cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-03-01.01 - User 03/03/2015 17:19:44.1.4 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.3914.1977 [GMT 1:00]
Lanc� depuis: c:\users\User\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\codec
c:\program files (x86)\codec\AC3Filter\ac3config.exe
c:\program files (x86)\codec\AC3Filter\presets.reg
c:\program files (x86)\codec\AC3Filter\renderers win2k.reg
c:\program files (x86)\codec\AC3Filter\reset to defaults.reg
c:\program files (x86)\codec\CoreAVC\coreavc.ico
c:\program files (x86)\codec\Divx6\config.exe
c:\program files (x86)\codec\Haali\avi.dll
c:\program files (x86)\codec\Haali\dxr.dll
c:\program files (x86)\codec\Haali\mkunicode.dll
c:\program files (x86)\codec\Haali\mkx.dll
c:\program files (x86)\codec\Haali\mkzlib.dll
c:\program files (x86)\codec\Haali\mp4.dll
c:\program files (x86)\codec\Haali\ogm.dll
c:\program files (x86)\codec\Haali\splitter.ax
c:\program files (x86)\codec\Haali\ts.dll
c:\program files (x86)\codec\history.txt
c:\program files (x86)\codec\readme.txt
c:\program files (x86)\codec\Uninstall\unins000.dat
c:\program files (x86)\codec\Uninstall\unins000.exe
c:\program files (x86)\codec\XviD\xvid.ico
c:\users\hhh\AppData\Roaming\Identities\AppServices.exe
c:\users\hhh\AppData\Roaming\Identities\data\csshield.asi
c:\users\hhh\AppData\Roaming\Identities\data\csshield.dll
c:\users\Invit�\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc\160\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc\160\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc\160\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc\160\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc\160\OJ1f9G0VT.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_enkjddfbpeljdppmdnalijkabobdfghe_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_enkjddfbpeljdppmdnalijkabobdfghe_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_geelfhphabnejjhdalkjhgipohgpdnoc_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_geelfhphabnejjhdalkjhgipohgpdnoc_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\.lnk
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-02-03 au 2015-03-03 ))))))))))))))))))))))))))))))))))))
.
.
2015-03-03 16:31 . 2015-03-03 16:31 -------- d-----w- c:\users\Invit�\AppData\Local\temp
2015-03-03 16:31 . 2015-03-03 16:31 -------- d-----w- c:\users\hhh\AppData\Local\temp
2015-03-03 16:31 . 2015-03-03 16:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-03 16:28 . 2015-03-03 16:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77089DE8-B56F-425A-8C67-7F6F40F87A92}\offreg.dll
2015-03-03 12:04 . 2015-02-16 03:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{77089DE8-B56F-425A-8C67-7F6F40F87A92}\mpengine.dll
2015-03-03 11:34 . 2015-03-03 11:34 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-03-02 12:38 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-03-02 12:38 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-03-02 12:35 . 2015-03-02 12:56 -------- d-----w- C:\AdwCleaner
2015-03-02 12:23 . 2015-03-02 12:35 -------- d-----w- c:\windows\system32\MRT
2015-03-02 11:20 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2015-03-02 11:20 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2015-03-02 11:20 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2015-03-02 11:20 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2015-03-02 11:20 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2015-03-02 11:20 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2015-03-02 11:20 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2015-03-02 11:20 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2015-03-01 11:42 . 2015-01-13 06:59 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-03-01 10:38 . 2013-08-29 02:13 878080 ----a-w- c:\windows\system32\advapi32.dll
2015-03-01 10:38 . 2013-08-29 02:16 1732032 ----a-w- c:\windows\system32\ntdll.dll
2015-03-01 10:38 . 2013-08-29 02:16 859648 ----a-w- c:\windows\system32\tdh.dll
2015-03-01 10:38 . 2013-08-29 01:50 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-03-01 10:38 . 2013-08-29 01:50 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2015-03-01 10:38 . 2013-08-29 01:48 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-03-01 09:09 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-03-01 09:09 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-03-01 09:09 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2015-03-01 09:09 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2015-03-01 09:07 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2015-03-01 09:07 . 2014-08-29 02:07 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-03-01 09:07 . 2014-08-29 02:07 322560 ----a-w- c:\windows\system32\aaclient.dll
2015-03-01 09:07 . 2014-08-29 01:44 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-03-01 09:07 . 2014-08-29 01:44 1050112 ----a-w- c:\windows\SysWow64\mstsc.exe
2015-03-01 09:07 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-03-01 09:07 . 2014-08-29 02:07 5780480 ----a-w- c:\windows\system32\mstscax.dll
2015-03-01 09:07 . 2014-08-29 02:06 1125888 ----a-w- c:\windows\system32\mstsc.exe
2015-03-01 09:07 . 2014-08-29 01:44 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-03-01 09:07 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-01 09:07 . 2014-08-29 01:44 4922368 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-03-01 09:03 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-03-01 09:03 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-03-01 09:03 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2015-03-01 09:03 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-03-01 09:03 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2015-03-01 09:03 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2015-03-01 09:03 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2015-03-01 09:03 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
2015-03-01 09:03 . 2014-07-17 02:07 681984 ----a-w- c:\windows\system32\termsrv.dll
2015-03-01 09:03 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
2015-03-01 09:03 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
