cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-03-09.01 - Fabio 09/03/2015 17:15:45.1.1 - x86
Microsoft� Windows Vista� �dition Familiale Basique 6.0.6002.2.1252.33.1036.18.2812.1875 [GMT 1:00]
Lanc� depuis: c:\users\Fabio\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{68d51afc-81f9-043c-c299-9124f21ee9e9}\0103~1\7154~1\CFFE~1\{68d51afc-81f9-043c-c299-9124f21ee9e9}\@
c:\program files\Google\Desktop\Install\{68d51afc-81f9-043c-c299-9124f21ee9e9}\0103~1\7154~1\CFFE~1\{68d51afc-81f9-043c-c299-9124f21ee9e9}\L\00000004.@
c:\program files\Google\Desktop\Install\{68d51afc-81f9-043c-c299-9124f21ee9e9}\0103~1\7154~1\CFFE~1\{68d51afc-81f9-043c-c299-9124f21ee9e9}\L\76603ac3
c:\program files\Google\Desktop\Install\{68d51afc-81f9-043c-c299-9124f21ee9e9}\0103~1\7154~1\CFFE~1\{68d51afc-81f9-043c-c299-9124f21ee9e9}\U\00000004.@
c:\program files\Google\Desktop\Install\{68d51afc-81f9-043c-c299-9124f21ee9e9}\0103~1\7154~1\CFFE~1\{68d51afc-81f9-043c-c299-9124f21ee9e9}\U\00000008.@
c:\program files\Google\Desktop\Install\{68d51afc-81f9-043c-c299-9124f21ee9e9}\0103~1\7154~1\CFFE~1\{68d51afc-81f9-043c-c299-9124f21ee9e9}\U\000000cb.@
c:\program files\Google\Desktop\Install\{68d51afc-81f9-043c-c299-9124f21ee9e9}\0103~1\7154~1\CFFE~1\{68d51afc-81f9-043c-c299-9124f21ee9e9}\U\80000000.@
c:\program files\Google\Desktop\Install\{68d51afc-81f9-043c-c299-9124f21ee9e9}\0103~1\7154~1\CFFE~1\{68d51afc-81f9-043c-c299-9124f21ee9e9}\U\80000032.@
c:\programdata\BD61E308AC.sys
c:\users\Fabio\AppData\Local\Google\Desktop\Install
c:\users\Fabio\AppData\Local\Google\Desktop\Install\{68d51afc-81f9-043c-c299-9124f21ee9e9}\C3C1~1\01C8~1\CFFE~1\{68d51afc-81f9-043c-c299-9124f21ee9e9}\@
c:\users\Public\sdelevURL.tmp
c:\windows\msdownld.tmp
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll . . . . impossible � supprimer
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-02-09 au 2015-03-09 ))))))))))))))))))))))))))))))))))))
.
.
2015-03-09 10:36 . 2015-03-09 14:08 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-09 10:36 . 2015-03-09 10:36 -------- d-----w- c:\programdata\RogueKiller
2015-03-09 09:11 . 2015-03-09 09:11 -------- d-----w- c:\users\Fabio\AppData\Roaming\LolClient
2015-03-09 00:39 . 2015-03-09 00:39 -------- d-----w- c:\programdata\Riot Games
2015-03-08 23:55 . 2015-03-08 23:55 -------- d-----w- c:\programdata\GlarySoft
2015-03-08 23:55 . 2015-03-08 23:55 17344 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-03-08 23:54 . 2015-03-08 23:55 -------- d-----w- c:\program files\Glary Utilities 5
2015-03-08 23:34 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2015-03-08 23:34 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2015-03-08 23:34 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2015-03-08 23:33 . 2015-03-08 23:33 -------- d-----w- C:\Riot Games
2015-03-08 18:52 . 2015-03-08 18:52 -------- d-----w- C:\TDSSKiller_Quarantine
2015-03-08 18:18 . 2012-10-15 16:02 17840 ----a-w- c:\windows\system32\roboot.exe
2015-03-08 17:10 . 2015-03-08 17:10 -------- d-----w- c:\program files\Kaspersky Lab
2015-03-08 17:10 . 2015-03-09 16:30 -------- d-----w- c:\programdata\Kaspersky Lab
2015-03-08 17:09 . 2014-11-28 17:19 120008 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-03-08 17:09 . 2014-10-22 20:13 36040 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-03-07 23:46 . 2015-03-07 23:46 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-03-07 23:29 . 2015-03-08 18:42 -------- d-----w- c:\users\Fabio\AppData\Roaming\ZHP
2015-03-07 23:29 . 2015-03-07 23:49 -------- d-----w- c:\program files\ZHPDiag
2015-03-07 20:57 . 2015-03-08 00:16 -------- d-----w- C:\OETemp
2015-03-07 20:24 . 2015-03-07 20:24 -------- d-----w- c:\users\Fabio\AppData\Local\Opera Software
2015-03-07 20:24 . 2015-03-07 20:24 -------- d-----w- c:\users\Fabio\AppData\Roaming\Opera Software
2015-03-07 20:22 . 2015-03-07 20:24 -------- d-----w- c:\program files\Opera
2015-03-07 18:19 . 2015-03-07 21:32 -------- d-----w- c:\programdata\MFAData
2015-03-07 18:19 . 2015-03-07 18:19 -------- d--h--w- c:\programdata\Common Files
2015-03-07 18:19 . 2015-03-07 18:19 -------- d-----w- c:\users\Fabio\AppData\Local\MFAData
2015-03-07 16:57 . 2015-03-07 16:57 9728 ----a-w- c:\windows\system32\yk60x86ver.dll
2015-03-07 16:56 . 2015-03-07 16:56 -------- d-----w- c:\program files\Marvell
2015-02-15 15:07 . 2015-02-15 15:07 -------- d-----w- c:\program files\Microsoft XNA
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-07 20:28 . 2012-05-21 09:21 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-07 20:28 . 2011-09-16 18:10 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD}]
2015-03-09 16:26 1699112 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{93BC2EA7-2F17-4729-948A-D2E03FFB2412}]
2015-03-09 16:26 1699112 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82}]
2015-03-09 16:26 1699112 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2015-03-02 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hyperappel de 'Tout sur les verbes Fran�ais'.lnk]
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub]
2007-11-28 00:40 298536 ----a-w- c:\program files\ActivIdentity\ActivClient\accrdsub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
2010-10-27 09:44 328992 ----a-w- c:\program files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-12-04 15:14 75016 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-01-12 10:21 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoSCC]
2008-06-30 15:33 245493 ----a-w- c:\ordina13 help\MessageSCC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-08-07 05:25 21432 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-08-07 05:25 960440 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-08-07 05:25 3524536 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-01-09 23:31 2393376 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2008-08-08 14:47 319000 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-11-03 09:20 220744 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-02-18 16:00 177720 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 21:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2009-01-16 15:02 3866624 ----a-w- c:\program files\Analog Devices\SoundMAX\SoundMAX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-05-18 15:28 1314816 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 13:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-06-04 00:17 1791272 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2009-03-04 19:47 200848 ----a-w- c:\program files\InterVideo\DVD8SESD\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-03-10 20:44 506936 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ORAHSSSessionManager"="c:\program files\Orange\Connexion Internet Orange\SessionManager\SessionManager.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-11-28 185896]
.
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-09 23:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2015-03-09 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files\Glary Utilities 5\Initialize.exe [2015-03-02 05:38]
.
.
------- Examen suppl�mentaire -------
.
mStart Page = hxxp://www.msn.fr
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Sauvegarder la vid�o YouTube sous MP3 - c:\users\Fabio\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: {{5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll
Trusted Zone: samsungsetup.com\www
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{EF79F67A-6AD7-4715-A0F8-932FCA442023} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
SafeBoot-03779504.sys
SafeBoot-21129996.sys
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-EADM - c:\program files\Origin\Origin.exe
MSConfigStartUp-Google Update - c:\users\Fabio\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-09 17:32
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{EF79F67A-6AD7-4715-A0F8-932FCA442023}"=hex:51,66,7a,6c,4c,1d,38,12,14,f5,6a,
eb,e5,24,7b,02,df,ee,d0,6f,cf,1a,64,37
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,38,12,85,b5,89,
a4,87,7f,22,00,e8,fa,d8,69,48,cc,aa,3e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{F26C4D8B-3257-498C-9C67-708673F2DD61}"=hex:51,66,7a,6c,4c,1d,38,12,e5,4e,7f,
f6,65,7c,e2,0c,e3,71,33,c6,76,ac,99,75
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:03,6a,a5,63,eb,b1,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,cb,52,cf,7f,bf,85,46,99,dd,3f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,cb,52,cf,7f,bf,85,46,99,dd,3f,\
.
[HKEY_USERS\S-1-5-21-46301255-144469182-408411990-1020\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-46301255-144469182-408411990-1020\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-46301255-144469182-408411990-1020)
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-46301255-144469182-408411990-1020\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-46301255-144469182-408411990-1020)
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-46301255-144469182-408411990-1020\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-46301255-144469182-408411990-1020)
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-46301255-144469182-408411990-1020\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-46301255-144469182-408411990-1020)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-46301255-144469182-408411990-1020\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-46301255-144469182-408411990-1020)
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-46301255-144469182-408411990-1020\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-46301255-144469182-408411990-1020)
@Denied: (2) (LocalSystem)
"Progid"="OperaStable"
.
[HKEY_USERS\S-1-5-21-46301255-144469182-408411990-1020\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fingerprint Sensor\AtService.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Heure de fin: 2015-03-09 17:38:41 - La machine a red�marr�
ComboFix-quarantined-files.txt 2015-03-09 16:38
.
Avant-CF: 72�862�056�448 octets libres
Apr�s-CF: 73�127�161�856 octets libres
.
- - End Of File - - 022C11F41C061B02AD54798C51DD5C39
5C616939100B85E558DA92B899A0FC36

Publicité


Signaler le contenu de ce document

Publicité