cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 14-02-19.01 - h 20/02/2014 19:37:00.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1535.986 [GMT 1:00]
Lanc� depuis: c:\documents and settings\h\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
AVERTISSEMENT - LA CONSOLE DE R�CUP�RATION N'EST PAS INSTALL�E SUR CETTE MACHINE !!
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
E:\install.exe
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2014-01-20 au 2014-02-20 ))))))))))))))))))))))))))))))))))))
.
.
2014-02-19 17:23 . 2014-02-19 17:23 -------- d-----w- c:\windows\ERUNT
2014-02-18 18:37 . 2014-02-19 00:33 -------- d-----w- c:\program files\LIMBO
2014-02-18 00:07 . 2014-02-18 00:07 -------- d-----w- c:\program files\Microsoft Silverlight
2014-02-17 19:10 . 2014-02-17 19:10 512 ------w- C:\PhysicalDisk0_MBR.bin
2014-02-17 19:03 . 2014-02-19 12:04 -------- d-----w- c:\documents and settings\h\Application Data\ZHP
2014-02-17 19:03 . 2014-02-17 19:10 -------- d-----w- c:\program files\ZHPDiag
2014-02-10 14:42 . 2014-02-10 14:42 -------- d-----w- c:\program files\Valve
2014-02-09 20:13 . 2014-02-09 20:13 -------- d-sh--w- c:\windows\ftpcache
2014-02-08 22:11 . 2014-02-18 23:57 -------- d-----w- C:\UsbFix
2014-02-08 21:07 . 2014-02-08 21:07 -------- d-----w- c:\documents and settings\h\Application Data\Smadav
2014-02-08 21:07 . 2014-02-19 12:28 -------- d-----w- c:\program files\Smadav
2014-02-08 21:07 . 2014-02-17 19:25 -------- d-----w- C:\[Smad-Cage]
2014-02-08 20:04 . 2014-02-08 20:04 -------- d-----w- c:\program files\Kaspersky Lab
2014-02-08 20:04 . 2014-02-18 17:21 93792 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-02-06 19:39 . 2014-02-20 17:47 -------- d-----w- c:\documents and settings\h\Application Data\GameTracker
2014-02-06 19:37 . 2014-02-20 17:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\GameTracker
2014-02-06 19:36 . 2014-02-06 19:36 -------- d-----w- c:\program files\GameTracker
2014-02-03 16:45 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-02-03 16:45 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-02-03 16:45 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2014-02-03 16:45 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-02-03 16:45 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2014-02-03 16:45 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-02-03 16:45 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-02-03 16:45 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-02-03 15:24 . 2014-02-03 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IDM
2014-02-03 14:43 . 2014-02-09 19:47 -------- d-----w- c:\program files\Activision
2014-02-02 17:30 . 2014-02-02 17:30 -------- d-----w- c:\documents and settings\h\Application Data\ExpressFiles
2014-02-02 17:30 . 2014-02-02 17:30 -------- d-----w- c:\program files\ExpressFiles
2014-01-26 12:55 . 2008-04-13 17:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2014-01-25 17:53 . 2014-01-25 17:53 -------- d-----w- c:\documents and settings\h\Local Settings\Application Data\Identities
2014-01-23 15:48 . 2014-01-28 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineUpdate
2014-01-23 15:48 . 2014-01-28 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\log
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-18 17:21 . 2013-10-14 18:59 24672 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2014-02-08 20:40 . 2013-10-14 18:59 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-02-08 20:40 . 2013-06-06 16:38 144992 ----a-w- c:\windows\system32\drivers\kneps.sys
2014-01-19 17:53 . 2014-01-19 17:53 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2014-01-13 22:18 . 2014-01-13 22:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-13 22:18 . 2014-01-13 22:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-13 20:32 . 2014-01-13 20:32 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-12-19 21:56 . 2013-12-19 21:56 31731261 ----a-w- c:\windows\system32\80_in_1_games_flash.exe
2013-11-28 00:24 . 2011-03-17 15:55 121184 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-09 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-02-17 3825232]
"GameTracker"="c:\program files\GameTracker\GTLite.exe" [2013-12-19 4019992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-02-28 15668512]
"NvMediaCenter"="NvMCTray.dll" [2013-02-28 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-02-28 1982312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\h\Menu D�marrer\Programmes\D�marrage\
GameRanger.lnk - c:\documents and settings\h\Application Data\GameRanger\GameRanger\GameRanger.exe /autostart [2013-7-2 1824928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Valve\\CStrike_1.6\\hl.exe"=
"c:\\Documents and Settings\\h\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Yu-Gi-Oh!\\Yu-Gi-Oh!\\Joey The Passion\\joey_pc.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\ExpressFiles\\expressdl.exe"=
"c:\\Program Files\\ExpressFiles\\ExpressFiles.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [17/03/2011 16:55 121184]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [12/04/2013 15:34 14432]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [14/05/2013 17:34 45024]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [06/06/2013 17:38 144992]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [19/12/2013 22:17 1677080]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [18/01/2014 14:30 249600]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [18/01/2014 14:30 77696]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19/04/2013 11:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [14/10/2013 19:59 24672]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [14/10/2013 19:59 24672]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14/03/2011 16:27 271712]
S2 Internet Mobile. RunOuc;Internet Mobile. OUC;c:\program files\Internet Mobile\UpdateDog\ouc.exe [18/01/2014 14:30 657504]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/01/2014 21:25 1691480]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [18/01/2014 14:30 95232]
.
Contenu du dossier 'T�ches planifi�es'
.
2014-02-20 c:\windows\Tasks\Express FilesUpdate.job
- c:\program files\ExpressFiles\EFUpdater.exe [2014-02-02 17:30]
.
2014-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-1177238915-1003Core.job
- c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-01-13 19:55]
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1417001333-1177238915-1003UA.job
- c:\documents and settings\h\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2014-01-13 19:55]
.
.
------- Examen suppl�mentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: T�l�charger avec Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: T�l�charger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\h\Application Data\Mozilla\Firefox\Profiles\qts7stbo.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-20 19:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):54,2f,f7,30,9b,2e,dc,64,95,f3,bf,ee,3b,8e,8e,ce,8b,73,1b,08,38,
d5,6f,af,3d,f5,52,da,02,96,df,2b,fb,22,24,30,d2,e0,53,d0,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{bab0593d-953b-4f72-a8bc-40a74e541abe}]
@Denied: (Full) (Everyone)
"Model"=dword:00000029
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,06,66,41,8b,63,dc,f2,a4,4d,42,bd,1c,f0,26,59,50,b4,d5,ae,f7,ab,8e,\
.
Heure de fin: 2014-02-20 19:44:29
ComboFix-quarantined-files.txt 2014-02-20 18:44
.
Avant-CF: 22�233�001�984 octets libres
Apr�s-CF: 22�197�309�440 octets libres
.
- - End Of File - - 37AC9D2A4AAF5ADF357ECB30F9EEBC2B
C99C3199CFAA4CBDCD91493F6D113A50

Publicité


Signaler le contenu de ce document

Publicité