cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-08-20.01 - Jean-Luc 23/08/2015 22:35:29.11.2 - x86
Lancé depuis: c:\users\Jean-Luc\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2015-07-23 au 2015-08-23 ))))))))))))))))))))))))))))))))))))
.
.
2015-08-23 20:52 . 2015-08-23 20:53 -------- d-----w- c:\users\Jean-Luc\AppData\Local\temp
2015-08-23 20:52 . 2015-08-23 20:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-23 20:52 . 2015-08-23 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-23 20:52 . 2015-08-23 20:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-08-23 20:26 . 2015-08-23 20:26 39168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E587DE8E-883C-449B-8507-22DA86B0932E}\MpKsla9b58e20.sys
2015-08-23 20:17 . 2015-08-23 20:17 39168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E587DE8E-883C-449B-8507-22DA86B0932E}\MpKsl6d022830.sys
2015-08-23 19:36 . 2015-08-23 19:36 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E587DE8E-883C-449B-8507-22DA86B0932E}\offreg.1140.dll
2015-08-23 19:13 . 2015-08-23 19:13 -------- d-----w- C:\found.003
2015-08-23 17:44 . 2015-08-23 17:44 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E587DE8E-883C-449B-8507-22DA86B0932E}\offreg.1236.dll
2015-08-23 10:43 . 2015-07-31 09:37 9234960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E587DE8E-883C-449B-8507-22DA86B0932E}\mpengine.dll
2015-08-21 20:22 . 2015-07-31 09:37 9234960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-19 17:02 . 2015-08-19 17:02 -------- d-----w- C:\14511c37d9c37c07540ec5cf43
2015-08-19 17:01 . 2015-08-14 22:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 17:01 . 2015-08-14 23:07 758000 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-08-19 17:01 . 2015-08-14 23:07 151184 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-08-18 16:30 . 2015-08-19 16:24 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-18 16:29 . 2015-06-18 06:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-18 16:29 . 2015-06-18 06:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-18 16:29 . 2015-06-18 06:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-18 16:29 . 2015-08-18 16:29 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-08-13 18:31 . 2015-07-21 16:07 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-13 18:31 . 2015-07-21 16:07 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-13 18:31 . 2015-07-21 16:03 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-13 18:31 . 2015-07-21 20:55 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-08-13 18:31 . 2015-07-21 16:03 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-13 18:31 . 2015-07-21 16:07 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-13 18:31 . 2015-07-21 16:03 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-13 18:30 . 2015-07-21 16:07 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-13 18:27 . 2015-07-31 19:27 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 18:26 . 2015-07-09 14:20 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-08-13 18:25 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-08-13 17:49 . 2015-07-18 16:03 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-08-13 17:48 . 2015-07-10 19:37 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-08-13 17:48 . 2015-07-10 19:37 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-08-13 17:45 . 2015-07-31 21:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-13 17:45 . 2015-07-31 21:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-13 17:45 . 2015-07-31 21:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-13 17:45 . 2015-07-31 20:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-13 17:45 . 2015-07-31 22:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-13 17:45 . 2015-07-31 20:41 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-13 17:45 . 2015-07-31 20:35 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-08-13 17:45 . 2015-07-31 20:33 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-08-13 17:45 . 2015-07-31 21:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-08-13 17:45 . 2015-07-31 20:33 2066944 ----a-w- c:\windows\system32\win32k.sys
2015-08-13 17:45 . 2015-07-31 20:33 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-08-13 17:45 . 2015-07-31 20:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-08-13 17:39 . 2015-07-01 15:57 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-13 17:38 . 2015-07-09 14:25 151040 ----a-w- c:\windows\system32\notepad.exe
2015-08-13 17:38 . 2015-07-09 14:25 151040 ----a-w- c:\windows\notepad.exe
2015-08-12 12:58 . 2015-07-01 09:26 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFAD37BC-2E89-4C3E-A546-97C037AAFCD4}\gapaengine.dll
2015-08-11 10:35 . 2015-08-11 10:35 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-08-11 10:35 . 2015-08-11 10:35 43112 ----a-w- c:\windows\avastSS.scr
2015-08-08 20:15 . 2015-08-08 20:18 -------- d-----w- c:\program files\ConvertHelper3
2015-08-04 22:03 . 2015-08-04 22:03 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 22:03 . 2015-08-04 22:03 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-31 16:22 . 2015-07-31 16:22 -------- d-----w- c:\program files\Common Files\AV
2015-07-27 17:18 . 2015-07-27 18:01 -------- d-----w- c:\program files\PicosmosTools
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-12 14:07 . 2012-09-02 13:19 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 14:07 . 2012-09-02 13:19 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-11 10:35 . 2013-03-02 11:13 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-11 10:35 . 2012-07-25 15:00 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-08-11 10:35 . 2014-04-19 16:38 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-11 10:35 . 2013-07-17 11:30 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-08-11 10:35 . 2013-03-02 11:13 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-11 10:35 . 2012-07-25 15:00 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-11 10:35 . 2015-02-05 22:53 26096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2015-08-11 10:35 . 2012-07-25 15:00 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-11 10:35 . 2015-07-22 13:03 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-08-11 10:34 . 2015-02-05 22:53 256160 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2015-07-05 10:11 . 2009-10-22 17:59 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-03 16:04 . 2015-07-15 17:24 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 09:26 . 2012-10-20 09:48 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-27 16:03 . 2015-07-15 17:03 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 16:02 . 2015-07-15 17:03 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 16:02 . 2015-07-15 17:03 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 16:01 . 2015-07-15 17:03 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:21 . 2015-07-15 17:03 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:21 . 2015-07-15 17:03 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-22 06:49 . 2015-06-22 06:53 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-06-17 16:50 . 2015-07-15 17:22 2264576 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:09 . 2015-07-15 17:22 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-16 22:23 . 2015-06-16 22:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2015-06-16 22:23 . 2015-06-16 22:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2015-06-12 16:01 . 2015-07-15 17:22 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-06-12 13:13 . 2015-07-15 17:03 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-06-06 11:41 . 2008-12-31 17:26 499712 ----a-w- c:\windows\system32\msvcp71.dll
