ComboFix 14-06-27.01 - benoit 28/06/2014 23:35:03.1.2 - x86 Lancé depuis: c:\users\benoit\Desktop\ComboFix.exe * Un nouveau point de restauration a été créé . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\version.txt c:\windows\system32\jucheck.exe c:\windows\system32\jusched.exe . . ((((((((((((((((((((((((((((( Fichiers créés du 2014-05-28 au 2014-06-28 )))))))))))))))))))))))))))))))))))) . . 2014-06-28 21:41 . 2014-06-28 21:41 -------- d-----w- c:\users\Invité\AppData\Local\temp 2014-06-28 21:41 . 2014-06-28 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-06-28 19:57 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98D66EBD-F8DA-44CC-BDC4-25C109E05F27}\mpengine.dll 2014-06-28 19:24 . 2014-06-28 18:56 47560 ----a-w- c:\windows\system32\SPReview.exe 2014-06-28 19:24 . 2014-06-28 18:56 152576 ----a-w- c:\windows\system32\SPWizUI.dll 2014-06-28 18:36 . 2014-06-28 18:36 -------- d-----w- c:\windows\system32\EventProviders 2014-06-28 18:33 . 2014-06-28 18:33 -------- d-----w- c:\program files\Lavalys 2014-06-27 20:24 . 2014-06-28 21:42 -------- d-----w- c:\users\benoit\AppData\Local\Temp 2014-06-27 18:21 . 2014-06-05 10:54 8140904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-06-27 16:29 . 2014-06-27 16:29 -------- d-----w- c:\windows\system32\SRSLabs 2014-06-27 15:34 . 2014-06-27 15:34 -------- d-----w- c:\programdata\ma-config.com 2014-06-27 15:34 . 2014-06-27 15:34 -------- d-----w- c:\program files\ma-config.com 2014-06-27 14:31 . 2014-06-28 21:09 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-06-27 14:29 . 2014-06-27 14:41 -------- d-----w- C:\UsbFix 2014-06-27 12:47 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-06-27 12:41 . 1999-11-12 03:11 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL 2014-06-27 12:41 . 1999-01-20 03:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL 2014-06-27 12:41 . 2014-06-27 12:41 -------- d-----w- c:\program files\Common Files\Borland Shared 2014-06-27 12:41 . 2014-06-27 12:56 -------- d-----w- c:\program files\ZebHelpProcess 2014-06-27 12:37 . 2014-06-28 19:53 35152 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-06-27 12:37 . 2014-06-27 12:37 -------- d-----w- c:\programdata\RogueKiller 2014-06-27 12:15 . 2014-06-27 16:50 512 ----a-w- C:\PhysicalDisk0_MBR.bin 2014-06-27 12:09 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-06-27 12:09 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-06-27 12:09 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-06-27 12:09 . 2014-06-27 12:09 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-06-27 12:09 . 2014-06-27 12:09 -------- d-----w- c:\programdata\Malwarebytes 2014-06-27 12:00 . 2014-06-27 18:54 -------- d-----w- c:\users\benoit\AppData\Roaming\ZHP 2014-06-27 12:00 . 2014-06-27 16:50 -------- d-----w- c:\program files\ZHPDiag 2014-06-04 12:08 . 2014-06-04 12:08 -------- d-----w- C:\d1fdd756feb595b9e443 2014-06-04 12:07 . 2014-06-04 12:08 -------- d-----w- c:\users\benoit\AppData\Local\yQkDNfB_06041207 . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-14 16:02 . 2014-04-06 16:00 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-05-14 16:02 . 2011-11-13 12:41 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-04-09 12:34 . 2014-04-09 12:34 378368 ----a-w- c:\windows\system32\winhttp.dll 2014-04-09 12:29 . 2014-04-09 12:29 40960 ----a-w- c:\windows\system32\drivers\fr-FR\http.sys.mui 2013-04-01 17:30 . 2013-04-01 17:28 10 ----a-w- c:\program files\CC.BIN 2011-11-05 07:18 . 2011-11-12 12:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-23 1232896] "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-01-18 942080] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "GoogleChromeAutoLaunch_DA14B84B27A42670C21FA06E4FDB607D"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-06-05 860488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-05-09 12021464] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-13 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-13 8530464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-13 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-06-13 15:26 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe . Contenu du dossier 'Tâches planifiées' . 2014-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 16:02] . 2014-06-04 c:\windows\Tasks\GlaryInitialize 4.job - c:\program files\Glary Utilities 4\Initialize.exe [2014-02-28 08:23] . 2014-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 13:39] . 2014-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 13:39] . 2011-09-08 c:\windows\Tasks\HPCeeScheduleForbenoit.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-02-23 11:10] . 2014-06-28 c:\windows\Tasks\User_Feed_Synchronization-{8321E8BB-8682-4779-8BCD-A5C0A17DCC0C}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . . ------- Examen supplémentaire ------- . uStart Page = about:newtab uDefault_Search_URL = hxxp://www.google.com mStart Page = about:newtab mSearch Bar = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab FF - ProfilePath - c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\gcho6lra.default\ FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2014-05-25 15:14; {d09eec19-10f5-44bd-a92a-cdd3ee45f8a8}; c:\users\benoit\AppData\Roaming\Mozilla\Firefox\Profiles\gcho6lra.default\{d09eec19-10f5-44bd-a92a-cdd3ee45f8a8} . - - - - ORPHELINS SUPPRIMES - - - - . Toolbar-10 - (no file) AddRemove-Activeris AntiMalware_is1 - c:\program files\Activeris AntiMalware\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-06-28 23:42 Windows 6.0.6000 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . . c:\users\benoit\AppData\Local\Temp\catchme.dll 53248 bytes executable . Scan terminé avec succès Fichiers cachés: 1 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2014-06-28 23:46:43 ComboFix-quarantined-files.txt 2014-06-28 21:46 . Avant-CF: 451 201 363 968 octets libres Après-CF: 451 181 223 936 octets libres . - - End Of File - - E813F2FC0474EE699E9D6BA84070C075 03BA8F890B47C0BE359A4D5A636D214D