Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 14-04-12.01 - GESLOT 14/04/2014 20:35:17.1.2 - x86
Microsoft� Windows Vista� �dition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1680 [GMT 2:00]
Lanc� depuis: c:\users\GESLOT\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2014-03-14 au 2014-04-14 ))))))))))))))))))))))))))))))))))))
.
.
2014-04-14 18:49 . 2014-04-14 18:50 -------- d-----w- c:\users\GESLOT\AppData\Local\temp
2014-04-14 18:49 . 2014-04-14 18:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-14 18:49 . 2014-04-14 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-14 17:55 . 2014-04-14 18:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-14 16:39 . 2014-04-14 18:18 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-14 16:39 . 2014-04-14 17:54 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-14 16:39 . 2014-04-14 16:39 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-14 16:39 . 2014-04-14 16:39 -------- d-----w- c:\programdata\Malwarebytes
2014-04-14 16:39 . 2014-04-03 07:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-14 16:39 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-10 19:02 . 2014-03-10 19:02 653584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-03-08 11:45 . 2014-03-08 11:46 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-03-08 11:45 . 2014-03-08 11:46 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-08 11:45 . 2014-03-08 11:46 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-08 11:45 . 2014-03-08 11:46 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-03-08 11:45 . 2014-03-08 11:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-08 11:45 . 2014-03-08 11:46 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-08 11:45 . 2014-03-08 11:46 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-08 11:45 . 2014-03-08 11:45 43152 ----a-w- c:\windows\avastSS.scr
2014-03-08 11:45 . 2013-07-14 19:15 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-08 11:43 . 2014-03-08 11:43 410784 ----a-w- c:\windows\system32\drivers\ioabclgh.sys
2014-03-08 10:00 . 2014-03-04 15:47 245795 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll
2014-03-08 10:00 . 2014-03-04 15:47 119888 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\pthreadGC2.dll
2014-03-08 10:00 . 2014-03-04 15:47 187904 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe
2014-03-08 10:00 . 2014-03-04 15:47 100864 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\zlib1.dll
2014-03-08 10:00 . 2014-03-04 15:47 727537 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exe
2014-03-08 10:00 . 2014-03-04 15:47 364544 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssleay32.dll
2014-03-08 10:00 . 2014-03-04 15:47 110094 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libusb-1.0.dll
2014-03-08 10:00 . 2014-03-04 15:47 171008 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libssh2.dll
2014-03-08 10:00 . 2014-03-04 15:47 183382 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\librtmp.dll
2014-03-08 10:00 . 2014-03-04 15:47 279955 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libidn-11.dll
2014-03-08 10:00 . 2014-03-04 15:46 1704448 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libeay32.dll
2014-03-08 10:00 . 2014-03-04 15:46 612352 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl.dll
2014-03-08 10:00 . 2014-03-04 15:46 565774 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe
2014-03-04 10:15 . 2014-03-04 10:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-04 10:15 . 2014-03-04 10:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-08 11:45 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-24 6111232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-02 3774312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
2007-01-18 12:03 79416 ----a-w- c:\program files\Packard Bell\FIJI\ABoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-07-17 11:05 64000 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-02-06 19:48 51048 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-11-11 14:37 2349392 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
2008-02-04 10:13 1038136 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-07-02 09:19 248208 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-12 09:16 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-14 18:37]
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-14 18:37]
.
2014-04-14 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse compl�te du syst�me - GESLOT.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://google.fr/
mStart Page = hxxp://www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-Cracked Steam Service - c:\program files\cracked steam\AntiSteam.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
AddRemove-{d07a13d9-0763-4d61-b23a-3e133e87ef96} - c:\program files\LyricsContainer\Uninstall.exe
AddRemove-lollipop_10221439 - c:\users\geslot\appdata\local\lollipop\lollipop_10221439.bat
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-14 20:50
Windows 6.0.6001 Service Pack 1 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
Heure de fin: 2014-04-14 20:53:35
ComboFix-quarantined-files.txt 2014-04-14 18:53
.
Avant-CF: 175�684�579�328 octets libres
Apr�s-CF: 176�840�232�960 octets libres
.
