cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-07-07.01 - Owner 07/07/2015 14:38:33.1.4 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1922.1097 [GMT 1:00]
Lancé depuis: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\SuperCopier2\SC2Hook.dll
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\69dc8177-a574-4dff-8461-b3267b078dcf\40882d6a-0c6a-479b-917d-dd9bf7ea5963.dll
c:\program files\69dc8177-a574-4dff-8461-b3267b078dcf\9d5b5dfe-1daf-4852-b6fd-0ba80aa7ac4f.dll
c:\program files\CinemaP-1.9cV16.03\156eacdc-6be3-484e-958c-b1950c01381c.dll
c:\program files\Common Files\Config\uninstinethnfd.exe
c:\program files\Common Files\Config\ver.xml
c:\program files\MiuiTab\SuPTab.dll
c:\program files\Skype\Phone\Skype.exe
c:\program files\Uniblue\SpeedUpMyPC
c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-Bold.ttf
c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-BoldItalic.ttf
c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-ExtraBold.ttf
c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-Italic.ttf
c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-Light.ttf
c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-LightItalic.ttf
c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-Regular.ttf
c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-Semibold.ttf
c:\program files\Uniblue\SpeedUpMyPC\fonts\OpenSans-SemiboldItalic.ttf
c:\program files\Uniblue\SpeedUpMyPC\icudt.dll
c:\program files\Uniblue\SpeedUpMyPC\InstallerExtensions.dll
c:\program files\Uniblue\SpeedUpMyPC\libcef.dll
c:\program files\Uniblue\SpeedUpMyPC\library.dat
c:\program files\Uniblue\SpeedUpMyPC\locale\da\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\ja\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\pt_BR\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locale\sv\LC_MESSAGES\messages.mo
c:\program files\Uniblue\SpeedUpMyPC\locales\en-US.pak
c:\program files\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT\msvcp90.dll
c:\program files\Uniblue\SpeedUpMyPC\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\Uniblue\SpeedUpMyPC\resources.dat
c:\program files\Uniblue\SpeedUpMyPC\speedupmypc.exe
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\cefpython.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\cython.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\jquery.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\knockoutjs.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\knockoutmappingjs.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\opensans-font.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\protobuf.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\py2exe.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\python-changes.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\python.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\pywin32.txt
c:\program files\Uniblue\SpeedUpMyPC\Third-party Terms\qtip2.txt
c:\program files\Uniblue\SpeedUpMyPC\thirdpartyinstaller.exe
c:\program files\Uniblue\SpeedUpMyPC\unins000.dat
c:\program files\Uniblue\SpeedUpMyPC\unins000.exe
c:\program files\Uniblue\SpeedUpMyPC\unins000.msg
c:\programdata\ntuser.pol
c:\users\Owner\AppData\Local\Temp\~eff18e\~de8c3a.tmp
c:\users\Owner\AppData\Local\Temp\~eff18e\~df394b.tmp
c:\users\Owner\AppData\Roaming\BYAIAMUF.exe
c:\users\Owner\AppData\Roaming\GNOK.exe
c:\windows\system32\Drivers\nethfdrv.sys
c:\windows\system32\hfnapi.dll
c:\windows\system32\hfpapi.dll
c:\windows\system32\installd.exe
c:\windows\system32\nethtsrv.exe
c:\windows\system32\netupdsrv.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Service_globalUpdate
-------\Service_nethfdrv
-------\Service_NetHttpService
-------\Service_ServiceUpdater
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-06-07 au 2015-07-07 ))))))))))))))))))))))))))))))))))))
.
.
