cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-05-09.01 - neo 11/05/2015 2:32.1.2 - x86 NETWORK
Microsoft� Windows Vista� �dition Familiale Premium 6.0.6001.1.1252.33.1036.18.3066.2395 [GMT 2:00]
Lanc� depuis: c:\users\neo\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a �t� cr��
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\driverhardwarev2.sys
c:\program files\ma-config.com\Drivers\driverhardwarev2ia64.sys
c:\program files\ma-config.com\Drivers\driverhardwarev2x64.cat
c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys
c:\program files\ma-config.com\Drivers\matos9x.vxd
c:\program files\ma-config.com\Langues\LangueMC_de.xml
c:\program files\ma-config.com\Langues\LangueMC_en.xml
c:\program files\ma-config.com\Langues\LangueMC_es.xml
c:\program files\ma-config.com\Langues\LangueMC_fr.xml
c:\program files\ma-config.com\Langues\LangueMC_pt.xml
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\maconfservice.exe
c:\program files\ma-config.com\MCATLActiveX.dll
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\MCNoyau.dll
c:\program files\ma-config.com\MCrypt.dll
c:\program files\ma-config.com\MCSettings.exe
c:\program files\ma-config.com\nphardwaredetection.dll
c:\program files\ma-config.com\sqlite3.dll
c:\programdata\ma-config.com
c:\programdata\ma-config.com\Logs\activex.txt
c:\programdata\ma-config.com\Logs\maconfservice.txt
c:\programdata\ma-config.com\Logs\npapi.txt
c:\programdata\ma-config.com\mcbase.db
c:\programdata\ntuser.pol
c:\users\Azim\AppData\Roaming\.#
c:\users\Azim\AppData\Roaming\.#\MBX@1384@1D82990.###
c:\users\Azim\AppData\Roaming\.#\MBX@1384@1D829C0.###
c:\users\Azim\AppData\Roaming\.#\MBX@1384@1D829F0.###
c:\users\Azim\AppData\Roaming\Adobe\plugs
c:\users\Azim\AppData\Roaming\Adobe\shed
c:\windows\eax.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_driverhardwarev2
-------\Legacy_driverhardwarev2
-------\Service_driverhardwarev2
-------\Service_maconfservice
-------\Service_driverhardwarev2
-------\Service_maconfservice
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-04-11 au 2015-05-11 ))))))))))))))))))))))))))))))))))))
.
.
2015-05-09 15:23 . 2015-05-09 15:23 -------- d-----w- c:\program files\CCleaner
2015-05-08 15:01 . 2015-05-08 15:01 -------- d-----w- c:\program files\AnalogX
2015-05-06 00:02 . 2015-05-06 00:20 -------- d-----w- c:\users\neo
2015-05-05 20:35 . 2015-05-08 14:32 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3F63A9E-AA9E-4C24-88D9-2B283231AE7C}\offreg.dll
2015-05-04 21:52 . 2015-05-09 13:02 -------- d-----w- C:\FRST
2015-05-03 15:31 . 2015-05-03 15:31 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-03 15:31 . 2015-05-03 15:31 43112 ----a-w- c:\windows\avastSS.scr
2015-05-02 21:51 . 2015-05-02 22:11 -------- d-----w- C:\AdwCleaner
2015-05-02 15:26 . 2015-05-03 12:41 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-05-02 15:21 . 2015-05-03 12:41 -------- d-----w- c:\program files\ZHPDiag
2015-05-02 15:21 . 2015-05-03 12:38 -------- d-----w- c:\users\Azim\AppData\Roaming\ZHP
2015-05-01 13:48 . 2015-05-01 13:48 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-05-01 13:48 . 2015-05-01 13:48 -------- d-----w- c:\programdata\RogueKiller
2015-05-01 10:09 . 2015-04-14 07:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-01 10:09 . 2015-04-14 07:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-01 09:59 . 2015-05-01 11:33 -------- d-----w- c:\users\Azim\AppData\Local\WebShield
2015-05-01 09:47 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3F63A9E-AA9E-4C24-88D9-2B283231AE7C}\mpengine.dll
2015-05-01 09:42 . 2015-05-01 09:42 -------- d-----w- c:\users\Azim\AppData\Roaming\AVAST Software
2015-05-01 00:16 . 2015-05-01 10:09 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-28 22:47 . 2015-04-28 22:47 -------- d-----w- c:\users\Azim\AppData\Roaming\InstallShield
2015-04-23 23:00 . 2015-05-02 23:07 -------- d-----w- c:\programdata\WebShield
2015-04-23 22:59 . 2015-04-23 22:59 -------- d-----w- c:\users\Azim\AppData\Local\CrashRpt
