Format du document : text/plain
Prévisualisation
ComboFix 16-04-06.01 - nadia1 08/04/2016 17:16:14.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.212.1036.18.1015.523 [GMT 0:00]
Running from: c:\documents and settings\nadia1\Bureau\ComboFix.exe
AV: ESET Smart Security 9.0.375.1 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Pare-feu personnel d'ESET *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2016-03-08 to 2016-04-08 )))))))))))))))))))))))))))))))
.
.
2016-04-08 17:06 . 2016-04-08 17:06 -------- d-----w- c:\program files\CCleaner
2016-04-08 17:04 . 2016-04-08 17:04 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-04-08 17:04 . 2016-04-08 17:04 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-08 16:40 . 2016-04-08 16:42 -------- d-----w- c:\documents and settings\nadia1\Application Data\ZHP
2016-04-02 13:16 . 2016-04-02 13:16 -------- d-----w- c:\documents and settings\nadia1\Application Data\Mael
2016-03-29 14:25 . 2016-04-08 16:29 -------- d-----w- c:\documents and settings\nadia1\Local Settings\Application Data\Google
2016-03-14 09:47 . 2016-03-14 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MetaQuotes
2016-03-14 09:42 . 2016-03-14 09:47 -------- d-----w- c:\documents and settings\nadia1\Application Data\MetaQuotes
2016-03-10 19:38 . 2016-04-08 16:29 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-23 15:25 . 2016-02-23 15:25 69816 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2016-02-23 15:25 . 2016-02-23 15:25 47168 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2016-02-23 15:25 . 2016-02-23 15:25 206312 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-02-23 15:25 . 2016-02-23 15:25 152728 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-02-23 15:25 . 2016-02-23 15:25 146024 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-02-23 15:25 . 2016-02-23 15:25 111040 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-01-28 09:20 . 2016-02-11 14:26 138864 ----a-w- c:\windows\system32\drivers\idmtdi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 12:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-04-02 3933392]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-03-11 6667992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"RTHDCPL"="RTHDCPL.EXE" [2013-10-04 20145368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [23/02/2016 15:25 206312]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [23/02/2016 15:25 146024]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [11/02/2016 14:26 138864]
R2 ekbdflt;ekbdflt;c:\windows\system32\drivers\ekbdflt.sys [23/02/2016 15:25 111040]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [23/02/2016 14:20 1982752]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03/03/2016 23:31 1691480]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [03/03/2016 22:59 332928]
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 17:04]
.
.
------- Supplementary Scan -------
.
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
Trusted Zone: eset.com\help
FF - ProfilePath - c:\documents and settings\nadia1\Application Data\Mozilla\Firefox\Profiles\qozuhbnj.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-04-08 17:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):de,be,3e,c5,46,e0,a5,ec,d4,ca,ba,0f,c3,7d,84,50,8c,cf,8b,d2,7a,
29,d9,e3,c6,33,e7,90,47,48,48,3b,33,82,65,5e,e5,eb,7a,29,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fe350300-0fa4-40ac-8ba6-ef6e693da6c4}]
@Denied: (Full) (Everyone)
"Model"=dword:0000005b
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,1e,db,c6,8d,40,2a,1f,2c,24,b2,db,9a,e3,66,45,b8,ea,cb,06,59,b5,6c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(492)
c:\program files\Internet Download Manager\IDMShellExt.dll
c:\program files\Internet Download Manager\IDMNetMon.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2016-04-08 17:21:10
ComboFix-quarantined-files.txt 2016-04-08 17:21
.
Pre-Run: 35 773 120 512 octets libres
Post-Run: 35 736 481 792 octets libres
.
- - End Of File - - 9356814DC45514C085B52C75BFD411DD
C99C3199CFAA4CBDCD91493F6D113A50