- - End Of File - - AC278CF77B06C0E012570A633C97CB9D
5C616939100B85E558DA92B899A0FC36
Microsoft� Windows Vista� �dition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1680 [GMT 2:00]
Lanc� depuis: c:\users\GESLOT\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2014-03-14 au 2014-04-14 ))))))))))))))))))))))))))))))))))))
.
.
2014-04-14 18:49 . 2014-04-14 18:50 -------- d-----w- c:\users\GESLOT\AppData\Local\temp
2014-04-14 18:49 . 2014-04-14 18:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-14 18:49 . 2014-04-14 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-14 17:55 . 2014-04-14 18:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-14 16:39 . 2014-04-14 18:18 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-14 16:39 . 2014-04-14 17:54 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-14 16:39 . 2014-04-14 16:39 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-14 16:39 . 2014-04-14 16:39 -------- d-----w- c:\programdata\Malwarebytes
2014-04-14 16:39 . 2014-04-03 07:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-14 16:39 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-10 19:02 . 2014-03-10 19:02 653584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-03-08 11:45 . 2014-03-08 11:46 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-03-08 11:45 . 2014-03-08 11:46 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-08 11:45 . 2014-03-08 11:46 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-08 11:45 . 2014-03-08 11:46 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-03-08 11:45 . 2014-03-08 11:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-08 11:45 . 2014-03-08 11:46 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-08 11:45 . 2014-03-08 11:46 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-08 11:45 . 2014-03-08 11:45 43152 ----a-w- c:\windows\avastSS.scr
2014-03-08 11:45 . 2013-07-14 19:15 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-08 11:43 . 2014-03-08 11:43 410784 ----a-w- c:\windows\system32\drivers\ioabclgh.sys
2014-03-08 10:00 . 2014-03-04 15:47 245795 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll
2014-03-08 10:00 . 2014-03-04 15:47 119888 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\pthreadGC2.dll
2014-03-08 10:00 . 2014-03-04 15:47 187904 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe
2014-03-08 10:00 . 2014-03-04 15:47 100864 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\zlib1.dll
2014-03-08 10:00 . 2014-03-04 15:47 727537 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exe
2014-03-08 10:00 . 2014-03-04 15:47 364544 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssleay32.dll
2014-03-08 10:00 . 2014-03-04 15:47 110094 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libusb-1.0.dll
2014-03-08 10:00 . 2014-03-04 15:47 171008 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libssh2.dll
2014-03-08 10:00 . 2014-03-04 15:47 183382 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\librtmp.dll
2014-03-08 10:00 . 2014-03-04 15:47 279955 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libidn-11.dll
2014-03-08 10:00 . 2014-03-04 15:46 1704448 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libeay32.dll
2014-03-08 10:00 . 2014-03-04 15:46 612352 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl.dll
2014-03-08 10:00 . 2014-03-04 15:46 565774 ----a-w- c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe
2014-03-04 10:15 . 2014-03-04 10:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-04 10:15 . 2014-03-04 10:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-08 11:45 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-24 6111232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-02 3774312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
2007-01-18 12:03 79416 ----a-w- c:\program files\Packard Bell\FIJI\ABoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-07-17 11:05 64000 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-02-06 19:48 51048 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-11-11 14:37 2349392 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
2008-02-04 10:13 1038136 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-07-02 09:19 248208 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-12 09:16 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-14 18:37]
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-14 18:37]
.
2014-04-14 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse compl�te du syst�me - GESLOT.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://google.fr/
mStart Page = hxxp://www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-Cracked Steam Service - c:\program files\cracked steam\AntiSteam.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
AddRemove-{d07a13d9-0763-4d61-b23a-3e133e87ef96} - c:\program files\LyricsContainer\Uninstall.exe
AddRemove-lollipop_10221439 - c:\users\geslot\appdata\local\lollipop\lollipop_10221439.bat
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-14 20:50
Windows 6.0.6001 Service Pack 1 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
Heure de fin: 2014-04-14 20:53:35
ComboFix-quarantined-files.txt 2014-04-14 18:53
.
Avant-CF: 175�684�579�328 octets libres
Apr�s-CF: 176�840�232�960 octets libres
.
- - End Of File - - AC278CF77B06C0E012570A633C97CB9D
5C616939100B85E558DA92B899A0FC36