cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-04-16.01 - Administrateur 19/04/2015 21:06:36.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2039.1469 [GMT 0:00]
Lanc� depuis: d:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
[i] ADS - WINDOWS: deleted 192 bytes in 1 streams. [/i]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\All Users\Application Data\TEMP
d:\windows\Fonts\tifinaghe-tazdayt nouffouss unicode.ttf
d:\windows\Fonts\tifinaghe-tazdayt standard unicode.ttf
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2015-03-19 au 2015-04-19 ))))))))))))))))))))))))))))))))))))
.
.
2015-04-19 18:54 . 2015-04-19 18:54 -------- d-----w- d:\windows\LastGood
2015-04-18 20:46 . 2015-04-19 18:54 -------- d-----w- d:\documents and settings\Administrateur
2015-04-16 12:16 . 2007-08-24 19:45 101120 ----a-r- d:\windows\system32\drivers\ewusbmdm.sys
2015-04-16 12:16 . 2007-08-24 19:45 24448 ----a-r- d:\windows\system32\drivers\ewdcsc.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 07:30 . 2014-10-22 02:43 778416 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2015-04-15 07:30 . 2014-10-22 02:43 142512 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-06-13 . A572FDC9769681146A1F34025EC39585 . 1571840 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- d:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="d:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"CCleaner Monitoring"="d:\program files\CCleaner\CCleaner.exe" [2014-10-23 4825880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-04-18 2440944]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"USB Security"="d:\program files\USB Disk Security\USBGuard.exe" [2011-01-31 623520]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2010-01-28 173592]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2010-01-28 141336]
"PC Auto Shutdown"="d:\program files\PC Auto Shutdown\AutoShutdown.exe" [2014-09-15 1442472]
"fspuip"="d:\program files\FSP\fspuip.exe" [2014-01-23 5419360]
"snp2uvc"="d:\windows\system32\csnp2uvc.dll" [2010-06-03 211840]
"Persistence"="d:\windows\system32\igfxpers.exe" [2010-01-28 142360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2014-06-13 15360]
.
d:\documents and settings\All Users\Menu D�marrer\Programmes\D�marrage\
BTTray.lnk - d:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2006-5-12 581693]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\D:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu D�marrer^Programmes^D�marrage^Acrobat Assistant.lnk]
path=d:\documents and settings\All Users\Menu D�marrer\Programmes\D�marrage\Acrobat Assistant.lnk
backup=d:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-05-08 11:20 959904 ----a-w- d:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2014-05-08 11:21 40312 ----a-w- d:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-04-20 15:01 737280 ----a-w- d:\windows\system32\AESTFltr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 10:58 18708224 ----a-r- d:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 Bhbase;Baidu Hook Base;d:\windows\system32\drivers\Bhbase.sys [22/11/2014 11:27 47456]
R0 fttxr5_O;fttxr5_O;d:\windows\system32\drivers\fttxr5_O.sys [13/06/2014 17:46 176640]
R0 Si3124;Si3124;d:\windows\system32\drivers\si3124.sys [13/06/2014 17:51 76208]
R0 Si3531;Si3531;d:\windows\system32\drivers\Si3531.sys [13/06/2014 17:51 210736]
R0 ulsata2;ulsata2;d:\windows\system32\drivers\ulsata2.sys [13/06/2014 17:53 125952]
R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [14/03/2012 06:40 120152]
R1 IDMTDI;IDMTDI;d:\windows\system32\drivers\idmtdi.sys [15/10/2014 08:55 122848]
R2 ekrn;ESET Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [07/03/2012 13:40 913144]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;d:\program files\Nitro\Pro 9\NitroPDFDriverService9.exe [16/07/2014 15:07 197128]
R2 NitroUpdateService;NitroUpdateService;d:\program files\Nitro\Pro 9\Nitro_UpdateService.exe [16/07/2014 15:07 392712]
