cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-07-23.01 - user 07/30/2015 2:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.510.286 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET Smart Security 8.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\ZHPDiag3.exe
c:\windows\msmqinst.log
c:\windows\system32\MUI\0401\tourstart.exe
c:\windows\system32\MUI\040C\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-06-28 to 2015-07-30 )))))))))))))))))))))))))))))))
.
.
2015-07-29 00:30 . 2015-07-29 00:31 -------- d-----w- c:\program files\ZHPFix
2015-07-28 23:56 . 2015-07-28 23:56 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2015-07-28 18:50 . 2015-07-28 18:50 -------- d-----w- c:\windows\ie8updates
2015-07-28 18:10 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2015-07-28 18:10 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\dllcache\xp_eos.exe
2015-07-28 06:58 . 2015-07-28 06:58 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\ESET
2015-07-28 06:58 . 2015-07-28 06:58 -------- d-----w- c:\documents and settings\user\Application Data\ESET
2015-07-28 06:56 . 2015-07-28 06:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2015-07-28 06:51 . 2015-07-28 06:51 -------- d-----w- c:\program files\ESET
2015-07-28 06:51 . 2015-07-28 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2015-07-28 06:15 . 2010-09-16 18:10 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
2015-07-28 06:15 . 2010-09-16 18:10 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2015-07-28 05:36 . 2012-05-28 18:16 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2015-07-28 05:25 . 2014-01-04 03:13 420864 ------w- c:\windows\system32\dllcache\vbscript.dll
2015-07-28 05:25 . 2011-03-04 06:35 726528 ------w- c:\windows\system32\dllcache\jscript.dll
2015-07-28 05:24 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2015-07-28 05:24 . 2013-07-04 03:03 2149888 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2015-07-28 05:24 . 2013-07-04 02:59 2193536 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2015-07-28 05:24 . 2013-07-04 02:08 2028544 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2015-07-28 05:17 . 2011-07-15 13:29 457856 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2015-07-28 05:09 . 2013-07-03 02:12 25088 ------w- c:\windows\system32\dllcache\hidparse.sys
2015-07-28 05:09 . 2013-07-03 01:59 14976 ------w- c:\windows\system32\dllcache\usbscan.sys
2015-07-28 05:04 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2015-07-28 05:03 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2015-07-28 05:03 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2015-07-28 04:52 . 2012-07-04 14:05 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2015-07-28 04:51 . 2013-08-09 00:55 144128 ------w- c:\windows\system32\dllcache\usbport.sys
2015-07-28 04:51 . 2013-08-09 00:55 32384 ------w- c:\windows\system32\dllcache\usbccgp.sys
2015-07-28 04:51 . 2013-08-09 00:55 5376 ------w- c:\windows\system32\dllcache\usbd.sys
2015-07-28 04:51 . 2009-03-18 11:02 30336 ------w- c:\windows\system32\dllcache\usbehci.sys
2015-07-28 04:48 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2015-07-28 04:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2015-07-28 04:47 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2015-07-28 04:47 . 2013-11-27 20:21 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2015-07-28 04:47 . 2015-07-28 18:59 -------- d--h--w- c:\windows\$hf_mig$
2015-07-28 04:45 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2015-07-27 23:47 . 2015-07-27 23:47 98520 ----a-w- c:\windows\system32\drivers\2EE553B7.sys
2015-07-27 23:36 . 2015-07-27 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2015-07-27 18:31 . 2015-07-27 18:31 -------- d-----w- c:\program files\Common Files\Skype
2015-07-27 18:28 . 2015-07-27 18:29 -------- d-----w- c:\program files\Skype
2015-07-27 17:21 . 2015-07-29 01:28 -------- d-----w- c:\documents and settings\user\Application Data\ZHP
2015-07-11 21:54 . 2015-07-11 21:54 -------- d-----w- c:\program files\Google
2015-07-11 14:14 . 2015-07-11 14:14 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Skype
2015-07-11 14:13 . 2015-07-27 18:47 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2015-07-11 14:13 . 2012-06-02 12:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2015-07-11 14:13 . 2012-06-02 12:18 214256 ----a-w- c:\windows\system32\muweb.dll
2015-07-11 14:12 . 2015-07-27 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2015-07-11 14:03 . 2015-07-11 14:04 -------- d-----w- c:\documents and settings\user\Application Data\ViberPC
2015-07-11 13:37 . 2015-07-11 16:42 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Google
2015-07-11 13:36 . 2015-07-05 10:11 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-11 13:35 . 2015-07-11 13:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2015-07-11 13:34 . 2015-07-27 17:10 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-11 13:34 . 2015-07-27 17:10 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-11 13:34 . 2015-07-11 13:34 -------- d-----w- c:\program files\SuperCopier2
2015-07-11 13:34 . 2015-07-30 00:01 -------- d-----w- c:\documents and settings\user\Application Data\DMCache
2015-07-11 13:34 . 2015-07-27 23:21 -------- d-----w- c:\documents and settings\user\Application Data\IDM
2015-07-11 13:34 . 2015-07-11 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\IDM
2015-07-11 13:34 . 2015-07-29 23:46 -------- d-----w- c:\program files\Internet Download Manager
2015-07-11 06:30 . 2004-08-20 08:26 737874 ----a-w- c:\windows\system32\drivers\ialmnt5.sys
2015-07-11 06:30 . 2004-08-20 08:25 766576 ----a-w- c:\windows\system32\ialmdd5.dll
2015-07-11 06:30 . 2004-08-20 08:18 153008 ----a-w- c:\windows\system32\ialmdev5.dll
2015-07-11 06:30 . 2004-08-20 08:11 37951 ----a-w- c:\windows\system32\ialmrnt5.dll
2015-07-11 06:30 . 2004-08-20 08:11 100924 ----a-w- c:\windows\system32\ialmdnt5.dll
2015-07-11 06:30 . 2004-08-20 08:10 495616 ----a-w- c:\windows\system32\ialmgdev.dll
2015-07-11 06:30 . 2004-08-20 08:09 2289664 ----a-w- c:\windows\system32\ialmgicd.dll
2015-07-11 06:29 . 2007-06-18 08:12 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2015-07-11 06:29 . 2004-12-09 04:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2015-07-11 06:29 . 2004-12-08 06:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2015-07-11 06:29 . 2001-12-28 19:55 24035 ----a-r- c:\windows\system32\drivers\eaps2kbd.sys
2015-07-11 06:29 . 2001-09-05 03:25 40960 ----a-r- c:\windows\LoadDll.dll
2015-07-11 06:29 . 2000-03-13 20:16 18841 ----a-r- c:\windows\system32\FltrCoi.dll
2015-07-11 06:29 . 1999-10-29 20:35 24348 ----a-r- c:\windows\system32\drivers\EAWDMFD.SYS
2015-07-11 06:27 . 2015-07-11 06:27 -------- d-----w- c:\program files\Analog Devices
2015-07-11 06:27 . 2007-08-31 21:21 765952 ----a-w- c:\windows\system\crlds3d.dll
2015-07-11 06:27 . 2007-08-31 21:21 732928 ----a-w- c:\windows\system32\drivers\senfilt.sys
2015-07-11 06:27 . 2007-08-31 21:21 311296 ----a-w- c:\windows\system32\Edcrypt.dll
2015-07-11 06:27 . 2007-08-31 21:21 23040 ----a-w- c:\windows\system32\PostProc.dll
2015-07-11 06:27 . 2015-07-11 06:30 -------- dc----w- c:\windows\system32\DRVSTORE
2015-07-11 06:27 . 2007-08-31 21:21 260224 ----a-w- c:\windows\system32\drivers\smwdm.sys
2015-07-11 06:27 . 2006-08-15 15:47 720896 ----a-w- c:\windows\system32\a3d.dll
2015-07-11 06:27 . 2006-08-15 15:47 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2015-07-11 06:27 . 2006-08-15 15:47 100384 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2015-07-11 06:26 . 2008-04-14 00:41 7168 ----a-w- c:\windows\system32\hccoin.dll
2015-07-11 06:26 . 2008-08-20 07:18 171152 ----a-w- c:\windows\system32\drivers\e1000325.sys
2015-07-11 06:26 . 2008-08-28 10:37 41080 ----a-w- c:\windows\system32\NicInstG.dll
2015-07-11 06:26 . 2007-12-14 05:06 121440 ----a-w- c:\windows\system32\e1000msg.dll
2015-07-11 06:26 . 2007-08-06 17:28 28272 ----a-w- c:\windows\system32\NicCo2.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-20 12:55 . 2015-05-20 13:57 128528 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-05-20 3903056]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2015-01-28 5088456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-09-16 128512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [30/01/2015 03:13 ã 193464]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [30/01/2015 03:13 ã 135808]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [20/05/2015 03:57 ã 128528]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [28/01/2015 01:08 ã 1349576]
S0 SMBALI;SMBALI;c:\windows\system32\DRIVERS\SMBALI.sys --> c:\windows\system32\DRIVERS\SMBALI.sys [?]
S0 SMBHC;SMBHC;c:\windows\system32\DRIVERS\SMBHC.sys --> c:\windows\system32\DRIVERS\SMBHC.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\MBAMSwissArmy.sys --> c:\windows\system32\drivers\MBAMSwissArmy.sys [?]
S3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [19/11/2010 09:47 ã 29744]
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-11 17:10]
.
2015-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1659004503-682003330-1001Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-07-11 16:42]
.
2015-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1659004503-682003330-1001UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-07-11 16:42]
.
2015-07-29 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2015-07-28 01:59]
.
2015-07-28 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2015-07-28 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &ÊÕÏíÑ Åáì Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files\Internet Download Manager\IEExt.htm
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-30 02:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{439b2d3e-c4ca-430f-8785-cfca40b17523}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d1
"Therad"=dword:00000013
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9e,11,48,5a,38,b0,0c,ac,f1,b3,53,d7,e3,06,fd,30,0c,3f,7a,bb,58,
d2,98,bd,81,3e,b6,af,9b,fd,90,9e,e4,13,65,da,ca,d7,dc,4a,00,00,00,00,00,00,\
.
Completion time: 2015-07-30 02:13:28
ComboFix-quarantined-files.txt 2015-07-30 00:13
.
Pre-Run: 8,810,070,016 bytes free
Post-Run: 8,784,494,592 bytes free
.
- - End Of File - - 9347BE13E2B37C23F312E8CB3E3D3929
8F558EB6672622401DA993E1E865C861

Publicité


Signaler le contenu de ce document

Publicité