ComboFix 12-11-09.02 - MonSTeR 11/11/2012 ...

Posté le 11 novembre 2012
Télécharger | Reposter | Largeur fixe

ComboFix 12-11-09.02 - MonSTeR 11/11/2012 12:00:16.2.2 - x86
Lancé depuis: c:\users\MonSTeR\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\MonSTeR\Desktop\CFScript.txt
.
FILE ::
"c:\windows\assembly\GAC\Desktop.ini"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log
c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Scheduler.dll
c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles
c:\programdata\DynuEncrypt.dll
c:\users\MonSTeR\AppData\Local\assembly\tmp
c:\users\MonSTeR\AppData\Roaming\.#
c:\users\MonSTeR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities
c:\users\MonSTeR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk
c:\users\MonSTeR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{6291afb9-b7b6-95bb-a7a0-3f9cd31ecf0d}
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --> c:\windows\System32\services.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-10-11 au 2012-11-11 ))))))))))))))))))))))))))))))))))))
.
.
2012-11-11 11:08 . 2012-11-11 11:26 -------- d-----w- c:\users\MonSTeR\AppData\Local\temp
2012-11-11 11:08 . 2012-11-11 11:08 -------- d-----w- c:\users\Mcx1-PC-DE-MONSTER\AppData\Local\temp
2012-11-08 16:11 . 2012-11-08 16:11 -------- d-----w- c:\program files\Common Files\Java
2012-11-08 16:11 . 2012-11-08 16:11 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-06 14:34 . 2012-11-06 21:38 -------- d-----w- c:\users\MonSTeR\AppData\Roaming\codeblocks
2012-11-06 14:33 . 2012-11-06 14:34 -------- d-----w- c:\program files\CodeBlocks
2012-10-16 19:23 . 2012-10-16 19:23 -------- d-----w- c:\users\MonSTeR\AppData\Roaming\TestApp
2012-10-16 18:53 . 2012-10-16 18:53 -------- d-----w- c:\users\MonSTeR\AppData\Roaming\MotioninJoy
2012-10-16 18:53 . 2012-10-16 18:53 -------- d-----w- c:\program files\MotioninJoy
2012-10-16 18:53 . 2010-08-19 17:24 255496 ----a-w- c:\windows\system32\MijFrc.dll
2012-10-15 09:16 . 2011-11-10 16:32 95304 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-10-15 09:16 . 2010-08-19 17:24 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2012-10-15 09:16 . 2010-08-19 17:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 17:00 . 2012-07-15 20:03 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-08 17:00 . 2011-08-21 10:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-08 16:11 . 2010-05-31 19:30 473072 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-01-21 . 26426FF3BF9EB1CE419F412BEF7FEC0E . 321024 . . [6.0.6000.16386] . . c:\windows\regedit.exe
[7] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-25 1353080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-02-21 296056]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"BboxUpdate"="c:\program files\BboxUpdate\eStantAutoRunV.exe" [2008-04-14 6144]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 17:00]
.
2012-11-11 c:\windows\Tasks\Extension de garantie-MonSTeR.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-11-25 10:13]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:19]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:19]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107379172-2561450759-3157161583-1000Core.job
- c:\users\MonSTeR\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 20:49]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-107379172-2561450759-3157161583-1000UA.job
- c:\users\MonSTeR\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 20:49]
.
2012-11-11 c:\windows\Tasks\Recovery DVD Creator-MonSTeR.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-11-25 10:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
mStart Page = hxxp://www.google.com
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{03D919D6-3EA3-4B74-B84A-585783757EEF}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{19803860-b306-423c-bbb5-f60a7d82cde5} - (no file)
WebBrowser-{19803860-B306-423C-BBB5-F60A7D82CDE5} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-NPSStartup - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-11 12:26
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BboxUpdate\eSRunService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\BboxUpdate\BTLiveUpdate.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2012-11-11 12:30:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-11-11 11:30
.
Avant-CF: 346 512 646 144 octets libres
Après-CF: 346 644 996 096 octets libres
.
- - End Of File - - 52DA7D86CC468414768699DC9C2C1247