R2 nlsX86cc;Nalpeiron Licensing Service;d:\windows\system32\NLSSRV32.EXE [16/07/2014 15:07 69640]
R2 PCAutoShutdown_Service;PCAutoShutdown_Service;d:\program files\PC Auto Shutdown\ShutdownService.exe [06/11/2014 07:45 442136]
R2 SPDFToolsReadSpool;SolidPDFToolsCreatorReadSpool;d:\windows\Installer\MSI26C.tmp [21/10/2014 20:47 163696]
R3 AESTAud;IDT AE Audio Service;d:\windows\system32\drivers\AESTAud.sys [21/10/2014 18:34 113664]
R3 AmUStor;AM USB Stroage Driver;d:\windows\system32\drivers\AmUStor.sys [21/10/2014 18:31 70424]
S2 SkypeUpdate;Skype Updater;d:\program files\Skype\Updater\Updater.exe [08/01/2013 10:53 161536]
S3 AppProtectEx;AppProtectEx;\??\d:\windows\System32\drivers\AppProtectEx.sys --> d:\windows\System32\drivers\AppProtectEx.sys [?]
S3 BprotectEx;Baidu ProtectEx;\??\d:\windows\System32\drivers\BprotectEx.sys --> d:\windows\System32\drivers\BprotectEx.sys [?]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;\??\d:\program files\DU Meter\DUM_XP32.SYS --> d:\program files\DU Meter\DUM_XP32.SYS [?]
S3 fspad_win732;Finger Sensing Pad Driver;d:\windows\system32\drivers\fspad_win732.sys [21/10/2014 18:35 145248]
S3 NETwNx32;___ Pilote de carte de la s�rie Intel(R) Wireless WiFi Link 5000 pour Windows XP 32 bits ;d:\windows\system32\drivers\NETwNx32.sys [21/10/2014 18:45 7484656]
S3 PCFApiUtil;PCFApiUtil;\??\d:\program files\PC App Store\4.10.1.7752\PCFApiUtil.sys --> d:\program files\PC App Store\4.10.1.7752\PCFApiUtil.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-15 01:22 988488 ----a-w- d:\program files\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contenu du dossier 'T�ches planifi�es'
.
2015-04-19 d:\windows\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job
- d:\windows\system32\cscript.exe [2014-06-13 17:45]
.
2015-04-19 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22 07:30]
.
2015-04-19 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2015-01-24 02:01]
.
2015-04-19 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2015-01-24 02:01]
.
2015-04-19 d:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - � la connexion.job
- d:\windows\system32\xp_eos.exe [2014-10-27 23:28]
.
2015-04-08 d:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- d:\windows\system32\xp_eos.exe [2014-10-27 23:28]
.
.
------- Examen suppl�mentaire -------
.
mStart Page = about:blank
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - d:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1h6dja5n.default\
FF - prefs.js: browser.startup.homepage - about:home|hxxps://www.facebook.com/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-LSI Soft Modem - d:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-19 21:11
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe????????????????????????????????????????????????????????????????????????????????????
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPDFToolsReadSpool]
"ImagePath"="d:\windows\Installer\MSI26C.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-796845957-1960408961-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,91,e8,f2,1c,ca,78,4d,b5,6c,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,91,e8,f2,1c,ca,78,4d,b5,6c,95,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3d38eb21-5019-4e58-afbf-339533e68471}]
@Denied: (Full) (Everyone)
"Model"=dword:00000041
"Therad"=dword:0000001e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ff,3b,bb,25,e3,d9,72,79,26,42,49,5c,32,94,1e,27,70,74,15,b6,2b,
6b,bd,09,66,ae,c0,fc,c7,67,f8,18,48,e6,99,41,35,3c,5a,89,00,00,00,00,00,00,\
.
Heure de fin: 2015-04-19 21:13:18
ComboFix-quarantined-files.txt 2015-04-19 21:13
.
Avant-CF: 29�884�649�472 octets libres
Apr�s-CF: 30�004�678�656 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - 86FD8B4C2B95F9AC3C7F65A7727634B4
C99C3199CFAA4CBDCD91493F6D113A50

Publicité


Signaler le contenu de ce document

Publicité