2015-03-01 09:03 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2015-03-01 09:03 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2015-03-01 09:02 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2015-03-01 09:02 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2015-03-01 09:02 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2015-03-01 09:02 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2015-03-01 09:02 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2015-03-01 09:02 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2015-03-01 09:02 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2015-03-01 09:02 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2015-03-01 09:02 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2015-03-01 09:02 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2015-03-01 08:58 . 2015-03-01 08:58 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-03-01 08:54 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2015-03-01 08:54 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-03-01 08:51 . 2015-03-01 21:52 -------- d-----w- c:\users\User\AppData\Roaming\ZHP
2015-03-01 08:51 . 2015-03-01 08:51 -------- d-----w- c:\program files (x86)\ZHPDiag
2015-02-28 21:19 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2015-02-28 21:19 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2015-02-28 21:11 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2015-02-28 21:06 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-02-28 21:06 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2015-02-28 21:05 . 2013-08-02 02:12 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-02-28 21:05 . 2013-08-02 02:12 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-02-28 21:05 . 2013-08-02 01:48 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-02-28 21:05 . 2013-08-02 00:59 112640 ----a-w- c:\windows\system32\smss.exe
2015-02-28 21:05 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-28 21:05 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2015-02-28 21:05 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2015-02-28 21:05 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2015-02-28 21:05 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2015-02-28 21:05 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2015-02-28 21:05 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2015-02-27 22:07 . 2015-02-27 22:07 -------- d-----w- c:\windows\fr
2015-02-27 22:02 . 2015-02-27 22:02 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2015-02-27 21:58 . 2015-02-27 22:07 -------- d-----w- c:\program files (x86)\Windows Live
2015-02-27 21:52 . 2015-03-02 21:41 -------- d-----w- c:\users\User\AppData\Local\Windows Live
2015-02-27 21:51 . 2015-02-27 21:51 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2015-02-11 22:15 . 2015-02-11 22:15 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-27 21:57 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-02-25 22:00 . 2013-06-11 09:14 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-25 22:00 . 2013-06-11 09:14 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-24 21:45 . 2015-01-12 10:22 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-02-24 21:44 . 2015-01-12 10:21 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-02-16 16:23 . 2014-12-28 11:46 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-02-16 16:23 . 2014-12-28 11:45 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-02-16 15:16 . 2015-01-12 10:21 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-02-06 17:05 . 2014-12-28 11:44 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-01-29 16:49 . 2013-06-11 09:28 116773704 ----a-w- c:\windows\system32\MRT.exe
2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2013-06-11 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-02-06 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-08-14 3870288]
"uTorrent"="c:\users\User\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-28 1725776]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-02-27 3631448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2014-08-01 356128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Son Intel(R) pour �crans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-11 21:44 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2015-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11 22:00]
.
2015-03-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1334286575-1270827866-3252787556-1000Core.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-29 22:05]
.
2015-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1334286575-1270827866-3252787556-1000UA.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-29 22:05]
.
2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26 14:23]
.
2015-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26 14:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
------- Examen suppl�mentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://g.live.com/1rewlive4startup/home
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: T�l�charger avec IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: T�l�charger tous les liens avec Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s63qloy2.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{c0caa5fe-7c9c-4dca-a265-63cf55379d1a} - c:\progra~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
Toolbar-{c0caa5fe-7c9c-4dca-a265-63cf55379d1a} - c:\progra~2\MOVIES~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-EpicScale - c:\programdata\EpicScale\19\EpicScale.exe
Toolbar-10 - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Codec_is1 - c:\program files (x86)\Codec\Uninstall\unins000.exe
AddRemove-ilividbandoomoviestoolbarFF - c:\progra~2\MOVIES~1\Datamngr\SRTOOL~1\FF\uninstall.exe
AddRemove-ilividbandoomoviestoolbarIE - c:\progra~2\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1334286575-1270827866-3252787556-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):31,16,18,34,8b,f5,d3,ae,0c,2f,8b,27,bc,83,96,ac,28,64,da,6a,de,
a2,60,01,82,10,2e,93,52,05,41,fc,91,a9,71,01,b3,19,f9,cd,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1334286575-1270827866-3252787556-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):72,0b,a8,b1,73,24,a4,92,66,31,cf,17,ff,63,e4,3c,37,d6,d6,e7,4f,
e5,8a,80,9e,b6,b9,54,0b,c9,82,0b,37,f2,eb,e3,3b,07,24,47,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1334286575-1270827866-3252787556-1000_Classes\Wow6432Node\CLSID\{a066a787-4326-492e-9424-ca3cbaf5c144}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000f2
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,bb,7a,44,7c,30,60,6f,59,6d,76,d8,bd,62,f8,d9,eb,46,fc,bf,3d,be,ff,\
.
[HKEY_USERS\S-1-5-21-1334286575-1270827866-3252787556-1000_Classes\Wow6432Node\CLSID\{ef8a17f7-69ec-4f62-a236-9e40636b0fac}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000151
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-03-03 17:45:28
ComboFix-quarantined-files.txt 2015-03-03 16:45
.
Avant-CF: 111�022�055�424 octets libres
Apr�s-CF: 112�328�085�504 octets libres
.
- - End Of File - - 68F4DBE8F064EA5C79E92A94F01B29AB

Publicité


Signaler le contenu de ce document

Publicité