cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-04-14.01 - Cindy 15/04/2015 19:13:09.1.2 - x86
Microsoft� Windows Vista� �dition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.1650 [GMT 2:00]
Lanc� depuis: c:\users\Cindy\Desktop\CATH.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Config\uninstinethnfd.exe
c:\program files\Common Files\Config\ver.xml
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\programdata\ntuser.pol
c:\users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan
c:\users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\content.js
c:\users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\lsdb.js
c:\users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Q5A.js
c:\users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Wjg.js
c:\users\Administrateur\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\xYu7l3VJT.js
c:\users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan
c:\users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\background.html
c:\users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\content.js
c:\users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\lsdb.js
c:\users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\manifest.json
c:\users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Q5A.js
c:\users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Wjg.js
c:\users\Administrateur\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\xYu7l3VJT.js
c:\users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan
c:\users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\content.js
c:\users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\lsdb.js
c:\users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Q5A.js
c:\users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Wjg.js
c:\users\Administrateur\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\xYu7l3VJT.js
c:\users\Cindy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan
c:\users\Cindy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\background.html
c:\users\Cindy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\content.js
c:\users\Cindy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\lsdb.js
c:\users\Cindy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\manifest.json
c:\users\Cindy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Q5A.js
c:\users\Cindy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Wjg.js
c:\users\Cindy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\xYu7l3VJT.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm\181\background.html
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm\181\content.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm\181\KB0i.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm\181\lsdb.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjceekmpapinmdhfghihaeikdmbdnipm\181\manifest.json
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo\220\background.html
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo\220\content.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo\220\lsdb.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo\220\manifest.json
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo\220\XeKp.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilmdgdmjdkojpcchfiegejaihkopkhid
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilmdgdmjdkojpcchfiegejaihkopkhid\120\background.html
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilmdgdmjdkojpcchfiegejaihkopkhid\120\content.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilmdgdmjdkojpcchfiegejaihkopkhid\120\lsdb.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilmdgdmjdkojpcchfiegejaihkopkhid\120\manifest.json
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilmdgdmjdkojpcchfiegejaihkopkhid\120\YgzMiP.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpekolbadenjphaaapbgdienjjpgbali
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpekolbadenjphaaapbgdienjjpgbali\183\background.html
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpekolbadenjphaaapbgdienjjpgbali\183\content.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpekolbadenjphaaapbgdienjjpgbali\183\lsdb.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpekolbadenjphaaapbgdienjjpgbali\183\manifest.json
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpekolbadenjphaaapbgdienjjpgbali\183\Q6p7iV.js
c:\users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Cindy\AppData\Local\nsb1691.tmp
c:\users\Cindy\AppData\Local\nsoE4D4.tmp
c:\users\Cindy\AppData\Roaming\.#
c:\users\Cindy\AppData\Roaming\.#\MBX@17DC@1C82990.###
c:\users\Cindy\AppData\Roaming\.#\MBX@17DC@1C829C0.###
c:\users\Cindy\AppData\Roaming\.#\MBX@17DC@1C829F0.###
c:\users\Cindy\AppData\Roaming\.#\MBX@EC4@1B62990.###
c:\users\Cindy\AppData\Roaming\.#\MBX@EC4@1B629C0.###
c:\users\Cindy\AppData\Roaming\.#\MBX@EC4@1B629F0.###
c:\users\Invit�\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\content.js
c:\users\Invit�\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\lsdb.js
c:\users\Invit�\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Q5A.js
c:\users\Invit�\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Wjg.js
c:\users\Invit�\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\xYu7l3VJT.js
c:\users\Invit�\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\background.html
c:\users\Invit�\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\content.js
c:\users\Invit�\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\lsdb.js
c:\users\Invit�\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\manifest.json
c:\users\Invit�\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Q5A.js
c:\users\Invit�\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Wjg.js
c:\users\Invit�\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\xYu7l3VJT.js
c:\users\Invit�\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\content.js
c:\users\Invit�\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\lsdb.js
c:\users\Invit�\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Q5A.js
c:\users\Invit�\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\Wjg.js
c:\users\Invit�\AppData\Local\Google\Chrome\User Data\Default\Extensions\penlmiconnakpapellllddhipegoipan\3.9\xYu7l3VJT.js
