cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 14-07-21.01 - AMINE 21/07/2014 19:52:02.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3063.2146 [GMT 0:00]
Lancé depuis: c:\users\AMINE\Desktop\ComboFix_2.exe
AV: Kaspersky PURE *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AMINE\AppData\Local\assembly\tmp
c:\windows\system\VI30AUT.DLL
c:\windows\system32\drivers\SkyNetU2CBDA.sys
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkyNetU2CBDA
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2014-06-21 au 2014-07-21 ))))))))))))))))))))))))))))))))))))
.
.
2014-07-19 15:50 . 2014-07-21 19:57 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{619E5C01-37CF-498D-B91E-C3DE427B505C}\offreg.dll
2014-07-16 12:17 . 2014-07-16 12:17 -------- d-----w- c:\programdata\Riot Games
2014-07-14 04:52 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{619E5C01-37CF-498D-B91E-C3DE427B505C}\mpengine.dll
2014-07-09 13:47 . 2014-07-09 14:21 -------- d-----w- c:\users\AMINE\AppData\Local\Linkey
2014-07-09 13:47 . 2014-07-09 13:47 -------- d-----w- c:\users\AMINE\AppData\Roaming\Settings Manager
2014-07-09 13:46 . 2014-07-09 14:21 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery
2014-07-09 12:41 . 2014-07-09 14:22 -------- d-----w- c:\program files\CardRecovery
2014-07-09 12:31 . 2014-07-09 14:21 -------- d-----w- c:\users\AMINE\AppData\Local\WinZip
2014-07-09 12:31 . 2014-07-09 12:31 -------- d-----w- c:\programdata\WinZip
2014-07-09 12:25 . 2014-07-09 12:25 -------- d-----w- c:\programdata\RegistryReviver.exe
2014-07-09 12:24 . 2014-07-09 12:24 -------- d-----w- c:\programdata\ReviverSoft
2014-07-09 12:24 . 2014-07-09 12:24 -------- d-----w- c:\program files\ReviverSoft
2014-07-09 12:15 . 2014-07-09 12:15 -------- d-----w- c:\program files\GetData
2014-07-09 08:19 . 2014-07-09 10:40 -------- d-----w- C:\DrFoneCache
2014-07-09 08:19 . 2014-07-09 10:33 -------- d-----w- C:\DrFoneForAndroid
2014-07-09 07:51 . 2014-07-09 14:21 -------- d-----w- c:\users\AMINE\AppData\Roaming\OpenCandy
2014-07-09 05:20 . 2014-07-09 05:20 -------- d-----w- c:\users\AMINE\AppData\Local\Wondershare
2014-07-09 05:20 . 2014-07-09 05:20 -------- d-----w- c:\program files\Common Files\Wondershare
2014-07-09 05:20 . 2014-07-09 05:20 -------- d-----w- c:\users\AMINE\AppData\Roaming\Wondershare
2014-07-09 05:20 . 2014-07-09 05:20 -------- d-----w- c:\program files\Wondershare
2014-07-09 04:57 . 2014-07-09 14:21 -------- d-----w- c:\program files\Remo Recover for Android 2.0
2014-07-09 04:49 . 2014-07-09 04:49 -------- d-----w- c:\users\AMINE\AppData\Local\Apple Computer
2014-07-09 04:49 . 2014-07-09 04:49 -------- d-----w- c:\users\AMINE\AppData\Roaming\Apple Computer
2014-07-09 04:46 . 2014-07-09 14:28 -------- d-----w- c:\program files\iPod
2014-07-09 04:45 . 2014-07-09 14:21 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-09 04:45 . 2014-07-09 14:22 -------- d-----w- c:\program files\iTunes
2014-07-09 04:45 . 2014-07-09 14:21 -------- d-----w- c:\programdata\Apple Computer
2014-07-09 04:43 . 2014-07-09 04:43 -------- d-----w- c:\users\AMINE\AppData\Local\Apple
2014-07-09 04:43 . 2014-07-09 04:43 -------- d-----w- c:\program files\Apple Software Update
2014-07-09 04:42 . 2014-07-09 04:42 -------- d-----w- c:\program files\Bonjour
2014-07-09 04:41 . 2014-07-09 15:56 -------- d-----w- c:\program files\Common Files\Apple
2014-07-09 04:41 . 2014-07-09 04:43 -------- d-----w- c:\programdata\Apple
2014-07-09 04:31 . 2014-07-09 15:21 -------- d-----w- c:\program files\Android Data Recovery Pro
2014-07-09 03:20 . 2014-07-09 03:20 -------- d-----w- c:\users\AMINE\AppData\Local\Kingo
2014-07-09 03:07 . 2014-07-09 03:08 -------- d-----w- c:\program files\HTC
2014-07-09 03:00 . 2014-07-09 03:00 -------- d-----w- c:\users\AMINE\AppData\Roaming\ZJMedia
2014-07-09 03:00 . 2014-07-09 03:00 -------- d-----w- c:\users\AMINE\AppData\Local\ZJMedia
2014-07-09 03:00 . 2014-07-09 23:27 -------- d-----w- c:\program files\Kingo Android ROOT
2014-07-09 02:53 . 2014-07-09 13:15 -------- d-----w- C:\TenorshareData
2014-07-09 02:52 . 2014-07-09 05:20 -------- d-----w- c:\users\AMINE\.android
2014-07-09 02:51 . 2014-07-09 15:20 -------- d-----w- c:\program files\Android Data Recovery
2014-07-09 02:39 . 2014-02-10 09:42 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-07-09 02:39 . 2014-02-10 09:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-07-09 02:39 . 2014-07-09 23:32 -------- d-----w- c:\program files\EaseUS
2014-07-09 02:32 . 2014-07-09 02:32 -------- d-----w- c:\program files\Smart PC Solutions
2014-07-09 02:26 . 2014-07-09 02:26 -------- d-----w- c:\users\AMINE\AppData\Roaming\JihoPhotoRecovery
2014-07-09 02:25 . 2014-07-09 02:25 -------- d-----w- c:\program files\Jihosoft
2014-07-08 03:23 . 2014-07-08 03:23 -------- d-----w- c:\users\AMINE\AppData\Local\Downloaded Installations
2014-07-08 03:06 . 2014-07-08 03:08 -------- d-----w- c:\users\AMINE\AppData\Roaming\ICQ-Profile
2014-07-08 03:06 . 2014-07-08 03:06 -------- d-----w- c:\users\AMINE\AppData\Roaming\ICQM
2014-07-04 14:56 . 2014-07-04 19:30 -------- d-----w- c:\users\AMINE\AppData\Local\Temporary Projects
2014-07-03 02:00 . 2014-07-03 02:00 -------- d-----w- c:\programdata\Hewlett-Packard
2014-07-03 01:59 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2014-06-24 19:32 . 2014-06-24 19:52 -------- d-----w- C:\A_Gestion
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 22:05 . 2013-09-02 04:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 22:05 . 2013-09-02 04:09 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 08:28 . 2012-07-12 08:28 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 20:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-11-13 3540416]
"uTorrent"="c:\users\AMINE\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-04 1322832]
"icq"="c:\users\AMINE\AppData\Roaming\ICQM\icq.exe" [2014-07-08 34848264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