2015-05-31 08:11 . 2015-07-15 17:05 225792 ----a-w- c:\windows\system32\cewmdm.dll
2010-01-26 09:11 . 2014-03-09 11:57 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-11 10:35 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MailNotifier"="c:\program files\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-07-17 6453528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-11 6109776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\48109552.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^e-Carte Bleue Banque Populaire.lnk]
backup=c:\windows\pss\e-Carte Bleue Banque Populaire.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jean-Luc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Enregistrement du produit.lnk]
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jean-Luc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk]
backup=c:\windows\pss\MyPC Backup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-14 17:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 16:06 1612920 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2008-12-15 15:15 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 13:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2015-04-14 16:37 5668456 ----a-w- c:\program files\Free Download Manager\fdm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2015-08-17 06:33 37152 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2010-06-29 22:14 1689144 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 09:47 62768 ----a-w- c:\program files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 13:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2014-02-14 20:55 1564992 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2014-02-14 20:55 311616 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2011-01-13 02:01 6129496 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 13:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2015-04-29 22:18 981688 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-02-26 18:46 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-11-18 09:28 13683232 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-11-18 09:28 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2015-06-16 22:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 09:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-06-29 14:41 53282944 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-11-18 18:35 914224 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
2015-07-28 16:17 1011200 ----a-w- c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-04-10 09:57 335232 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
2008-12-15 15:15 1152296 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
2009-04-22 21:06 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-13 17:11 210216 ------w- c:\program files\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-13 17:11 210216 ------w- c:\program files\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-11-26 18:17 210216 ------w- c:\program files\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDownloader]
2014-11-27 17:04 3018752 ----a-w- c:\program files\VDownloader\VDownloader4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Companion]
2014-12-16 11:09 1367360 ----a-w- c:\program files\Lavasoft\Web Companion\Application\WebCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - MPKSLA9B58E20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-21 14:03 993608 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2015-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 14:07]
.
2015-01-21 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2015-01-21 10:52]
.
2015-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 10:43]
.
2015-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 10:43]
.
2015-07-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05 17:33]
.
2015-06-09 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-01-21 09:41]
.
2015-01-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2015-01-21 09:42]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{B2006437-B145-42F0-B7E8-8AAC4247B1D4}.job
- c:\windows\system32\msfeedssync.exe [2015-08-12 20:43]
.
.
------- Examen supplémentaire -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
Trusted Zone: orange.fr\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Jean-Luc\AppData\Roaming\Mozilla\Firefox\Profiles\ulaey3lc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-08-23 22:53
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\S-1-5-21-400348553-3703746439-4026015098-1000_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
"{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+lDpaGM4+UymAX6UUUmQwQAAAAACAAAAAAADZgAAqAAAABAAAAAR513Qlmg413Bu9kvTPIhKAAAAAASAAACgAAAAEAAAAB91dn8qN152Jqr+e4hh+nIYAAAABa2B4iBBsx+moEI26omntjF91DfCeWdCFAAAAFiaPU2amON86B1ds+PGrGGncamC"
.
[HKEY_USERS\S-1-5-21-400348553-3703746439-4026015098-1000_Classes\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
"LastSynchronizationClock"=hex(b):e0,dd,9c,0b,fb,40,d2,08
"DeltaClock"=hex(b):d0,a6,5c,1b,00,00,00,00
"LastNtpServer"="time.nist.gov"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(3748)
c:\program files\AVAST Software\Avast\ashShell.dll
c:\windows\system32\msi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappcfg.dll
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\windows\system32\wsock32.dll
.
Heure de fin: 2015-08-23 22:59:31
ComboFix-quarantined-files.txt 2015-08-23 20:59
ComboFix2.txt 2015-05-17 11:59
ComboFix3.txt 2015-01-29 19:21
ComboFix4.txt 2015-01-28 17:13
ComboFix5.txt 2015-08-01 10:09
.
Avant-CF: 473 428 795 392 octets libres
Après-CF: 473 384 964 096 octets libres
.
- - End Of File - - F762C931E18917779C501769234BC840
03BA8F890B47C0BE359A4D5A636D214D

Publicité


Signaler le contenu de ce document

Publicité