2015-07-07 10:49 . 2015-07-07 10:49 687 ----a-w- C:\awhAAFE.tmp
2015-07-07 10:44 . 2015-07-07 13:41 -------- d-----w- c:\program files\Common Files\Config
2015-07-06 15:02 . 2015-07-06 06:41 43144 ----a-w- c:\windows\system32\drivers\{77cff169-0511-4a34-a6d2-15ff5be65ad5}Gw.sys
2015-07-05 17:28 . 2015-07-05 17:28 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-05 17:28 . 2015-07-05 17:28 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-04 18:37 . 2015-07-04 18:37 -------- d-----w- c:\windows\system32\RNBOSENT
2015-07-04 18:37 . 2001-06-21 19:39 73728 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS
2015-07-04 18:37 . 2001-06-21 19:39 49664 ----a-w- c:\windows\system32\SNTI386.DLL
2015-07-04 18:37 . 2001-06-21 19:39 18432 ----a-w- c:\windows\system32\RNBOVDD.DLL
2015-07-04 18:16 . 2015-07-04 18:16 -------- d-----w- c:\program files\Géomédia
2015-07-04 18:15 . 1998-07-30 16:40 306688 ----a-w- c:\windows\IsUn040c.exe
2015-07-04 18:13 . 2015-07-04 18:13 -------- d-----w- c:\users\Owner\AppData\Local\Intel_Corporation
2015-07-04 18:08 . 2003-12-17 09:17 602112 ----a-w- C:\Cov2004Srv.arx
2015-07-04 18:05 . 2015-07-04 18:05 -------- d-----w- c:\windows\system32\Common Files
2015-07-03 10:26 . 2015-07-03 00:31 43144 ----a-w- c:\windows\system32\drivers\{a6d9bd59-174b-432d-83b8-bcc90fea1fa7}Gw.sys
2015-07-02 18:08 . 2015-07-07 13:41 -------- d-----w- c:\program files\Uniblue
2015-07-02 18:08 . 2015-07-02 18:08 -------- d-----w- c:\users\Owner\AppData\Roaming\Uniblue
2015-07-02 17:53 . 2015-07-01 22:34 43144 ----a-w- c:\windows\system32\drivers\{dc9530fb-5ce1-45b1-80ef-a81cdd897791}Gw.sys
2015-07-02 17:44 . 2015-07-02 17:44 -------- d-----w- c:\programdata\IHProtectUpDate
2015-07-02 17:44 . 2015-07-07 13:41 -------- d-----w- c:\program files\MiuiTab
2015-07-02 17:44 . 2015-07-02 17:44 -------- d-----w- c:\programdata\WindowsMangerProtect
2015-07-02 17:41 . 2015-07-02 17:41 -------- d-----w- c:\users\Owner\AppData\Roaming\mystartsearch
2015-07-02 17:40 . 2015-07-05 17:57 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2015-07-02 17:39 . 2015-07-07 13:34 -------- d-----w- c:\program files\Pine Tree
2015-07-02 10:35 . 2015-07-05 00:41 -------- d-----w- c:\users\Owner\AppData\Roaming\vlc
2015-07-01 21:55 . 2015-07-01 21:55 -------- d-----w- c:\users\Owner\AppData\Roaming\Opera Software
2015-07-01 21:55 . 2015-07-01 21:55 -------- d-----w- c:\users\Owner\AppData\Local\Opera Software
2015-07-01 21:45 . 2015-07-01 21:45 -------- d-----w- c:\users\Owner\AppData\Local\1824
2015-07-01 21:42 . 2015-07-07 13:41 -------- d-----w- c:\program files\69dc8177-a574-4dff-8461-b3267b078dcf
2015-07-01 21:42 . 2015-07-01 21:42 -------- d-----w- c:\users\Owner\AppData\Local\globalUpdate
2015-07-01 21:42 . 2015-07-01 21:42 -------- d-----w- c:\program files\globalUpdate
2015-07-01 21:42 . 2015-07-07 13:41 -------- d-----w- c:\program files\CinemaP-1.9cV16.03
2015-07-01 21:35 . 2015-07-01 21:35 -------- d-----w- c:\program files\GUPlayer
2015-07-01 21:31 . 2015-07-07 13:39 -------- d-----w- c:\program files\Opera
2015-07-01 21:26 . 2015-07-01 21:27 -------- d-----w- c:\users\Owner\AppData\Roaming\4shared Desktop
2015-07-01 21:26 . 2015-07-01 21:26 -------- d-----w- c:\program files\4shared Desktop
2015-07-01 21:06 . 2015-07-01 21:06 -------- d-----w- c:\program files\GUM90F9.tmp
2015-07-01 21:00 . 2015-06-24 00:23 9252600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B7131C3-2130-49F1-8DA1-5851B13D3D44}\mpengine.dll
2015-07-01 20:39 . 2015-07-01 20:39 -------- d-----w- c:\program files\Autodesk
