cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-05-09.01 - Administrateur 10/05/2015 14:03:39.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.212.1036.18.1015.566 [GMT 2:00]
Running from: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
[i] ADS - WINDOWS: deleted 192 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrateur\Local Settings\Application Data\assembly\tmp
C:\Documents
c:\windows\system\VB40032.DLL
c:\windows\system32\ShellExt\CmdOpen.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-04-10 to 2015-05-10 )))))))))))))))))))))))))))))))
.
.
2015-05-03 23:06 . 2015-05-03 23:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
2015-05-01 09:01 . 2015-05-01 09:03 -------- d-----w- c:\program files\MetaTrader 4 - RoboForex
2015-04-29 02:31 . 2015-04-30 00:07 -------- d-----w- c:\program files\XM MT4
2015-04-27 15:13 . 2015-04-27 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1995-08.com.techsmith
2015-04-27 15:13 . 2015-04-27 15:13 -------- d-----w- c:\program files\Fichiers communs\TechSmith Shared
2015-04-27 11:25 . 2015-04-27 11:41 -------- d-----w- c:\program files\FBS Trader 4
2015-04-23 17:23 . 2015-04-24 22:22 -------- d-----w- c:\program files\CCleaner
2015-04-21 19:50 . 2015-04-21 19:51 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\MetaGeek,_LLC
2015-04-17 13:12 . 2015-04-17 13:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\aipai
2015-04-17 13:09 . 2015-04-17 13:16 -------- d-----w- c:\program files\SmartPixel
2015-04-16 21:43 . 2015-04-16 21:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\mkvtoolnix
2015-04-16 21:42 . 2015-04-16 21:42 -------- d-----w- c:\program files\MKVToolNix
2015-04-16 10:29 . 2015-04-16 10:29 -------- d-----w- c:\program files\ESET
2015-04-16 10:29 . 2015-04-16 10:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2015-04-15 22:15 . 2015-04-15 22:15 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GiliSoft
2015-04-15 20:50 . 2015-05-10 11:58 -------- d-----w- c:\documents and settings\Administrateur\Application Data\IDM
2015-04-15 20:50 . 2015-04-21 07:53 -------- d-----w- c:\program files\Internet Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-22 11:40 . 2015-02-07 23:07 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-22 11:40 . 2015-02-07 23:07 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-18 01:06 . 2015-03-26 13:50 127224 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2015-03-10 15:24 . 2014-09-22 07:20 63160 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2015-03-10 15:24 . 2014-09-22 07:20 39464 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2015-03-10 15:24 . 2014-09-22 07:20 193464 ----a-w- c:\windows\system32\drivers\eamonm.sys
2015-03-10 15:24 . 2014-09-22 07:20 176448 ----a-w- c:\windows\system32\drivers\epfw.sys
2015-03-10 15:24 . 2014-09-22 07:20 135808 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2015-02-26 12:41 . 2014-12-24 16:06 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-02-26 12:41 . 2014-12-24 16:06 146432 ----a-w- c:\windows\system32\javacpl.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-09-27 10:24 . 0F350F1870E65C510FFFF60D7EE14BA8 . 1504256 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-09-27 . 4BB6301D634C857A5089E8B24C5555E4 . 593408 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-09-27 . AAC42FD16A1976DE9A0773E740597644 . 693248 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-09-27 . B6BC3773B01BF85B880F56C198EEA90B . 3774464 . . [7.00.6000.20861] . . c:\windows\system32\mshtml.dll
.
[-] 2008-09-27 . EF31A8266AF7996746392E4F45502536 . 517632 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-09-27 . 90B16FF3ACEC94B95BA95AA686442A47 . 879616 . . [7.00.6000.20861] . . c:\windows\system32\wininet.dll
.
[-] 2008-09-27 . BFBBBFE0913E6C9706F97598A6588B8F . 1573888 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . AAF8E9C2CF1DB93C3EE5C12BC6A7ACEA . 282624 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-09-27 . B3D95BCB6D0B033BEBFB81FADDA8B8AC . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-09-27 . 36FA7DAFA6C2658D9F48C69FB812943B . 2165760 . . [5.1.2600.5586] . . c:\windows\system32\ntkrnlpa.exe
.
.
[-] 2008-09-27 . 928F1D57DD79B2EDDE517B2FFEB570C9 . 2287104 . . [5.1.2600.5586] . . c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-20 3898960]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-04-23 6278424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"JkDefrag"="advpack.dll" [2008-08-28 124928]
"SweetRegistry"="advpack.dll" [2008-08-28 124928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-04-23 14:56 6278424 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"8298:TCP"= 8298:TCP:TechSmith Snagit
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [22/09/2014 09:20 193464]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [22/09/2014 09:20 135808]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [26/03/2015 15:50 127224]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [28/01/2015 14:08 1349576]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [20/12/2014 18:03 66944]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [30/11/2014 23:32 332928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
2008-08-28 14:35 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07 11:40]
.
2015-04-27 c:\windows\Tasks\TechSmith Updater.job
- c:\program files\Fichiers communs\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04 14:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
ucustomizesearch = hxxp://www.google.com/ie
usearchassistant = hxxp://www.google.com/ie
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: T�l�charger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: T�l�charger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\8a5t6fr6.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-05-10 14:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (S-1-5-32)
@SACL=
"scansk"=hex(0):33,4d,fd,01,9b,e0,79,e0,ac,bb,03,ea,42,99,ae,17,ea,04,f6,0a,26,
02,b1,9e,8c,a2,13,e4,e5,8d,59,fa,c1,b8,10,ba,30,e5,ea,e2,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (S-1-5-32)
@SACL=
"scansk"=hex(0):90,06,f9,c8,be,99,0d,53,63,fd,d0,c3,e5,02,32,df,8e,b0,ca,ec,12,
81,d3,db,03,21,fe,26,eb,dd,67,9e,d2,9c,2e,c9,5d,4c,5f,96,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9411b2fb-2e69-433e-8e09-6fb88ac5126a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000167
"Therad"=dword:0000001b
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9bec1ef8-579d-435d-9070-692f42f0b9c3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000037
"Therad"=dword:00000007
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1736)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(2008)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
Completion time: 2015-05-10 14:16:09
ComboFix-quarantined-files.txt 2015-05-10 12:16
.
Pre-Run: 20�617�842�688 octets libres
Post-Run: 20�594�962�432 octets libres
.
- - End Of File - - 717A468F87FBEBB13D887161ED4228AB
C99C3199CFAA4CBDCD91493F6D113A50

Publicité


Signaler le contenu de ce document

Publicité