cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-03-01.01 - med 05/03/2015 21:18:04.4.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3543.2952 [GMT 0:00]
Lanc� depuis: c:\documents and settings\med\Bureau\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1417316038.bdinstall.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\med\Application Data\Microsoft\engine_ag.dll
c:\documents and settings\med\Local Settings\Application Datatransition_d70dc5294a7154f3780d9e22eec8c8ef.ini
c:\documents and settings\med\WINDOWS
C:\Documents
c:\winxp\system32\lsprst7.dll
.
Une copie infect�e de c:\winxp\system32\imm32.dll a �t� trouv�e et d�sinfect�e
Copie restaur�e � partir de - c:\winxp\erdnt\cache\imm32.dll
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-02-05 au 2015-03-05 ))))))))))))))))))))))))))))))))))))
.
.
2015-03-04 19:27 . 2015-03-04 19:27 -------- d-----w- c:\program files\RogueKiller
2015-03-01 12:50 . 2015-03-01 12:50 -------- d-----w- c:\program files\Fichiers communs\Java
2015-03-01 12:47 . 2015-03-01 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Oracle
2015-02-28 21:39 . 2015-02-28 21:39 40208 ----a-w- c:\winxp\system32\Partizan.exe
2015-02-28 21:39 . 2015-02-28 21:39 -------- d-----w- C:\@RestoreQuarantine
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-05 21:26 . 2014-11-30 11:44 114904 ----a-w- c:\winxp\system32\drivers\MBAMSwissArmy.sys
2015-03-04 21:44 . 2014-08-27 17:21 35064 ----a-w- c:\winxp\system32\drivers\TrueSight.sys
2015-03-01 12:49 . 2014-08-11 20:47 96680 ----a-w- c:\winxp\system32\WindowsAccessBridge.dll
2015-03-01 12:48 . 2014-08-11 20:47 146432 ----a-w- c:\winxp\system32\javacpl.cpl
2015-02-28 21:29 . 2014-05-01 19:18 2 --shatr- c:\winxp\winstart.bat
2015-02-10 15:36 . 2014-11-30 04:22 66832 ----a-w- c:\winxp\system32\drivers\bdsandbox.sys
2015-02-10 15:36 . 2014-11-30 04:22 548336 ----a-w- c:\winxp\system32\drivers\avckf.sys
2015-02-10 14:56 . 2014-06-29 03:14 74000 ----a-w- c:\winxp\system32\bdsandboxuiskin.dll
2015-02-10 14:46 . 2014-11-30 04:22 243456 ----a-w- c:\winxp\system32\drivers\avchv.sys
2015-02-10 14:43 . 2014-11-30 04:22 1083448 ----a-w- c:\winxp\system32\drivers\avc3.sys
2014-12-17 20:11 . 2014-11-30 02:54 169992 ----a-w- c:\winxp\system32\drivers\gzflt.sys
2014-12-13 01:40 . 2014-06-17 12:46 701616 ----a-w- c:\winxp\system32\FlashPlayerApp.exe
2014-12-13 01:40 . 2014-04-28 21:29 71344 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2014-05-22 14:22 . 2014-05-25 19:09 653312 ----a-w- c:\program files\lame.exe
2014-05-22 14:22 . 2014-05-25 19:09 519680 ----a-w- c:\program files\lame_enc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2014-07-04 17:57 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2014-07-04 17:57 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2014-07-04 17:57 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2014-07-04 17:57 179560 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-05-15 3829328]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-11-13 6697752]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2014-01-14 2122824]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-02-10 671400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2014-06-10 508232]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2014-12-10 2561848]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-02-10 1861032]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2015-03-04 4885584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0�C???????\0??\0Partizan
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KSS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsisoft anti-malware]
2015-03-04 20:06 4885584 ----a-w- c:\program files\Emsisoft Anti-Malware\a2guard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-08-28 16:34 164352 ----a-w- c:\winxp\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2012-08-28 16:34 129536 ----a-w- c:\winxp\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\winxp\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallerLauncher]
2014-08-08 12:36 519472 ----a-w- c:\program files\Fichiers communs\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\winxp\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-08-28 16:34 141312 ----a-w- c:\winxp\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\winxp\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2008-07-19 08:40 773144 ----a-w- c:\program files\Fichiers communs\Intel\Privacy Icon\PrivacyIconClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2014-04-29 10:46 185896 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
2014-11-20 12:56 594704 ----a-w- c:\program files\UnHackMe\hackmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Apowersoft\\Streaming Audio Recorder\\Streaming Audio Recorder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestion � distance de Windows
.
