cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 13-05-16.02 - Mathieu 2013-05-16 18:15:25.1.2 - x86
Microsoft� Windows Vista� �dition Familiale Basique 6.0.6002.2.1252.2.1036.18.3061.1548 [GMT -4:00]
Lanc� depuis: c:\users\Mathieu\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2013-04-16 au 2013-05-16 ))))))))))))))))))))))))))))))))))))
.
.
2013-05-16 22:24 . 2013-05-16 22:25 -------- d-----w- c:\users\Mathieu\AppData\Local\temp
2013-05-16 22:24 . 2013-05-16 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-15 22:12 . 2013-05-15 22:12 -------- d-----w- c:\programdata\Kaspersky Lab
2013-05-15 15:17 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 11:45 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 11:45 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 11:44 . 2013-04-09 01:36 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 11:36 . 2013-05-15 11:36 -------- d-----w- c:\users\Mathieu\AppData\Roaming\Malwarebytes
2013-05-15 11:35 . 2013-05-15 11:35 -------- d-----w- c:\programdata\Malwarebytes
2013-05-15 11:35 . 2013-05-15 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-15 11:35 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-13 20:08 . 2013-05-14 15:04 -------- d-----w- C:\ZHP
2013-05-13 20:08 . 2013-05-14 15:04 -------- d-----w- c:\program files\ZHPDiag
2013-05-13 19:26 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-13 19:26 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-13 19:26 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-13 19:26 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-13 19:26 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-13 19:26 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-13 19:26 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-13 19:26 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-13 19:26 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-13 19:25 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-05-13 19:24 . 2013-05-13 19:24 -------- d-----w- c:\program files\AVAST Software
2013-05-13 19:24 . 2013-05-13 19:24 -------- d-----w- c:\programdata\AVAST Software
2013-05-12 08:19 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E63601A-8A79-4569-BE4B-176452BEE413}\mpengine.dll
2013-05-10 22:25 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-08 07:12 . 2013-05-08 07:12 106088 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-04-23 16:18 . 2013-04-23 16:17 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3881C5B3-787C-41D4-BEE7-A6424AC45EC8}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 20:46 . 2012-08-01 00:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 20:46 . 2011-06-14 16:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2009-10-03 03:06 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-03-11 13:25 . 2013-04-10 11:34 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-04-10 11:34 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45 . 2013-04-10 11:34 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28 . 2013-04-10 11:34 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-04-10 11:34 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-04-10 11:34 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-03-03 19:07 . 2013-04-10 11:34 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-02-24 17:34 . 2013-03-12 17:35 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-03-01 18643560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_14608000.lnk - c:\users\Mathieu\AppData\Local\Temp\_uninst_14608000.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-15 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-15 11:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3162444245-1585521460-3882783785-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - 86334046
*Deregistered* - 14608000
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Contenu du dossier 'T�ches planifi�es'
.
2013-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-01 20:46]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = www.google.ca
mWindow Title = Distributel
mSearch Bar = www.google.ca
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
SafeBoot-63039832.sys
SafeBoot-69430679.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-16 18:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2013-05-16 18:27:43
ComboFix-quarantined-files.txt 2013-05-16 22:27
.
Avant-CF: 71�686�438�912 octets libres
Apr�s-CF: 72�214�327�296 octets libres
.
- - End Of File - - 91C92A6E944A8FDF8269FA965EBCECCF

Publicité


Signaler le contenu de ce document

Publicité