c:\windows\system32\roboot.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-03-15 au 2015-04-15 ))))))))))))))))))))))))))))))))))))
.
.
2015-04-15 17:25 . 2015-04-15 17:28 -------- d-----w- c:\users\Cindy\AppData\Local\temp
2015-04-15 11:54 . 2015-03-09 01:01 1249280 ----a-w- c:\windows\system32\msxml3.dll
2015-04-15 11:44 . 2015-03-05 02:24 297984 ----a-w- c:\windows\system32\gdi32.dll
2015-04-15 11:42 . 2015-03-05 02:32 244152 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 11:42 . 2015-03-05 02:23 57344 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 11:42 . 2015-03-14 02:21 1205168 ----a-w- c:\windows\system32\ntdll.dll
2015-04-15 11:42 . 2015-03-13 01:51 3604920 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-04-15 11:42 . 2015-03-13 01:51 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-12 07:20 . 2015-04-12 07:20 -------- d-----w- C:\_OTL
2015-04-02 19:35 . 2015-04-02 19:35 -------- d-----w- c:\program files\SEAF
2015-03-24 18:15 . 2015-03-24 18:15 512 ----a-w- C:\PhysicalMBR.bin
2015-03-23 16:18 . 2015-03-23 16:54 -------- d-----w- c:\users\Cindy\AppData\Roaming\Solvusoft
2015-03-22 20:01 . 2015-03-22 20:01 -------- d-----w- c:\programdata\AVAST Software
2015-03-22 19:57 . 2015-03-22 19:57 -------- d-----w- c:\program files\AVAST Software
2015-03-21 09:51 . 2015-04-13 03:02 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-03-21 09:02 . 2015-04-14 09:00 -------- d-----w- c:\users\Cindy\AppData\Roaming\ZHP
2015-03-21 09:02 . 2015-04-13 03:02 -------- d-----w- c:\program files\ZHPDiag
2015-03-21 08:41 . 2015-01-29 01:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-21 08:39 . 2015-01-29 01:35 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-21 08:35 . 2015-02-26 00:18 2064384 ----a-w- c:\windows\system32\win32k.sys
2015-03-21 08:35 . 2014-12-19 00:25 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-03-21 08:34 . 2014-11-04 00:19 2048 ----a-w- c:\windows\system32\tzres.dll
2015-03-21 08:24 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-03-21 08:23 . 2015-02-20 02:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-03-21 08:23 . 2015-02-20 00:28 296960 ----a-w- c:\windows\system32\atmfd.dll
2015-03-21 08:20 . 2015-01-09 02:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-21 08:20 . 2015-01-09 00:18 64000 ----a-w- c:\windows\system32\smss.exe
2015-03-21 08:19 . 2015-01-21 02:02 807936 ----a-w- c:\windows\system32\msctf.dll
2015-03-21 08:17 . 2015-03-06 04:01 279040 ----a-w- c:\windows\system32\schannel.dll
2015-03-21 08:17 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-21 08:16 . 2014-10-13 01:12 2264064 ----a-w- c:\windows\system32\msi.dll
2015-03-21 08:15 . 2014-12-06 03:14 48640 ----a-w- c:\windows\system32\nlaapi.dll
2015-03-21 08:15 . 2014-12-06 03:14 174080 ----a-w- c:\windows\system32\nlasvc.dll
2015-03-21 08:15 . 2014-12-06 03:14 93184 ----a-w- c:\windows\system32\ncsi.dll
2015-03-21 08:06 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
2015-03-21 08:02 . 2015-03-21 08:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2015-03-21 08:00 . 2014-12-06 03:14 153600 ----a-w- c:\windows\system32\profsvc.dll
2015-03-21 07:56 . 2015-04-15 11:55 -------- d-----w- c:\users\Cindy\AppData\Local\CrashDumps
2015-03-20 18:12 . 2015-03-23 17:27 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-20 18:12 . 2015-03-20 18:16 -------- d-----w- c:\programdata\RogueKiller
2015-03-20 16:34 . 2015-04-12 09:24 -------- d-----w- C:\AdwCleaner
2015-03-20 14:10 . 2015-03-20 14:10 -------- d-----w- c:\program files\FB Dislike
2015-03-20 13:39 . 2015-03-20 13:39 -------- d-----w- c:\program files\Extreme User Agent Switcher
2015-03-19 17:40 . 2015-03-19 17:40 -------- d-----w- c:\program files\Film Stack
2015-03-19 12:41 . 2015-03-19 12:41 -------- d-----w- c:\program files\Phantasmat Une Nuit Sans Fin Edition Collector
2015-03-19 12:31 . 2015-03-19 12:31 -------- d-----w- c:\users\Cindy\AppData\Roaming\vlc
2015-03-19 11:35 . 2015-03-19 12:45 -------- d-----w- c:\users\Cindy\AppData\Roaming\Eipix
2015-03-19 11:35 . 2015-03-19 11:35 -------- d-----w- c:\programdata\Caphyon
2015-03-19 11:33 . 2015-03-19 11:33 -------- d-----w- c:\program files\Final Cut La Grande Echappee Edition Collector
2015-03-19 11:29 . 2015-03-19 12:36 -------- d-----w- c:\users\Cindy\AppData\Roaming\ECloZion
2015-03-19 11:17 . 2015-03-19 11:45 -------- d-----w- c:\users\Cindy\AppData\Roaming\Elephant Games
2015-03-19 10:25 . 2015-03-19 10:25 -------- d-----w- c:\programdata\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 12:50 . 2014-10-29 14:27 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 12:50 . 2014-10-29 14:27 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-14 10:06 . 2015-04-14 19:28 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6ED9FAF9-987C-4295-9725-E16DC93337EF}\mpengine.dll
2015-02-24 02:23 . 2009-10-02 23:58 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
2015-02-04 10:23 . 2015-02-04 10:23 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2010-01-26 08:11 . 2014-04-30 11:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Utilitaire de configuration sans fil.lnk - c:\program files\TRENDnet\TEW-649UB\WlanCU.exe [2014-9-6 512000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'T�ches planifi�es'
.
2015-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-29 12:50]
.
2015-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd9a8b671fcf50.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-20 17:12]
.
2015-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-20 17:12]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
LSP: c:\windows\system32\MyOSProtect.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-IDMSQ - c:\program files\IDMSQ\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-15 19:27
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1092)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\TRENDnet\TEW-649UB\WlanWpsSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2015-04-15 19:33:55 - La machine a red�marr�
ComboFix-quarantined-files.txt 2015-04-15 17:33
.
Avant-CF: 50�702�790�656 octets libres
Apr�s-CF: 49�896�222�720 octets libres
.
- - End Of File - - 1749CC47F6731468502ED2600C48BC82
EF932EAA6EF4C94E66A7F6CEEC7EB422

Publicité


Signaler le contenu de ce document

Publicité