cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-09-07.01 - Administrateur 11/09/2015 18:50:41.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.212.1036.18.1014.498 [GMT 1:00]
Running from: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: avast! Internet Security *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrateur\ZHPDiag3.exe
c:\windows\msdownld.tmp
F:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2015-08-11 to 2015-09-11 )))))))))))))))))))))))))))))))
.
.
2015-09-07 23:28 . 2015-09-07 23:28 -------- d-----w- c:\windows\system32\NtmsData
2015-09-06 18:18 . 2015-09-06 18:20 -------- dc-h--w- c:\windows\ie8
2015-09-06 17:41 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2015-09-05 20:13 . 2015-09-05 20:13 -------- dc----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Softx_Bots
2015-09-01 17:29 . 2015-09-01 17:29 -------- dcsha-r- C:\$RECYCLEBIN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-01-30 3540416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-05-21 561263]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2013-07-02 254336]
"VideoLAN"="c:\windows\system32\wscript.exe" [2008-05-08 155648]
"C-cleaner"="c:\windows\system32\wscript.exe" [2008-05-08 155648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Tencent\\QQPlayer\\Tencentdl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [30/01/2013 16:12 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [30/01/2013 16:13 199320]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [30/01/2013 16:13 106560]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [30/01/2013 16:13 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30/01/2013 16:13 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/01/2013 16:13 361032]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [01/03/2013 13:04 112480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/01/2013 16:13 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [30/01/2013 16:12 133912]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [09/02/2013 20:58 1714176]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [09/02/2013 20:57 57440]
S3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [03/04/2013 17:32 103552]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-06 19:01 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-30 23:08]
.
2015-09-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-30 22:50]
.
2015-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-06 18:57]
.
2015-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-09-06 18:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 180.250.41.44:8080
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-09-11 19:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-1993962763-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,4f,6c,9b,0e,7e,90,44,a5,ea,2d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,4f,6c,9b,0e,7e,90,44,a5,ea,2d,\
.
[HKEY_USERS\S-1-5-21-343818398-1993962763-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\AudioCD\shell\O(uQ*Q*q_ó—­d>e\command]
@="\"c:\\Program Files\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2c876202-5009-4381-86be-2e28b9a388de}]
@Denied: (Full) (Everyone)
"Model"=dword:00000087
"Therad"=dword:00000015
"SpecVersion"=dword:000000bd
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):81,63,3c,0b,29,90,37,d1,f0,15,29,70,0e,6b,65,67,ea,84,43,e1,d5,
aa,96,cd,b2,df,a7,f5,c5,1b,c6,c8,c1,8d,82,54,46,74,1f,89,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\DVD\shell\O(uQ*Q*q_ó—­d>e\command]
@="\"c:\\Program Files\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3936)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\acs.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2015-09-11 19:06:10 - machine was rebooted
ComboFix-quarantined-files.txt 2015-09-11 18:06
.
Pre-Run: 3 437 248 512 octets libres
Post-Run: 3 755 458 560 octets libres
.
- - End Of File - - EB9D2F56B4D808918C44F98661D6ACB0
C99C3199CFAA4CBDCD91493F6D113A50

Publicité


Signaler le contenu de ce document

Publicité