cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-09-03.01 - Utilisateur 05/09/2015 17:14:40.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1256.213.1036.18.2038.1607 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur\Mes documents\Downloads\Programs\ComboFix.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\Documents and Settings\All Users\Application Data\1427141085.bdinstall.bin
C:\Documents and Settings\All Users\ntuser.pol
C:\Program Files\Movies App\Datamngr\SRTOOL~1\GC\install.ico
C:\Program Files\Movies App\Datamngr\SRTOOL~1\GC\uninstall.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GLOBALUPDATE


((((((((((((((((((((((((( Files Created from 2015-08-05 to 2015-09-05 )))))))))))))))))))))))))))))))


2015-09-05 12:52:17 . 2015-09-05 12:52:18 -------- d---a-r- C:\$RECYCLEBIN
2015-09-05 12:38:47 . 2015-09-05 12:38:47 -------- d-----w- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\ilividmoviestoolbar280
2015-09-05 12:38:47 . 2015-09-05 12:38:47 -------- d-----w- C:\Documents and Settings\Utilisateur\Application Data\ilividmoviestoolbar280
2015-09-05 12:38:46 . 2015-09-05 12:38:46 -------- d-----w- C:\Program Files\IAC Updater
2015-09-05 12:38:44 . 2015-09-05 12:50:04 -------- d-----w- C:\Program Files\Movies App
2015-09-05 12:37:39 . 2015-09-05 12:37:39 -------- d-----w- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\iLivid
2015-09-03 20:33:04 . 2015-09-04 07:20:54 98520 ----a-w- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2015-09-03 20:32:51 . 2015-06-18 07:41:46 121560 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2015-09-03 20:32:51 . 2015-06-18 07:41:36 23256 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2015-09-03 20:32:37 . 2015-09-03 20:32:56 -------- d-----w- C:\Program Files\Malwarebytes Anti-Malware
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-09-03 19:29:54 . 2015-02-09 13:41:28 20 ----a-w- C:\Documents and Settings\Utilisateur\Application Data\appdataFr3.bin
2015-07-19 10:27:02 . 2014-12-24 20:13:08 778416 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-19 10:27:02 . 2014-12-24 20:13:08 142512 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-24 15:05:35 . 2014-12-24 14:53:49 50063360 ----a-w- C:\Program Files\GUT2D.tmp


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2008-08-03 05:56:36 . 33578A738C564B4F84D906EFD91025E5 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02:14 23008 ----a-w- C:\Program Files\Internet Download Manager\IDMShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2014-12-23 18:35:51 3886672]
"Trojan Killer (32-bit)"="C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" [2014-12-31 11:54:25 9679648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 09:08:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 09:08:12 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 09:07:42 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 14:47:50 16859648]
"TkBellExe"="C:\Program Files\Real\RealPlayer\update\realsched.exe" [2014-12-24 14:45:14 295512]
"InstallerLauncher"="C:\Program Files\Fichiers communs\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" [BU]
"Free Player"="C:\PROGRA~1\FREEPL~1\FreePlayer.exe" [2009-11-20 17:00:20 1835008]
"VideoLAN"="C:\WINDOWS\system32\wscript.exe" [2008-11-07 11:00:30 155648]
"C-cleaner"="C:\WINDOWS\system32\wscript.exe" [2008-11-07 11:00:30 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\
Free Player.lnk - C:\Program Files\FreePlayer\UNWISE.EXE /W1 "C:\Program Files\FreePlayer\INSTALL.LOG" [2015-6-2 165376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^MyPC Backup.lnk]
path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\MyPC Backup.lnk
backup=C:\WINDOWS\pss\MyPC Backup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^Trojan.Killer.Ac.rar.lnk]
path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\Trojan.Killer.Ac.rar.lnk
backup=C:\WINDOWS\pss\Trojan.Killer.Ac.rar.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoForFiles Installer Starter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YTDownloader

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2014-12-12 17:21:24 5489944 ----a-w- C:\Program Files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2015-01-23 14:44:56 31090792 ----a-w- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2006-07-07 16:45:00 1052672 ----a-w- C:\Program Files\SuperCopier2\SuperCopier2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trojan Killer (32-bit)]
2014-12-31 11:54:25 9679648 ----a-w- C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 IDMTDI;IDMTDI;C:\WINDOWS\system32\drivers\idmtdi.sys [16/12/2014 13:41:32 123360]
R2 IAC Update Service;IAC Update Service;C:\Program Files\IAC Updater\iacupdater.exe [10/06/2015 19:55:12 180128]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [12/08/2014 11:34:48 39056]
S2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe [02/01/2015 19:45:12 315488]
S3 cmusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2051;C:\WINDOWS\system32\drivers\cmusbser.sys [04/04/2015 17:16:12 103552]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\WINDOWS\system32\drivers\gtkdrv.sys [30/12/2014 11:06:10 16128]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-15 16:04:12 1087816 ----a-w- C:\Program Files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2015-07-19 C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
- C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-19 10:27:02 . 2015-07-19 10:27:02]

2015-07-19 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-24 20:13:08 . 2015-07-19 10:27:03]

2015-02-11 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-24 14:53:57 . 2014-12-24 14:53:51]

2015-09-05 C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1424634464.job
- C:\Program Files\Opera\launcher.exe [2015-02-22 19:47:50 . 2015-07-10 13:44:09]

2015-07-17 C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-299502267-1417001333-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2014-08-29 18:12:10 . 2014-08-29 18:12:10]

2015-07-17 C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-299502267-1417001333-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2014-08-29 18:12:10 . 2014-08-29 18:12:10]


Publicité


Signaler le contenu de ce document

Publicité