ComboFix 15-06-27.01 - Administrateur 29/06/2015 14:53:39.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3293.1712 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe . AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrateur\Application Data\DRPSu c:\documents and settings\Administrateur\Application Data\DRPSu\DrvUpdater.exe c:\documents and settings\Administrateur\Mes documents\Xl0000001.xls~RF1063369.TMP c:\documents and settings\Administrateur\Mes documents\Xl0000001.xls~RF6e4445.TMP c:\documents and settings\Administrateur\Mes documents\Xl0000001.xls~RF76d7d.TMP c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\ntuser.pol c:\windows\d4s.hst c:\windows\system32\msconfig.exe c:\windows\system32\url.dll.tmp c:\windows\system32\urlmon.dll.tmp c:\windows\system32\wininet.dll.tmp . . . . ((((((((((((((((((((((((((((( Fichiers créés du 2015-05-28 au 2015-06-29 )))))))))))))))))))))))))))))))))))) . . 2015-06-29 10:54 . 2015-06-29 11:17 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2015-06-29 10:53 . 2015-06-29 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller 2015-06-27 13:52 . 2015-06-29 09:59 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ZHP 2015-06-27 13:52 . 2015-06-29 09:50 -------- d-----w- c:\program files\ZHPDiag 2015-06-27 08:08 . 2015-06-27 13:18 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-06-27 08:07 . 2015-06-27 08:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2015-06-27 08:07 . 2015-06-27 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2015-06-27 08:07 . 2015-04-14 07:37 120024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-06-27 08:07 . 2015-04-14 07:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-06-27 07:50 . 2015-06-27 07:57 -------- d-----w- C:\AdwCleaner 2015-06-21 11:05 . 2015-06-21 11:05 -------- d-----w- c:\windows\system32\GroupPolicy 2015-06-21 08:58 . 2015-06-21 08:58 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Shortcut 2015-06-21 08:58 . 2015-06-21 08:58 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Opera Software 2015-06-21 08:58 . 2015-06-21 08:58 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Opera Software 2015-06-21 08:50 . 2015-06-21 09:05 -------- d-----w- c:\program files\Opera 2015-06-21 08:38 . 2015-06-21 08:40 -------- d-----w- c:\documents and settings\Administrateur\IGC 2015-06-21 08:36 . 2003-05-28 10:19 245408 ------r- c:\windows\system32\unicows.dll 2015-06-21 08:36 . 2015-06-21 08:36 -------- d-----w- c:\program files\IGC 2015-06-21 08:36 . 2004-07-15 22:16 32768 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\Objectps.dll 2015-06-21 08:36 . 2004-07-15 22:20 733184 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll 2015-06-21 08:36 . 2004-07-15 22:20 69715 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll 2015-06-21 08:36 . 2004-07-15 22:19 266240 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll 2015-06-21 08:36 . 2004-07-15 22:18 172032 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll 2015-06-21 08:36 . 2004-07-15 22:18 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe 2015-06-21 08:36 . 2015-06-21 08:36 180356 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll 2015-06-21 08:36 . 2015-06-21 08:36 303236 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll 2015-06-10 10:05 . 2012-07-19 13:18 666024 ----a-w- c:\windows\system32\WibuCm32.dll 2015-06-10 10:05 . 2015-06-10 10:05 -------- d-----w- c:\program files\GetData . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2015-06-24 12:48 . 2013-08-11 06:59 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-06-24 12:48 . 2013-08-11 06:59 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-08-14 13:43 . 2014-08-14 13:43 50053120 ----a-w- c:\program files\GUT5EA.tmp 2013-02-07 12:22 . 2013-02-07 12:22 50330 ----a-w- c:\program files\AntiDust.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-01-12 05:24 . 65C243BD71E319B59BCF24696C039B29 . 2004480 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll . [-] 2010-01-12 . AE0D48AF37F5A48156D4A6BAE07C9121 . 568320 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe . [-] 2010-01-12 . D449DF66B6335B443508A58B1E8DB996 . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll [7] 2010-01-12 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [7] 2010-01-12 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll . [-] 2010-01-12 . DB3AB42404D66860A4C4E9ED8530D0FD . 724480 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll . [-] 2010-01-12 . D84567752FB42D8DC55CFB85FE0EDECE . 1916416 . . [6.00.2900.2894] . . c:\windows\explorer.exe . [-] 2010-01-12 . 628F723949478550F90525FA41B1C422 . 287744 . . [5.1.2600.5512] . . c:\windows\regedit.exe . [-] 2010-01-12 . 58DB2EE838D5B7BAD0F7F10A6C920390 . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe . . [-] 2010-01-12 . A5780186A76EABA3E656E63B41862997 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . [-] 2010-01-12 . 36FA7DAFA6C2658D9F48C69FB812943B . 2165760 . . [5.1.2600.5586] . . c:\windows\system32\ntkrnlpa.exe . [-] 2010-01-12 . 928F1D57DD79B2EDDE517B2FFEB570C9 . 2287104 . . [5.1.2600.5586] . . c:\windows\system32\ntoskrnl.exe . c:\windows\System32\wscntfy.exe ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-11-30 3821136] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2014-02-17 963984] "replay_telecorder_skype"="c:\program files\Replay Telecorder for Skype\replay_telecorder_skype.exe" [2012-06-20 1954304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2010-01-12 40960] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-06-02 28785792] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-03-01 124928] "_nltide_3"="advpack.dll" [2008-03-01 124928] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2012-04-04 04:09 446392 ------w- c:\program files\Fichiers communs\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager] 2012-03-09 14:26 1073312 ----a-w- c:\program files\Fichiers communs\Adobe\CS6ServiceManager\CS6ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2010-01-12 05:24 40960 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4300 Series] 2007-03-01 04:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2013-08-12 07:38 138096 ----atw- c:\documents and settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2012-08-28 14:34 164352 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2013-11-30 23:44 3821136 ----a-w- c:\program files\Internet Download Manager\IDMan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2012-08-28 14:34 129536 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2012-05-25 02:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2012-08-28 14:34 141312 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\replay_telecorder_skype] 2012-06-20 08:41 1954304 ----a-w- c:\program files\Replay Telecorder for Skype\replay_telecorder_skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] 2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2013-03-12 06:58 20143688 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2008-05-02 14:07 1276416 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2015-06-02 15:20 28785792 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 11:37 517096 ----a-w- c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaDrive] 2006-10-05 18:56 280779 ----a-w- c:\windows\VistaDrive\VistaDrive.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "DisablePagingExecutive"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Administrateur\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\drivers\cm_km_w.sys [14/01/2013 22:10 VALR 189136] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [17/01/2014 01:37 VALR 121184] R1 klhk;klhk;c:\windows\system32\drivers\klhk.sys [25/01/2015 17:15 VALR 36024] R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [12/04/2013 16:34 VALR 14432] R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [21/08/2014 16:39 VALR 60552] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [05/06/2014 20:02 VALR 44992] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [09/07/2014 17:23 VALR 146240] R2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [30/08/2014 18:48 VALR 234520] R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [27/11/2014 10:37 VALR 2568120] R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [02/07/2014 17:10 VALR 36928] R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/05/2015 17:03 VALR 266240] R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [25/01/2015 17:15 VALR 116744] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19/04/2013 12:44 VALR 36448] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [28/03/2014 18:51 VALR 23648] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [08/08/2013 18:11 VALR 24672] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/06/2015 10:07 VALR 23256] R3 slnt;RTL8139D PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [10/08/2013 12:11 VALR 18004] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [27/06/2015 10:07 VALR 1080120] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [18/02/2015 19:11 VALR 315488] S2 wsvc_1.10.0.17;WN 1.10.0.17 Client Service;"c:\program files\Wordinator_1.10.0.17\Service\wsvc.exe" --> c:\program files\Wordinator_1.10.0.17\Service\wsvc.exe [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/08/2013 15:56 VALR 1691480] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] S3 SwitchBoard;SwitchBoard;c:\program files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 VALR 517096] . --- Autres Services/Pilotes en mémoire --- . *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-06-23 07:59 990024 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 2008-03-01 12:58 124928 ----a-w- c:\windows\system32\advpack.dll . Contenu du dossier 'Tâches planifiées' . 2015-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-11 12:48] . 2015-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-813497703-1801674531-500Core.job - c:\documents and settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-08-12 07:38] . 2015-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-813497703-1801674531-500UA.job - c:\documents and settings\Administrateur\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-08-12 07:38] . 2015-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-08-14 13:43] . 2015-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-08-14 13:43] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s IE: &????? ??? Microsoft Excel IE: &????? ??? Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1z550i28.default-1426000676671\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ . - - - - ORPHELINS SUPPRIMES - - - - . WebBrowser-{46462D52-4700-A76A-76A7-7A786E7484D7} - (no file) HKU-Default-Run-VisualTaskTip - \Program Files\VisualTaskTips\VisualTaskTips.exe MSConfigStartUp-Camfrog - c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe MSConfigStartUp-DrvUpdater - c:\documents and settings\Administrateur\Application Data\DRPSu\DrvUpdater.exe MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe MSConfigStartUp-VisualTaskTip - \Program Files\VisualTaskTips\VisualTaskTips.exe AddRemove-Power MP3 Recorder Cutter_is1 - c:\program files\Power Mp3 Recorder Cutter\unins000.exe AddRemove-DRPSu Updater - c:\documents and settings\Administrateur\Application Data\DRPSu\DrvUpdater.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-06-29 14:57 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):b5,36,ce,45,d5,c4,1a,4c,77,c4,f8,f0,8b,aa,9c,97,da,3e,af,97,b6, 3e,72,49,66,9b,8a,6f,b2,4c,ce,be,e3,c2,81,99,e8,0d,65,e4,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d234d58d-6b21-490a-a7d6-5075740fd8ba}] @Denied: (Full) (Everyone) "Model"=dword:00000161 "Therad"=dword:0000001b "SpecVersion"=dword:000000d4 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\SETUPAPI.dll c:\windows\system32\COMRes.dll c:\windows\system32\cscui.dll . - - - - - - - > 'lsass.exe'(888) c:\windows\system32\setupapi.dll c:\windows\system32\scecli.dll . Heure de fin: 2015-06-29 14:58:15 ComboFix-quarantined-files.txt 2015-06-29 12:57 . Avant-CF: 42 587 672 576 octets libres Après-CF: 42 756 149 248 octets libres . - - End Of File - - 8CC5CD6C885D15FEEB4D3CD5584B9292 C99C3199CFAA4CBDCD91493F6D113A50