cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 13-12-12.03 - JeanChritophe 2013-12-12 20:50:08.1.8 - x64
Microsoft Windows�7 �dition Familiale Premium 6.1.7601.1.1252.2.1036.18.8151.6053 [GMT -5:00]
Lanc� depuis: c:\users\JeanChritophe\Desktop\Maison.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\B2F096C3.tmp
c:\windows\TEMP\jna1208843380167462035.dll
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2013-11-13 au 2013-12-13 ))))))))))))))))))))))))))))))))))))
.
.
2013-12-13 02:00 . 2013-12-13 02:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-13 02:00 . 2013-12-13 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-13 01:09 . 2013-12-13 01:10 -------- d-----w- c:\program files (x86)\RSIT
2013-12-12 16:21 . 2013-12-13 01:21 -------- d-----w- C:\Rapport nettoyage virus
2013-12-12 16:10 . 2013-12-13 01:10 -------- d-----w- c:\program files (x86)\trend micro
2013-12-12 16:10 . 2013-12-13 01:20 -------- d-----w- C:\rsit
2013-12-12 08:20 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 08:20 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 08:20 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:20 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 08:20 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-12 04:10 . 2013-12-12 04:11 -------- d-----w- c:\program files (x86)\ADWCleaner
2013-12-12 03:42 . 2013-12-12 12:09 -------- d-----w- C:\AdwCleaner
2013-12-11 22:03 . 2013-12-12 01:31 -------- d-----w- c:\program files (x86)\Ad-Remover
2013-12-11 21:53 . 2013-12-11 21:53 -------- d-----w- c:\users\JeanChritophe\AppData\Roaming\Malwarebytes
2013-12-11 21:53 . 2013-12-11 22:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-11 21:53 . 2013-12-11 21:53 -------- d-----w- c:\programdata\Malwarebytes
2013-12-11 21:53 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-11 14:04 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 14:04 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-11 14:03 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 14:03 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-11 14:03 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 14:03 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 14:03 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-11 14:00 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 14:00 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-11 13:59 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 13:59 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 13:59 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 13:59 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 13:59 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-11 13:59 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-11 13:59 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 13:59 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 13:59 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-11 13:59 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-09 18:18 . 2013-12-11 04:44 -------- d-----w- c:\users\JeanChritophe\AppData\Local\BrowserSafeguard
2013-12-04 04:57 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-03 02:41 . 2013-12-03 02:41 -------- d-----w- c:\users\JeanChritophe\AppData\Local\stellarium
2013-12-03 02:41 . 2013-12-03 02:41 -------- d-----w- c:\users\JeanChritophe\AppData\Roaming\Stellarium
2013-12-03 02:41 . 2013-12-03 02:41 -------- d-----w- c:\program files\Stellarium
2013-12-03 01:06 . 2013-12-11 23:43 -------- d-----w- c:\users\Mcx1-BUREAUJCC
2013-11-19 00:07 . 2013-11-19 00:07 -------- d-----w- c:\program files (x86)\LAV Filters
2013-11-19 00:06 . 2013-12-11 19:33 -------- d-----w- c:\programdata\MySQL
2013-11-19 00:06 . 2013-11-19 00:06 -------- d-----w- c:\program files\MySQL
2013-11-19 00:04 . 2008-05-30 19:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2013-11-17 20:33 . 2013-11-17 20:36 -------- d-----w- c:\users\JeanChritophe\AppData\Roaming\gtk-2.0
2013-11-17 20:17 . 2013-11-23 17:53 -------- d-----w- c:\users\JeanChritophe\AppData\Local\Plex Media Server
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 16:17 . 2012-09-13 11:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-12 16:17 . 2011-05-14 16:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 23:17 . 2012-12-31 22:12 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-11-13 08:02 . 2010-09-05 22:34 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-12 20:39 . 2010-09-03 19:54 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-10-12 02:30 . 2013-11-13 00:59 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 00:59 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 00:59 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 00:59 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 00:59 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 00:59 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 00:59 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 00:59 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 00:59 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 00:59 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 00:59 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 00:59 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 00:59 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 00:59 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 00:59 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 00:59 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-27 19:23 . 2013-10-17 09:20 162392 ----a-w- c:\windows\system32\drivers\NSTx64\7DE06000.01B\ccsetx64.sys
2013-09-27 03:18 . 2013-11-12 20:38 1147480 ----a-r- c:\windows\system32\drivers\NAVx64\1501000.012\SymEFA64.sys
2013-09-27 02:45 . 2013-11-12 20:38 264280 ----a-r- c:\windows\system32\drivers\NAVx64\1501000.012\Ironx64.sys
