przez Paluch242 05 Lut 2013, 15:34
- Kod: Zaznacz wszystko
ComboFix 13-02-03.03 - marcin 04/02/2013 20:01:39.3.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1523 [GMT 1:00]
Lancé depuis: c:\users\marcin\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\marcin\EAInstall.dll
c:\users\marcin\nfsw.exe
c:\users\marcin\server.dll
c:\users\marcin\setup.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-01-04 au 2013-02-04 ))))))))))))))))))))))))))))))))))))
.
.
2013-02-04 19:10 . 2013-02-04 19:10 -------- d-----w- c:\users\marcin\AppData\Local\temp
2013-02-04 19:10 . 2013-02-04 19:10 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2013-02-04 19:10 . 2013-02-04 19:10 -------- d-----w- c:\users\gry\AppData\Local\temp
2013-02-04 19:10 . 2013-02-04 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-04 18:37 . 2013-02-04 18:37 -------- d-----w- C:\Temp
2013-02-02 18:43 . 2013-02-02 19:31 -------- d-----w- c:\users\marcin\AppData\Local\Bundled software uninstaller
2013-02-02 18:43 . 2013-02-02 20:04 -------- d-----w- c:\program files\7-Zip
2013-02-02 18:43 . 2013-02-02 18:43 -------- d-----w- c:\windows\system32\searchplugins
2013-02-02 18:43 . 2013-02-02 18:43 -------- d-----w- c:\windows\system32\Extensions
2013-02-02 18:43 . 2013-02-02 18:43 -------- d-----w- c:\users\marcin\AppData\Roaming\Babylon
2013-02-02 18:43 . 2013-02-02 18:43 -------- d-----w- c:\programdata\Babylon
2013-02-02 17:56 . 2013-01-18 11:17 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D57BCC16-8E40-454C-B7F2-F7673414572B}\mpengine.dll
2013-02-02 16:22 . 2013-02-02 16:25 -------- d-----w- c:\windows\system32\drivers\N360\1402010.016
2013-02-02 09:27 . 2013-02-02 13:36 -------- d-----w- c:\programdata\AVAST Software
2013-02-02 09:27 . 2013-02-02 09:27 -------- d-----w- c:\program files\AVAST Software
2013-01-16 13:51 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-10 16:52 . 2013-01-10 16:52 -------- d-----w- c:\users\marcin\AppData\Roaming\OpenOffice.org
2013-01-10 16:50 . 2013-01-22 14:19 -------- d-----w- c:\program files\OpenOffice.org 3
2013-01-09 16:17 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 16:17 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 16:17 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 16:24 . 2011-09-03 12:01 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-01-17 00:28 . 2009-10-13 19:13 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 15:12 . 2012-04-16 12:23 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 15:12 . 2011-05-16 11:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2013-01-05 10:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2013-01-05 10:37 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-14 02:09 . 2012-12-12 11:49 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 11:49 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 11:49 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 11:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 11:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 11:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-12 11:14 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2013-01-21 14:47 492032 ----a-w- c:\program files\Portrait Displays\hp my display\dthtml.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 00:56 54936 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-19 20:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 ACPService;ACPService;c:\program files\Philips\CamSuite\1.0.9.0\ACPService.exe [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*Deregistered* - krnl_akl
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 23:19 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 15:12]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc2672120b49ce.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 15:25]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc2672122efe6e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 15:25]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{4daac69c-cba7-45e2-9bc8-1044483d3352} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SSDMonitor - c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-04 20:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A8\5&e59b11d&0&UID268435457\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A8\5&e59b11d&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A8\5&e59b11d&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Heure de fin: 2013-02-04 20:13:14
ComboFix-quarantined-files.txt 2013-02-04 19:13
.
Avant-CF: 234 177 646 592 octets libres
Après-CF: 236 212 760 576 octets libres
.
- - End Of File - - FF4380E1B663E6C3467D1EF55BCC46D9
Ostatnio edytowany przez
Mikou@j, 05 Lut 2013, 15:38, edytowano w sumie 1 raz
Powód: Taguj logi w CODE bądź wstawiaj jako załącznik.