.
c:\users\AMINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Curse.lnk - c:\users\AMINE\AppData\Roaming\Curse Client\Bin\Curse.exe /startup [2014-4-28 8493320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2014-1-11 1214032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 11.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
backup=c:\windows\pss\Snagit 11.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
2009-07-29 23:06 1138688 ----a-w- c:\program files\Athan\Athan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-06-18 09:07 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-12-09 09:51 336992 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SEO Soft]
2013-10-06 00:04 9708032 ----a-w- c:\program files\SEO Soft\seosoft.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\Drivers\adildr.sys [2007-01-10 56088]
R2 Internet Mobile. RunOuc;Internet Mobile. OUC;c:\program files\Internet Mobile\UpdateDog\ouc.exe [2014-01-26 655712]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2014-01-26 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2014-01-26 11136]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-12-07 23040]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2014-01-26 95616]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2014-01-26 27520]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2014-01-26 195072]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2013-04-07 4573336]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2009-08-27 103552]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
R3 SKYNETU2C;TechniSat DVB-PC TV Star USB HD;c:\windows\system32\DRIVERS\SkyNetU2C.SYS [2013-10-06 248920]
R3 Te.Service;Te.Service;c:\program files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 94208]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-04-12 104720]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2013-04-12 84752]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2014-04-14 47128]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-04-14 369688]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2013-11-27 3105144]
S2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 100216]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 218136]
S2 MySQL56;MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 204800]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 Realtek87B;Realtek87B;c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-07-10 1106968]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S2 Update Whilokii;Update Whilokii;c:\program files\Whilokii\updateWhilokii.exe [2013-10-05 65304]
S2 Util Whilokii;Util Whilokii;c:\program files\Whilokii\bin\utilWhilokii.exe [2013-10-14 65304]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2014-01-26 76544]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
S3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel(R) 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 yukonw7;Pilote Miniport NDIS6.2 pour contrôleur Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 14:11 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2014-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 22:05]
.
2014-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3564152732-2419929179-3294647039-1000Core.job
- c:\users\AMINE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06 21:51]
.
2014-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3564152732-2419929179-3294647039-1000UA.job
- c:\users\AMINE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06 21:51]
.
2014-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-06 08:46]
.
2014-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-06 08:46]
.
2014-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3564152732-2419929179-3294647039-1000Core.job
- c:\users\AMINE\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-26 08:46]
.
2014-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3564152732-2419929179-3294647039-1000UA.job
- c:\users\AMINE\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-26 08:46]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = socks=127.0.0.1:9050
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{383A04C6-4FAF-4FCB-AB8C-4BCE1ADABA70}: NameServer = 212.217.0.12 212.217.1.12
TCP: Interfaces\{6B007CCE-9159-4DF7-9ACA-E4C86B215A06}: NameServer = 212.217.0.1 212.217.1.1
TCP: Interfaces\{ACFF18FA-1A26-4013-95AF-1A60AB4767D5}: NameServer = 212.217.0.12 212.217.1.12
FF - ProfilePath - c:\users\AMINE\AppData\Roaming\Mozilla\Firefox\Profiles\7rj2cwe5.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL56]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.6\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3564152732-2419929179-3294647039-1000_Classes\CLSID\{07b881fb-e6ae-46b2-b5fe-12c2cd6491aa}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000136
"Therad"=dword:00000015
"SpecVersion"=dword:00000133
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3564152732-2419929179-3294647039-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):de,a6,bb,ca,24,16,44,45,fb,c9,6a,81,58,77,a8,93,27,79,dd,0f,4f,
d1,6e,43,77,65,fe,35,d3,cf,0a,d9,46,e8,e8,63,af,ab,70,36,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\Internet Mobile\OnlineUpdate\ouc.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
c:\program files\MySQL\MySQL Server 5.6\bin\mysqld.exe
c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WerFault.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2014-07-21 20:19:42 - La machine a redémarré
ComboFix-quarantined-files.txt 2014-07-21 20:19
.
Avant-CF: 11 488 165 888 octets libres
Après-CF: 11 685 138 432 octets libres
.
- - End Of File - - CBE5477834062DDBEB564FB0F0C97F4C
8E734BD7AA1D4F7E9AF58DF495F6CF9E

Publicité


Signaler le contenu de ce document

Publicité