2015-07-01 20:39 . 2015-07-01 20:39 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2015-07-01 20:39 . 2015-07-01 20:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2015-07-01 20:39 . 2015-07-01 20:39 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2015-07-01 20:38 . 2015-07-01 20:38 -------- d-----w- c:\users\Owner\AppData\Local\Autodesk
2015-07-01 20:38 . 2015-07-04 18:05 -------- d-----w- c:\program files\AnswerWorks 4.0
2015-07-01 20:38 . 2015-07-04 18:05 -------- d-----w- c:\windows\system32\1036
2015-07-01 20:37 . 2015-07-04 18:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Autodesk
2015-07-01 20:37 . 2015-07-04 18:05 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2015-07-01 20:37 . 2015-07-04 18:05 -------- d-----w- c:\program files\AutoCAD 2004
2015-07-01 20:37 . 2015-07-01 20:37 -------- d-----w- c:\programdata\Autodesk
2015-07-01 11:54 . 2013-07-30 19:44 94208 ----a-w- c:\windows\system32\IccLibDll.dll
2015-07-01 11:53 . 2013-06-18 12:22 77528 ----a-w- c:\windows\system32\RtNicProp32.dll
2015-07-01 11:53 . 2013-06-18 12:22 669912 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2015-07-01 11:53 . 2013-06-18 12:22 102104 ----a-w- c:\windows\system32\RTNUninst32.dll
2015-07-01 11:53 . 2013-01-23 14:57 56432 ----a-w- c:\windows\system32\drivers\HECI.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-11-07 3882576]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBScan.exe"="c:\program files\USBScan\USBScan.exe" [2009-08-13 1358848]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-08-02 12000984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-24 308208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-24 318960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-24 315376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\GoogleUpdate.exe [2015-07-01 68608]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 {77cff169-0511-4a34-a6d2-15ff5be65ad5}Gw;{77cff169-0511-4a34-a6d2-15ff5be65ad5}Gw;c:\windows\system32\drivers\{77cff169-0511-4a34-a6d2-15ff5be65ad5}Gw.sys [2015-07-06 43144]
S1 {a6d9bd59-174b-432d-83b8-bcc90fea1fa7}Gw;{a6d9bd59-174b-432d-83b8-bcc90fea1fa7}Gw;c:\windows\system32\drivers\{a6d9bd59-174b-432d-83b8-bcc90fea1fa7}Gw.sys [2015-07-03 43144]
S1 {dc9530fb-5ce1-45b1-80ef-a81cdd897791}Gw;{dc9530fb-5ce1-45b1-80ef-a81cdd897791}Gw;c:\windows\system32\drivers\{dc9530fb-5ce1-45b1-80ef-a81cdd897791}Gw.sys [2015-07-01 43144]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-05-01 1394816]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-05-01 1772672]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-10-01 115240]
S2 IHProtect Service;IHProtect Service;c:\program files\MiuiTab\ProtectService.exe [2015-06-24 125112]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
S2 Update Pine Tree;Update Pine Tree;c:\program files\Pine Tree\updatePineTree.exe [2015-07-07 465648]
S2 Util Pine Tree;Util Pine Tree;c:\program files\Pine Tree\bin\utilPineTree.exe [2015-07-07 465648]
S2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [2015-07-02 707240]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2013-01-23 56432]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-06-18 669912]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-01 22:14 990024 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-07-05 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe [2015-07-05 17:28]
.
2015-07-07 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Owner\AppData\Local\1824\Updater.exe [2015-07-01 21:45]
.