2013-09-27 02:26 . 2013-11-12 20:38 858200 ----a-r- c:\windows\system32\drivers\NAVx64\1501000.012\srtsp64.sys
2013-09-26 03:28 . 2013-11-12 20:38 590936 ----a-r- c:\windows\system32\drivers\NAVx64\1501000.012\symnets.sys
2013-09-26 02:50 . 2013-11-12 20:38 162392 ----a-r- c:\windows\system32\drivers\NAVx64\1501000.012\ccSetx64.sys
2013-09-25 02:26 . 2013-11-13 00:59 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 00:59 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 00:59 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 00:59 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 00:59 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 00:59 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 00:59 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 00:59 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 00:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 00:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 00:59 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 00:59 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 00:59 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2011-09-04 3364616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MzRAMBooster"="c:\program files\Mz Ultimate Tools\Mz 7 Optimizer\MzRAMBooster.exe" [2010-09-26 295936]
"MzCPUAccelerator"="c:\program files\Mz Ultimate Tools\Mz 7 Optimizer\MzCPUAccelerator.exe" [2010-09-26 272384]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"ConnectionManager"="c:\program files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432]
"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-02-20 53248]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2007-10-17 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2011-09-04 3364616]
"ioTablet"="c:\genius\ioTablet\gTabTaskBar.exe" [2011-02-25 45568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 Gestionnaire de transactions de Simple Comptable 2010 - CDN;Gestionnaire de transactions de Simple Comptable 2010 - CDN;c:\program files (x86)\Winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe;c:\program files (x86)\Winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LtSerMon;LtSerMon;c:\program files (x86)\U.S. Robotics\USRobotics Modem On Hold\ltserm64.sys;c:\program files (x86)\U.S. Robotics\USRobotics Modem On Hold\ltserm64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 SrvHsfPCIe;SrvHsfPCIe;c:\windows\system32\DRIVERS\VSTBS36.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS36.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\NAVx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\ccSetx64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20131210.001\IDSvia64.sys;c:\program files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20131210.001\IDSvia64.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1501000.012\SYMNETS.SYS [x]
S2 Gestionnaire de connexion de Simple Comptable;Gestionnaire de connexion de Simple Comptable;c:\program files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe;c:\program files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe;c:\windows\SYSNATIVE\lxeccoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe;c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S3 CAXHWBS3;CAXHWBS3;c:\windows\system32\DRIVERS\CAXHWBS3.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS3.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 ioFakDrv;ioVirtual Device;c:\windows\system32\DRIVERS\ioFakDrv.sys;c:\windows\SYSNATIVE\DRIVERS\ioFakDrv.sys [x]
S3 ioFakMap;MiniHid Driver Service for ioFakeDrv Interface layer;c:\windows\system32\DRIVERS\ioFakMap.sys;c:\windows\SYSNATIVE\DRIVERS\ioFakMap.sys [x]
S3 ioTablet;Tablet Minidriver for ioTablet;c:\windows\system32\DRIVERS\ioTablet.sys;c:\windows\SYSNATIVE\DRIVERS\ioTablet.sys [x]
S3 ioTblMap;Mini Mapper for ioCentre;c:\windows\system32\DRIVERS\ioTblMap.sys;c:\windows\SYSNATIVE\DRIVERS\ioTblMap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-11 19:13 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2013-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 16:17]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 15:42]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-15 15:42]
.
2013-12-12 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2010-09-03 19:31]
.
2013-12-02 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2012-12-13 20:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2010-07-28 19:05 397312 ----a-w- c:\program files (x86)\DAP\DAPIELoader64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"OOTag"="c:\windows\oobeoffer\oobeoffer\ootag.exe" [2009-09-28 23072]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
.
------- Examen suppl�mentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la s�lection en Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la s�lection en un fichier PDF existant - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens s�lectionn�s en fichier Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens s�lectionn�s en un fichier PDF existant - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.0.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run- - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-Rohos
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{46575637-0076-A76A-76A7-7A786E7484D7} - (no file)
AddRemove-Intel� Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\NAV.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NAVx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton AntiVirus\Engine\21.1.0.18;c:\program files (x86)\Norton AntiVirus\Engine64\21.1.0.18"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2013-12-12 21:02:40
ComboFix-quarantined-files.txt 2013-12-13 02:02
.
Avant-CF: 756�513�849�344 octets libres
Apr�s-CF: 756�076�191�744 octets libres
.
- - End Of File - - E016434486D61CDBEFA0588E331A85D8
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité