cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 14-02-20.01 - MOI 2 17/03/2015 1:38.2.2 - x86
Microsoft Windows�7 �dition Familiale Premium 6.1.7601.1.1252.33.1036.18.2047.1039 [GMT 1:00]
Lanc� depuis: e:\mes documents\TELECHARGEMENTS\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Pare-feu *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Disabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a �t� cr��
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1416077946.bdinstall.bin
c:\programdata\1416078080.bdinstall.bin
c:\programdata\1416084557.bdinstall.bin
c:\windows\system32\DEBUG.log
.
---- Ex�cution pr�alable -------
.
C:\hb_45.tmp
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-02-17 au 2015-03-17 ))))))))))))))))))))))))))))))))))))
.
.
2015-03-17 00:53 . 2015-03-17 00:54 -------- d-----w- c:\users\MOI 2\AppData\Local\temp
2015-03-17 00:53 . 2015-03-17 00:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-11 12:34 . 2015-03-11 12:34 -------- d-----w- c:\users\MOI 2\AppData\Roaming\InstallShield
2015-03-11 10:44 . 2015-02-20 03:09 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-03-11 10:44 . 2015-02-20 04:13 26624 ----a-w- c:\windows\system32\lpk.dll
2015-03-11 10:44 . 2015-02-20 04:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-03-11 10:44 . 2015-02-20 04:13 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-03-11 10:44 . 2015-02-20 04:13 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-03-11 10:44 . 2015-02-04 02:54 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-09 20:35 . 2015-03-09 21:28 -------- d-----w- c:\users\MOI 2\AppData\Roaming\ImgBurn
2015-03-09 20:01 . 2015-03-09 20:01 -------- d-----w- c:\program files\ImgBurn
2015-03-09 14:55 . 2015-03-09 14:55 -------- d-----w- c:\users\MOI 2\AppData\Roaming\SoftMaker
2015-03-09 14:55 . 2015-03-09 14:55 -------- d-----w- c:\program files\SoftMaker FreeOffice
2015-03-03 15:43 . 2015-03-03 15:43 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-02-26 06:07 . 2015-01-09 02:48 76800 ----a-w- c:\windows\system32\wdi.dll
2015-02-26 06:07 . 2015-01-09 02:48 635904 ----a-w- c:\windows\system32\perftrack.dll
2015-02-26 06:07 . 2015-01-09 02:48 27136 ----a-w- c:\windows\system32\powertracker.dll
2015-02-15 20:48 . 1999-11-12 04:11 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL
2015-02-15 20:48 . 1999-01-20 04:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL
2015-02-15 20:48 . 2015-02-15 20:48 -------- d-----w- c:\program files\Common Files\Borland Shared
2015-02-15 20:38 . 2015-02-15 20:38 -------- d-----w- c:\program files\ZebHelpProcess
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 10:01 . 2013-10-31 15:02 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 10:01 . 2013-10-31 15:02 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-04 02:54 . 2015-02-11 12:09 482304 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 02:53 . 2015-02-11 12:09 621056 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 02:53 . 2015-02-11 12:09 325632 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 02:53 . 2015-02-11 12:09 767488 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 02:53 . 2015-02-11 12:09 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 02:53 . 2015-02-11 12:09 159744 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 02:49 . 2015-02-11 12:09 886784 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 12:09 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-22 07:10 . 2014-10-16 15:45 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-19 02:43 . 2015-01-14 06:02 164864 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-14 06:02 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-11-21 1199344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^MOI 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=c:\users\MOI 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=c:\windows\pss\MyPC Backup.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adm_tray.exe]
2011-02-24 18:02 470240 ----a-w- c:\program files\Acronis\DriveMonitor\adm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 07:48 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2006-01-25 03:46 26112 ----a-w- c:\windows\System32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu]
2012-04-03 12:26 1273448 ----a-w- c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX]
2012-03-26 16:35 449168 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2014-12-17 04:41 311616 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Planificateur2 Acronis]
2011-02-12 06:40 365632 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 06:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-12-17 21:12 508800 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-10-10 481464]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 RTL8192cu;NETGEAR WNA1000M N150 Wireless USB Micro Adapter;c:\windows\system32\DRIVERS\WNA1000M.sys [2011-02-21 734824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 307544]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-30 1343400]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-10-10 622616]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 18624]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 77192]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 85128]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 MaConfigAgent;Ma-Config Agent;c:\program files\ma-config.com\MaConfigAgent.exe [2014-01-20 2117968]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2014-10-13 743688]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-05-28 55032]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-11-02 242504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-11 02:57 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2015-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31 10:01]
.
2015-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-30 10:41]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-30 10:41]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\users\MOI 2\AppData\Roaming\Mozilla\Firefox\Profiles\4q841xm1.default\
.
.
------- Associations de fichier -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-RAMDiskForWorkstations - c:\program files\SoftPerfect RAM Disk\RAMDiskWS.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2015-03-17 02:05:59
ComboFix-quarantined-files.txt 2015-03-17 01:05
.
Avant-CF: 55�730�491�392 octets libres
Apr�s-CF: 55�430�500�352 octets libres
.
- - End Of File - - B7D41D49E9F03D70406586232DB13446
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité