cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-04-09.01 - Les Stefs 16/04/2015 12:37:39.2.2 - x86
Microsoft Windows XP �dition familiale 5.1.2600.3.1252.33.1036.18.3582.2978 [GMT 2:00]
Lanc� depuis: c:\documents and settings\Les Stefs\Bureau\ComboFix.exe
Commutateurs utilis�s :: c:\documents and settings\Les Stefs\Bureau\cfscript.txt
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-03-16 au 2015-04-16 ))))))))))))))))))))))))))))))))))))
.
.
2015-04-13 19:16 . 2015-04-13 19:16 -------- d-----w- c:\program files\iPod
2015-04-13 19:16 . 2015-04-13 19:16 -------- d-----w- c:\program files\iTunes
2015-04-13 19:16 . 2015-04-13 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-13 10:01 . 2015-04-13 10:01 -------- d-----w- c:\windows\system32\wbem\Repository
2015-04-13 10:00 . 2015-04-13 10:00 -------- d-----w- c:\program files\Songr
2015-04-09 19:05 . 2015-04-09 19:05 -------- d-----w- c:\documents and settings\Les Stefs\Application Data\Avira
2015-04-09 19:03 . 2014-11-24 08:23 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-04-09 19:03 . 2014-11-24 08:23 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-04-09 19:03 . 2014-11-24 08:23 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-04-09 19:03 . 2015-04-09 19:03 -------- d-----w- c:\program files\Avira
2015-04-09 19:03 . 2015-04-09 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2015-04-07 19:36 . 2015-04-09 17:27 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-04-07 19:27 . 2015-04-09 17:27 -------- d-----w- c:\program files\ZHPDiag
2015-04-05 12:28 . 2015-04-06 14:46 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-04-05 10:54 . 2015-04-05 10:54 -------- d-----r- C:\MSOCache
2015-04-02 19:49 . 2015-04-16 10:49 -------- d-----w- c:\windows\system32\catroot2
2015-03-17 18:16 . 2015-03-17 18:16 -------- d-----w- C:\RegBackup
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 14:34 . 2012-04-04 18:03 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 14:34 . 2011-06-03 20:05 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-17 14:04 . 2015-02-17 14:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
2015-01-18 19:35 . 2014-05-20 14:08 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2012-09-14 03:14 . 2012-09-14 03:14 0 ----a-w- c:\program files\GUM6F.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-06-02 . F073C4D80F73BFEADAF42AE7896DDC1B . 69144 . . [7.6.7600.256] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2012-06-02 . F073C4D80F73BFEADAF42AE7896DDC1B . 69144 . . [7.6.7600.256] . . c:\windows\system32\wuauclt.exe
[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 3EFE912DD25D2586E6A0341DB0A66F69 . 979968 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
.
[-] 2008-04-14 . 3055997AABFADB4CCDD936A25D050705 . 230912 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 3055997AABFADB4CCDD936A25D050705 . 230912 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe/installquiet" [X]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-01-19 1976944]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 157480]
.
c:\documents and settings\Les Stefs\Menu D�marrer\Programmes\D�marrage\
UberIcon.lnk - c:\program files\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y'z Shadow.lnk - c:\program files\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu D�marrer^Programmes^D�marrage^Phone Connection Monitor.lnk]
backup=c:\windows\pss\Phone Connection Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Les Stefs^Menu D�marrer^Programmes^D�marrage^Wrapper.lnk]
path=c:\documents and settings\Les Stefs\Menu D�marrer\Programmes\D�marrage\Wrapper.lnk
backup=c:\windows\pss\Wrapper.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-09-14 05:55 61440 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2014-11-24 08:23 702768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
2007-12-14 09:46 236040 ----a-w- c:\program files\GIGABYTE\GEST\run.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-06 22:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 13:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Anno 1404\\tools\\Anno4Web.exe"=
"d:\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"d:\\ManiaPlanet\\ManiaPlanet.exe"=
"d:\\Pinnacle studio 15\\Programs\\RM.exe"=
"d:\\Pinnacle studio 15\\Programs\\Studio.exe"=
"d:\\Pinnacle studio 15\\Programs\\umi.exe"=
"d:\\DiRT2\\dirt2_game.exe"=
"d:\\Driver San Francisco\\Driver.exe"=
"d:\\Shift 2\\shift2u.exe"=
"c:\\Documents and Settings\\Les Stefs\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\GRID\\GRID.exe"=
"d:\\World_of_Tanks\\WoTLauncher.exe"=
"d:\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\The WTTC Game\\RaceDedicatedServer_Steam.exe"=
"d:\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:LocalSubNet,192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNet,192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNet,192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet,192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002
.
P2 IpWrapper;IpWrapper;c:\program files\IpWrapper\nssm.exe [17/03/2013 00:45 157696]
R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [20/05/2014 00:12 14784]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09/04/2015 21:03 37352]
R1 GUBootStartup;GUBootStartup;c:\windows\system32\drivers\GUBootStartup.sys [19/05/2014 23:35 17344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [02/01/2015 20:45 315488]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [24/07/2010 13:43 223232]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [22/08/2010 22:41 6828]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [24/07/2010 14:15 47624]
S3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\drivers\GigasetGenericUSB.sys [26/07/2014 20:10 44032]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [14/06/2012 01:14 18432]
.
Contenu du dossier 'T�ches planifi�es'
.
2015-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:34]
.
2015-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2015-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 10:12]
.
2015-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 10:12]
.
2015-04-16 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - � la connexion.job
- c:\windows\system32\xp_eos.exe [2014-03-11 23:28]
.
2015-04-08 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\windows\system32\xp_eos.exe [2014-03-11 23:28]
.
2015-04-15 c:\windows\Tasks\User_Feed_Synchronization-{74AA0025-46F0-421B-A2B7-5C872A23E9B1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen suppl�mentaire -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{673365F1-51B4-433A-8375-12698699A4AD}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Les Stefs\Application Data\Mozilla\Firefox\Profiles\fuqdocfn.default-1428953905921\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.fr/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-16 12:49
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160023AS rev.3.00 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 312579693 (+255): user != kernel
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="7AB26BE8E0ADC7E2D384D341A7D9034A664899339FC3982FE17D96B1EB1CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A2D97226D213B555A6171C11EC38DE3D1559F3C71EA3C4B38D654BAE7675A1E995FB6F487EBDA276EEEF0F7642386BDFA549176EA135340407DB60BC519DB84727336211E4C93C06F85286E1EE219A6372BE7DDAAF166BDC475D2B9D5462B635AA1DA05546A2332D2774299084341B8B8931DFFB1A708FF24E8F5F56132B888FB0A9F7CC960DDB8D3EB3FC917A314BDBFA8A1ED4769F25D01D8854FE65117F864C3E57458E7E711800632B06078B6DAFDFA93C7D20371AD33C5707C465E24E1996B454A0A9A49118B54802A4A9EDA731CD615F21357CBB2EB4781767F2A30F222AD8A85428DEBBA6AD1C7438A2B285E266F9D3FE96673FE416E2C83A3089BD49266B31698F3FD5B4B50D961DF56BF39847AC886A6C27BBD2F37C822704FE398FAEA3ECFBA58E2A8425BE23476EDD467B992B0EC99F1CAAA4E222D1A81CA34846EC2883BEF847E4B052C578BC1901B38785951E195E5DEDDCFDA465D0E548911509173C76571A99A21CAB98184681D48FB70592671A334851E44712C19374A276B601047CD6E93B9BE170A7060B3F283663836A580A1B60AA3A41CF361EE1EA3827EBEB3E4ECDA4AE8784714BC1D092F43E1148A3294742E8A3C0B8F840803F7E12CF293DDA13924277CD633C07FC5818019FF292339BDC5BCCE20F6A7871D7C0B39A948DDC3727159DA60EC3BAC02342E916D586ACB3042964BEB57F898C51C74CACAA59F66E6734E9DDA960044C8366B9CFFEF1D9DC6FCB1CD9B4407CDB2DB21EDA8C5E13213B06D2B48E244B856ACE379CA25C469739902A3237C71A1DCDF5F06EFE6D5B697240CE623BB4BC842E162C3F97E0401AE11B4B368EC874C2FB569225EB6A4197BD6FDB8FD1CC4A938AAD656ED62ED8CCCCDE3DCB2D855CF4E5704F2F5ED1F9AE32F1FA5A18BB29361D5C34D30189E54FC0A6C148ABD6E80D99B1FD3188AD7B67C87EAF54F6E2539FE7B8EF1159C783F0E990A0F9462976990D5CF4C54021032CDF1A8285FC3805B8D131EF38C4D50DB8D60EA3215DFB245D97098E787B61909D38228166DB473F9C260594CED03128DFFBE31AEF7265D34F77222CCA5A36698EF6C53CE4EA2CC69D114A3DD1AAEF37D330AED68FAF8B2E984BE4B1321CFE93852789C764A11B264026E7502FA4B6E735AD59301BE02C1D9818658517A42BDC3F3443BC39A059A93CDB1DB74B37C1265A16A680A4741751E2458A14D67F41542BEFA1B8AEA64262FD8D78607BFCE024CD6BAB26AD00B0BC3D218E4CC2D75A4FEC11225A829C42A4A577DFBD8B34F6D94B95D304AFBAF096A05B00A21E"
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\scecli.dll
.
- - - - - - - > 'explorer.exe'(1772)
c:\windows\system32\SHDOCVW.dll
c:\program files\Vista Inspirat 2\YzShadow\YzShadow.dll
c:\program files\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2015-04-16 12:54:28 - La machine a red�marr�
ComboFix-quarantined-files.txt 2015-04-16 10:54
ComboFix2.txt 2015-04-14 11:15
.
Avant-CF: 24�500�682�752 octets libres
Apr�s-CF: 24�494�817�280 octets libres
.
- - End Of File - - 7712234036CA487FC5FAA8D4F38695E9
4B4F6F2CE6364CE77C25D074CA3E9611

Publicité


Signaler le contenu de ce document

Publicité