21:20:29 - La machine a red�marr�
ComboFix-quarantined-files.txt 2014-12-25 20:20
.
Avant-CF: 6�651�731�968 octets libres
Apr�s-CF: 6�004�191�232 octets libres
.
- - End Of File - - 79CC82505EF90113389C18FF55E4F17F
8F558EB6672622401DA993E1E865C861

Publicité


Signaler le contenu de ce document

Publicité