cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-12-24.01 - Ismael 12/24/2015 20:37:22.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1176 [GMT 0:00]
Running from: c:\documents and settings\Ismael\My Documents\Downloads\Programs\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-11-24 to 2015-12-24 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-24 12:29 . 2008-04-14 12:00 23040 ----a-w- c:\windows\system32\setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ------w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-12-24 3870288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
.
c:\documents and settings\Ismael\Start Menu\Programs\Startup\
mttipueb.exe [2015-12-24 108544]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 iastor7;iastor7;c:\windows\system32\drivers\iastor7.sys [12/24/2015 5:40 PM 471360]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [8/11/2014 7:46 AM 121440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [10/25/2011 1:57 AM 73984]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [10/25/2011 1:57 AM 165120]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192Ce.sys [12/24/2015 6:44 PM 1220072]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/24/2015 8:19 PM 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/24/2015 8:00 PM 31832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-24 19:30 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-24 19:29]
.
2015-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-24 19:29]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23AEC52B-DCA7-492C-A331-3B2BDF964607}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Ismael\Application Data\Mozilla\Firefox\Profiles\mmm4m7io.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-12-24 20:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2580)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
.
Completion time: 2015-12-24 20:43:22
ComboFix-quarantined-files.txt 2015-12-24 20:43
.
Pre-Run: 100,566,106,112 bytes free
Post-Run: 100,555,091,968 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(4)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 34B574EE9046B6FAFF6D6FF09712735C

Publicité


Signaler le contenu de ce document

Publicité