ComboFix 14-04-12.01 - GESLOT 14/04/2014  20:35:17.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.33.1036.18.3070.1680 [GMT 2:00]
Lancé depuis: c:\users\GESLOT\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-03-14 au 2014-04-14  ))))))))))))))))))))))))))))))))))))
.
.
2014-04-14 18:49 . 2014-04-14 18:50	--------	d-----w-	c:\users\GESLOT\AppData\Local\temp
2014-04-14 18:49 . 2014-04-14 18:49	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-04-14 18:49 . 2014-04-14 18:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-14 17:55 . 2014-04-14 18:12	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-04-14 16:39 . 2014-04-14 18:18	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-14 16:39 . 2014-04-14 17:54	75480	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-14 16:39 . 2014-04-14 16:39	--------	d-----w-	c:\program files\Malwarebytes Anti-Malware
2014-04-14 16:39 . 2014-04-14 16:39	--------	d-----w-	c:\programdata\Malwarebytes
2014-04-14 16:39 . 2014-04-03 07:51	51416	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-14 16:39 . 2014-04-03 07:50	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-10 19:02 . 2014-03-10 19:02	653584	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-03-08 11:45 . 2014-03-08 11:46	57672	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2014-03-08 11:45 . 2014-03-08 11:46	775952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-03-08 11:45 . 2014-03-08 11:46	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-03-08 11:45 . 2014-03-08 11:46	54832	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2014-03-08 11:45 . 2014-03-08 11:46	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-03-08 11:45 . 2014-03-08 11:46	410784	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-03-08 11:45 . 2014-03-08 11:46	180248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-03-08 11:45 . 2014-03-08 11:45	43152	----a-w-	c:\windows\avastSS.scr
2014-03-08 11:45 . 2013-07-14 19:15	270240	----a-w-	c:\windows\system32\aswBoot.exe
2014-03-08 11:43 . 2014-03-08 11:43	410784	----a-w-	c:\windows\system32\drivers\ioabclgh.sys
2014-03-08 10:00 . 2014-03-04 15:47	245795	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll
2014-03-08 10:00 . 2014-03-04 15:47	119888	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\pthreadGC2.dll
2014-03-08 10:00 . 2014-03-04 15:47	187904	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe
2014-03-08 10:00 . 2014-03-04 15:47	100864	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\zlib1.dll
2014-03-08 10:00 . 2014-03-04 15:47	727537	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exe
2014-03-08 10:00 . 2014-03-04 15:47	364544	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssleay32.dll
2014-03-08 10:00 . 2014-03-04 15:47	110094	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libusb-1.0.dll
2014-03-08 10:00 . 2014-03-04 15:47	171008	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libssh2.dll
2014-03-08 10:00 . 2014-03-04 15:47	183382	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\librtmp.dll
2014-03-08 10:00 . 2014-03-04 15:47	279955	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libidn-11.dll
2014-03-08 10:00 . 2014-03-04 15:46	1704448	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libeay32.dll
2014-03-08 10:00 . 2014-03-04 15:46	612352	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl.dll
2014-03-08 10:00 . 2014-03-04 15:46	565774	----a-w-	c:\users\GESLOT\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe
2014-03-04 10:15 . 2014-03-04 10:15	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-04 10:15 . 2014-03-04 10:15	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-08 11:45	259464	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-24 6111232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-02 3774312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
2007-01-18 12:03	79416	----a-w-	c:\program files\Packard Bell\FIJI\ABoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-07-17 11:05	64000	----a-w-	c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-02-06 19:48	51048	----a-w-	c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2013-11-11 14:37	2349392	----a-w-	c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
2008-02-04 10:13	1038136	----a-w-	c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2013-07-02 09:19	248208	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-12 09:16	1077576	----a-w-	c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-14 18:37]
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-14 18:37]
.
2014-04-14 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - GESLOT.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
mStart Page = hxxp://www.google.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-Cracked Steam Service - c:\program files\cracked steam\AntiSteam.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
AddRemove-{d07a13d9-0763-4d61-b23a-3e133e87ef96} - c:\program files\LyricsContainer\Uninstall.exe
AddRemove-lollipop_10221439 - c:\users\geslot\appdata\local\lollipop\lollipop_10221439.bat
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-14 20:50
Windows 6.0.6001 Service Pack 1 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
Heure de fin: 2014-04-14  20:53:35
ComboFix-quarantined-files.txt  2014-04-14 18:53
.
Avant-CF: 175 684 579 328 octets libres
Après-CF: 176 840 232 960 octets libres
.
- - End Of File - - AC278CF77B06C0E012570A633C97CB9D
5C616939100B85E558DA92B899A0FC36