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-11 00:47 . 2011-04-12 13:49 119512 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-05-03 20:06 . 2014-10-19 19:43 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-05-03 15:31 . 2014-10-03 23:02 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-03 15:31 . 2012-01-11 04:19 427992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-03 15:31 . 2012-01-11 04:19 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-05-03 15:31 . 2014-10-03 23:06 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-03 15:31 . 2014-10-03 23:02 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-03 15:31 . 2012-01-11 04:19 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-05-03 15:31 . 2012-01-11 04:19 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-03 15:31 . 2012-01-11 04:19 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-14 22:41 . 2012-07-11 00:42 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-14 22:41 . 2011-07-19 14:29 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2011-04-12 13:49 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-03 13:22 . 2015-04-03 13:22 82432 ----a-w- c:\users\Azim\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-04-03 13:22 . 2015-04-03 13:22 44544 ----a-w- c:\users\Azim\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-04-03 13:22 . 2015-04-03 13:22 1275392 ----a-w- c:\users\Azim\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-02-24 02:23 . 2009-10-06 13:43 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
2010-07-08 15:05 . 2015-04-23 22:56 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-03 15:31 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-09 14:37 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-05-12 20:10 147456 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2015-05-03 15:31 5515496 ----a-w- c:\program files\AVAST Software\Avast\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 20:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-12 20:11 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2008-03-07 01:36 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-03-04 21:38 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-08 15:05 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-01-27 02:58 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-07-02 02:51 821768 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 16:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-21 03:14 13535776 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-21 03:14 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-05-12 15:28 167936 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 08:56 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 13:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-28 07:35 6111232 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-01-18 03:31 1033512 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]
.
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-09 15:22 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2015-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-05-09 15:21]
.
.
------- Examen suppl�mentaire -------
.
mStart Page = www.google.com
mSearch Bar = https://fr.yahoo.com/?fr=hp-avast&type=avastbcl
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\neo\AppData\Roaming\Mozilla\Firefox\Profiles\k69zz146.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM_ActiveSetup-installed components - c:\program files\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Installer\chrmstp.exe
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
AddRemove-{79DDD1B2-549B-5D80-9B6C-2DD9CCAE7E38} - c:\progra~2\INSTAL~2\{1A653~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-05-11 05:40
Windows 6.0.6001 Service Pack 1 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1852102199-357200914-2048077719-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*B*j*o*r*n*s*t*a*d*-*4tfN\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1852102199-357200914-2048077719-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l%P%Z%]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1852102199-357200914-2048077719-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*l%P%Z%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\windows\system32\dgdersvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\users\Azim\Desktop\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\users\Azim\Desktop\Malwarebytes Anti-Malware\mbamservice.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\SlimService\SlimServiceFactory.exe
c:\users\Azim\Desktop\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\system32\LogonUI.exe
c:\windows\System32\acer.exe
.
**************************************************************************
.
Heure de fin: 2015-05-11 05:58:14 - La machine a red�marr�
ComboFix-quarantined-files.txt 2015-05-11 03:57
.
Avant-CF: 5�629�149�184 octets libres
Apr�s-CF: 4�844�589�056 octets libres
.
- - End Of File - - 230695AC78C5F746C115A4DA4C4D0835
7BA4C7EA1EF33A92F5F01BE63EDACB6A

Publicité


Signaler le contenu de ce document

Publicité