cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-03-14.03 - houssam 03/19/2015 23:35:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.213.1025.18.1015.526 [GMT 1:00]
Running from: c:\documents and settings\houssam\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\houssam\Recent\Thumbs.db
C:\Documents
c:\windows\DPINST.LOG
c:\windows\msmqinst.log
c:\windows\regopt.log
c:\windows\setupapi.log
c:\windows\system32\msconfig.exe
c:\windows\system32\TZLog.log
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2015-02-19 to 2015-03-19 )))))))))))))))))))))))))))))))
.
.
2015-03-19 21:55 . 2015-03-19 21:55 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-03-17 17:04 . 2015-03-19 22:40 -------- d-----r- C:\Program Files
2015-03-17 17:02 . 2015-03-17 15:40 -------- d-----w- C:\Documents and Settings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-03-02 3890768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-25 446571]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5088456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [22/09/2014 08:20 � 191928]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [22/09/2014 08:20 � 135296]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/03/2015 09:15 � 125304]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [01/10/2014 02:40 � 1349576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-17 17:03 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-17 16:51]
.
2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-17 16:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: ����� ���� ������ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ����� ������ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\documents and settings\houssam\Application Data\Mozilla\Firefox\Profiles\cnf2wdpk.default\
FF - ExtSQL: 2015-03-17 18:10; mozilla_cc@internetdownloadmanager.com; c:\documents and settings\houssam\Application Data\IDM\idmmzcc5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-19 23:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3272)
c:\windows\system32\WININET.dll
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
c:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2015-03-19 23:43:15 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-19 22:43
.
Pre-Run: 44,182,544,384 bytes free
Post-Run: 44,224,225,280 bytes free
.
- - End Of File - - D1709A6A0E8F97FCF1161D3D577A290F
8F558EB6672622401DA993E1E865C861

Publicité


Signaler le contenu de ce document

Publicité