R0 avc3;avc3;c:\winxp\system32\drivers\avc3.sys [30/11/2014 04:22 1083448]
R0 gzflt;gzflt;c:\winxp\system32\drivers\gzflt.sys [30/11/2014 02:54 169992]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\winxp\system32\drivers\sfaudio.sys [28/03/2008 09:14 24064]
R1 BDVEDISK;BDVEDISK;c:\winxp\system32\drivers\bdvedisk.sys [30/11/2014 04:22 72704]
R1 ElRawDisk;ElRawDisk;c:\winxp\system32\drivers\rsdrv.sys [28/11/2014 22:10 22312]
R1 epp32;epp32;c:\program files\Emsisoft Anti-Malware\epp32.sys [04/03/2015 20:10 111368]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [29/11/2014 15:11 47928]
R1 IDMTDI;IDMTDI;c:\winxp\system32\drivers\idmtdi.sys [15/05/2014 11:45 121184]
R1 mbamchameleon;mbamchameleon;c:\winxp\system32\drivers\mbamchameleon.sys [30/11/2014 11:44 54360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [04/12/2014 21:42 142648]
R2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [30/11/2014 11:48 5019496]
R2 LiveTuner2PM;Ashampoo LiveTuner 2 Driver;c:\program files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner32.sys [18/05/2014 17:25 14088]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [30/11/2014 11:44 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [30/11/2014 11:44 969016]
R2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [30/11/2014 04:22 81704]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [30/11/2014 04:22 54424]
R3 avchv;avchv Function Driver;c:\winxp\system32\drivers\avchv.sys [30/11/2014 04:22 243456]
R3 avckf;avckf;c:\winxp\system32\drivers\avckf.sys [30/11/2014 04:22 548336]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\Fichiers communs\Bitdefender\Bitdefender Firewall\bdfndisf.sys [30/11/2014 04:22 116816]
R3 KeyScrambler;KeyScrambler;c:\winxp\system32\drivers\keyscrambler.sys [24/06/2014 12:32 209016]
R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [30/11/2014 11:44 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\winxp\system32\drivers\MBAMSwissArmy.sys [30/11/2014 11:44 114904]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [28/11/2014 23:23 3105144]
S2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 11\DfSdkS.exe [18/05/2014 17:25 406016]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [29/11/2014 15:11 555320]
S2 MeditelInternet_Service;MeditelInternet_Service;c:\program files\MeditelInternet\MeditelInternet_Service.exe [14/10/2014 19:03 347120]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 06:15 172192]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Fichiers communs\Intel\Privacy Icon\UNS\UNS.exe [28/04/2014 18:12 2054680]
S3 04f34;04f34;\??\c:\winxp\system32\04f34.sys --> c:\winxp\system32\04f34.sys [?]
S3 10926;10926;\??\c:\winxp\system32\10926.sys --> c:\winxp\system32\10926.sys [?]
S3 30b29;30b29;\??\c:\winxp\system32\30b29.sys --> c:\winxp\system32\30b29.sys [?]
S3 32024;32024;\??\c:\winxp\system32\32024.sys --> c:\winxp\system32\32024.sys [?]
S3 55a2C;55a2C;\??\c:\winxp\system32\55a2C.sys --> c:\winxp\system32\55a2C.sys [?]
S3 5ed35;5ed35;\??\c:\winxp\system32\5ed35.sys --> c:\winxp\system32\5ed35.sys [?]
S3 6cc2A;6cc2A;\??\c:\winxp\system32\6cc2A.sys --> c:\winxp\system32\6cc2A.sys [?]
S3 72422;72422;\??\c:\winxp\system32\72422.sys --> c:\winxp\system32\72422.sys [?]
S3 75e20;75e20;\??\c:\winxp\system32\75e20.sys --> c:\winxp\system32\75e20.sys [?]
S3 7ac89E;7ac89E;c:\winxp\system32\7ac89E.sys [02/12/2014 12:54 54624]
S3 87521;87521;\??\c:\winxp\system32\87521.sys --> c:\winxp\system32\87521.sys [?]
S3 8be25;8be25;\??\c:\winxp\system32\8be25.sys --> c:\winxp\system32\8be25.sys [?]
S3 97e30;97e30;\??\c:\winxp\system32\97e30.sys --> c:\winxp\system32\97e30.sys [?]
S3 ALCATELUSB;Alcatel HSPA Modem Service;c:\winxp\system32\drivers\AlcatelUsb.sys [14/10/2014 19:03 18816]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\winxp\system32\drivers\Apowersoft_AudioDevice.sys [26/05/2014 10:45 26032]
S3 b0528;b0528;\??\c:\winxp\system32\b0528.sys --> c:\winxp\system32\b0528.sys [?]
S3 b3e2D;b3e2D;\??\c:\winxp\system32\b3e2D.sys --> c:\winxp\system32\b3e2D.sys [?]
S3 b4536;b4536;\??\c:\winxp\system32\b4536.sys --> c:\winxp\system32\b4536.sys [?]
S3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [30/11/2014 04:22 69880]
S3 BDSandBox;BDSandBox;c:\winxp\system32\drivers\bdsandbox.sys [30/11/2014 04:22 66832]
S3 c552E;c552E;\??\c:\winxp\system32\c552E.sys --> c:\winxp\system32\c552E.sys [?]
S3 e1032;e1032;\??\c:\winxp\system32\e1032.sys --> c:\winxp\system32\e1032.sys [?]
S3 f6131;f6131;\??\c:\winxp\system32\f6131.sys --> c:\winxp\system32\f6131.sys [?]
S3 fde167;fde167;c:\winxp\system32\fde167.sys [24/08/2014 10:45 54624]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\winxp\system32\drivers\ewusbdev.sys [28/04/2014 20:19 100736]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\winxp\system32\drivers\jrdusbser.sys [14/10/2014 19:03 105344]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\winxp\system32\9.tmp --> c:\winxp\system32\9.tmp [?]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\winxp\system32\drivers\TotRec8.sys [26/05/2014 10:12 92432]
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-19 22:33 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2015-03-05 c:\winxp\Tasks\Adobe Flash Player Updater.job
- c:\winxp\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-17 01:40]
.
2015-01-22 c:\winxp\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2015-03-05 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-01 00:54]
.
2015-03-05 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-01 00:54]
.
2014-05-01 c:\winxp\Tasks\Nero Info.job
- c:\program files\Fichiers communs\Nero\Nero Info\NeroInfo.exe [2013-08-20 06:37]
.
2015-03-05 c:\winxp\Tasks\Notification de fin de service de Microsoft Windows XP - � la connexion.job
- c:\winxp\system32\xp_eos.exe [2014-04-29 23:28]
.
2015-02-08 c:\winxp\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\winxp\system32\xp_eos.exe [2014-04-29 23:28]
.
2015-03-05 c:\winxp\Tasks\SUPERAntiSpyware Scheduled Task 1c5783e4-8e0e-4cfa-9cee-9aa6251c2d59.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-03-04 c:\winxp\Tasks\SUPERAntiSpyware Scheduled Task 8893b504-9d7e-4fd2-a375-aefe13bcc5dc.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = www.wana.ma
uSearchMigratedDefaultURL = https://www.google.com/
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = https://www.google.com/
uCustomizeSearch = https://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: T�l�charger avec Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
IE: T�l�charger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\med\Application Data\Mozilla\Firefox\Profiles\e8erp9to.default\
.
.
------- Associations de fichier -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-05 21:26
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\winxp\system32\9.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5a,8d,c7,4a,4f,62,97,93,53,a9,40,6e,3b,07,89,6e,ae,75,5f,e5,a2,
1a,ca,30,80,20,4e,68,ed,00,97,03,9b,f2,f9,f5,93,95,b5,2e,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7abe400d-494f-41c8-8a92-626412a35d1a}]
@Denied: (Full) (Everyone)
"Model"=dword:0000014a
"Therad"=dword:00000021
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):4f,46,e9,9c,16,c5,78,ce,1f,1d,15,0f,5d,a5,ca,2f,e6,3a,cd,76,fd,
90,f9,9c,65,b3,2a,55,67,66,92,c6,49,fd,a2,af,73,2d,d2,85,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{857e5f0a-bd0a-481f-834c-a942713ddba9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000092
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,88,79,0d,22,8e,33,17,75,bd,21,a1,6d,58,c6,ea,df,46,0d,ff,7c,61,56,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINXP\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINXP\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(1640)
c:\program files\EMSISOFT ANTI-MALWARE\a2hooks32.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\program files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll
c:\winxp\system32\msi.dll
c:\program files\Bitdefender\Bitdefender 2015\bdwtlappscanner.dll
c:\winxp\system32\eappprxy.dll
c:\winxp\system32\WS2_32.dll
c:\winxp\system32\WS2HELP.dll
c:\winxp\system32\webcheck.dll
c:\winxp\system32\wpdshserviceobj.dll
c:\winxp\system32\portabledevicetypes.dll
c:\winxp\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Bitdefender\Bitdefender 2015\bdwtxapps.exe
c:\winxp\system32\wscntfy.exe
c:\winxp\system32\taskmgr.exe
c:\winxp\system32\SearchIndexer.exe
.
**************************************************************************
.
Heure de fin: 2015-03-05 21:32:49 - La machine a red�marr�
ComboFix-quarantined-files.txt 2015-03-05 21:32
.
Avant-CF: 10�900�578�304 octets libres
Apr�s-CF: 10�907�197�440 octets libres
.
- - End Of File - - E066D8903A3D99207AD2B19F0F13933D
C99C3199CFAA4CBDCD91493F6D113A50

Publicité


Signaler le contenu de ce document

Publicité