2015-07-07 c:\windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-6.job
- c:\program files\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-6.exe [2015-07-01 21:43]
.
2015-07-07 c:\windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-7.job
- c:\program files\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-7.exe [2015-07-01 21:43]
.
2015-07-07 c:\windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-10_user.job
- c:\program files\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-10.exe [2015-07-01 21:42]
.
2015-07-07 c:\windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-3.job
- c:\program files\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-3.exe [2015-07-01 21:42]
.
2015-07-07 c:\windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-4.job
- c:\program files\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-4.exe [2015-07-01 21:42]
.
2015-07-07 c:\windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5.job
- c:\program files\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5.exe [2015-07-01 21:43]
.
2015-07-07 c:\windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5_user.job
- c:\program files\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-5.exe [2015-07-01 21:43]
.
2015-07-07 c:\windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-6.job
- c:\program files\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-6.exe [2015-07-01 21:42]
.
2015-07-07 c:\windows\Tasks\e653cf25-f107-4cbe-b8d1-5dadaea354f2-7.job
- c:\program files\CinemaP-1.9cV16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-7.exe [2015-07-01 21:42]
.
2015-07-07 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files\globalUpdate\Update\GoogleUpdate.exe [2015-07-01 21:42]
.
2015-07-06 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files\globalUpdate\Update\GoogleUpdate.exe [2015-07-01 21:42]
.
2015-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-14 22:34]
.
2015-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-14 22:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=1435859081&z=bd0f28781bd0a30a82d85begaz3c7w4b2w0t5e0b0e&from=tugs&uid=ST500DM002-1BD142_Z6EDQXBB
mStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=1435858863&z=7db6cddcc08beca08c96afdgdz1c8w9bew1bdbfqec&from=tugs&uid=ST500DM002-1BD142_Z6EDQXBB
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.8.1 192.168.8.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ckxd8osm.default\
FF - prefs.js: browser.search.selectedEngine - mystartsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.mystartsearch.com/?type=hppp&ts=1435859081&z=bd0f28781bd0a30a82d85begaz3c7w4b2w0t5e0b0e&from=tugs&uid=ST500DM002-1BD142_Z6EDQXBB
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/
FF - user.js: browser.search.defaultenginename - mystartsearch
FF - user.js: browser.search.selectedEngine - mystartsearch
FF - user.js: browser.startup.homepage - hxxp://www.mystartsearch.com/?type=hppp&ts=1435859081&z=bd0f28781bd0a30a82d85begaz3c7w4b2w0t5e0b0e&from=tugs&uid=ST500DM002-1BD142_Z6EDQXBB
FF - user.js: browser.startup.page - 1
.
.
------- Associations de fichier -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-inethnfd - c:\program files\Common Files\Config\uninstinethnfd.exe
AddRemove-{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 - c:\program files\Uniblue\SpeedUpMyPC\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mchInjDrv]
"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\mc295D8.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-4166744050-883438933-4161333455-1000_Classes\CLSID\{06a471a5-021a-4fd1-a545-62545b6234b4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bb
"Therad"=dword:00000008
.
[HKEY_USERS\S-1-5-21-4166744050-883438933-4161333455-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):8b,72,a2,c2,ab,86,fc,7d,15,0a,39,67,b4,e1,ad,54,e1,76,09,7b,7a,
54,c6,27,88,f1,c7,53,b4,7a,9a,4e,86,7a,a0,00,c5,65,5e,cf,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(4952)
c:\program files\SuperCopier2\SC2Hook.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\MiuiTab\cmdshell.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Pine Tree\bin\PineTree.BrowserAdapter.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Pine Tree\bin\PineTree.PurBrowse.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Heure de fin: 2015-07-07 14:44:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2015-07-07 13:44
.
Avant-CF: 229 926 797 312 octets libres
Après-CF: 231 196 729 344 octets libres
.
- - End Of File - - 677FC3042E718CCBED231CDB4C5322FF
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité