Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    Reda Elabbadi
    182 views4 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    182 views4 pages

    Combo Fix

    Uploaded by

    Reda Elabbadi

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    ComboFix 11-11-29.04 - Admin 30/11/2011 1:06.1.

    1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.247.123 [GMT 0:00
    ]
    Lanc depuis: c:\documents and settings\Admin\Bureau\ComboFix.exe
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    C:\autorun.inf
    C:\dfinstall.log
    c:\program files\Common Files\SysAnti.exe
    C:\SysAnti.exe
    c:\windows\Fonts\bdhmj.dll
    c:\windows\Fonts\blbxx.dll
    c:\windows\Fonts\cvevs.dll
    c:\windows\Fonts\oapsf.dll
    c:\windows\Fonts\sscjt.dll
    c:\windows\Fonts\wssue.dll
    c:\windows\system32\msssc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))
    ))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DrvKiller
    .
    .
    ((((((((((((((((((((((((((((( Fichiers crs du 2011-10-28 au 2011-11-30 ))))))))
    ))))))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))
    ))))))))))))))))))))))))))))))
    .
    2011-09-19 00:18 . 2011-09-19 00:18
    499712 ----a-wc:\windows\syste
    m32\msvcp71.dll
    2011-09-19 00:18 . 2011-09-19 00:18
    348160 ----a-wc:\windows\syste
    m32\msvcr71.dll
    2011-09-19 00:17 . 2011-09-19 00:17
    404640 ----a-wc:\windows\syste
    m32\FlashPlayerCPLApp.cpl
    2011-09-18 20:04 . 2011-09-18 20:04
    923
    ----a-wc:\windows\syste
    m32\presetup.cmd
    .
    .
    ------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-08-21 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512]
    . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .

    *Note* les lments vides & les lments initiaux lgitimes ne sont pas lists
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-01-31 98304]
    "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2002-05-28 696
    32]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
    "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 79
    8720]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
    l.exe" [2009-02-27 35696]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [20
    11-09-19 185896]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-08-21 123904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    \DfLogon]
    2006-11-28 18:55
    65536 ----a-wc:\windows\system32\LogonDll.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute
    REG_MULTI_SZ
    autocheck autochk /k:C *
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    .
    R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [28/11/2006 18:57 127
    896]
    .
    .
    ------- Examen supplmentaire ------.
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/300
    0
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Fire
    fox\Profiles\scumjpek.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1
    &q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.ma/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Moz
    illa Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/

    /www.gmer.net
    Rootkit scan 2011-11-30 01:13
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachs ...
    .
    Recherche d'lments en dmarrage automatique cachs ...
    .
    Recherche de fichiers cachs ...
    .
    Scan termin avec succs
    Fichiers cachs: 0
    .
    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES --------------------.
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C
    }]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):06,40,46,0f,72,87,62,48,60,2c,9d,8e,57,88,2c,83,bc,51,ff,ff,22,
    39,15,da,b2,d7,cd,69,88,45,42,3d,b2,2f,f0,2e,66,6c,58,23,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fb19decf-dcb9-4069-b882-40e5c817c9eb
    }]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000123
    "Therad"=dword:00000015
    .
    --------------------- DLLs charges dans les processus actifs -------------------.
    - - - - - - - > 'winlogon.exe'(664)
    c:\windows\system32\LogonDll.dll
    .
    - - - - - - - > 'explorer.exe'(3232)
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    ------------------------ Autres processus actifs -----------------------.
    c:\program files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2011-11-30 01:15:54 - La machine a redmarr
    ComboFix-quarantined-files.txt 2011-11-30 01:15
    .
    Avant-CF: 35624869888 octets libres
    Aprs-CF: 35598393344 octets libres
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

    [Boot Loader]
    timeout=2
    Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [Operating Systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel"
    /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="USB Repair NOT to Start Microsoft W
    indows XP Professionnel" /noexecute=optin /fastdetect
    .
    - - End Of File - - A039190E1ACEE4A6C0555487C07A175D

    You might also like