cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 16-04-22.01 - musique 23/04/2016 17:40:39.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.1976.1130 [GMT 2:00]
Lancé depuis: c:\users\musique\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\musique\ZHPDiag3.exe
c:\windows\system32\drivers\373d1993919dcc0c.sys
.
Une copie infectée de c:\windows\system32\drivers\ntfs.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18378_none_a83b9ab47b5adef3\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_373d1993919dcc0c
-------\Service_373d1993919dcc0c
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-03-23 au 2016-04-23 ))))))))))))))))))))))))))))))))))))
.
.
2016-04-23 15:47 . 2016-04-23 15:47 -------- d-----w- c:\users\proflocal\AppData\Local\temp
2016-04-23 15:47 . 2016-04-23 15:47 -------- d-----w- c:\users\Eleve\AppData\Local\temp
2016-04-23 13:53 . 2016-04-23 13:53 -------- d-----w- c:\program files\Common Files\Java
2016-04-23 01:29 . 2016-04-23 01:31 -------- d-----w- c:\windows\system32\catroot2
2016-04-23 00:21 . 2016-04-23 15:48 -------- d-----w- c:\windows\system32\wbem\repository
2016-04-22 15:48 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2016-04-22 15:40 . 2016-04-22 15:40 -------- d-----w- c:\users\musique\AppData\Local\VirtualStore
2016-04-22 14:23 . 2016-04-22 15:53 -------- d-----w- c:\users\musique\AppData\Roaming\XnView
2016-04-22 12:53 . 2016-04-22 12:53 -------- d-----w- C:\RegBackup
2016-04-17 21:36 . 2016-04-18 21:41 -------- d-----w- c:\program files\AVAST Software
2016-04-17 18:48 . 2016-04-17 18:48 -------- d-----w- c:\users\musique\AppData\Roaming\dvdcss
2016-04-17 12:33 . 2016-04-17 12:33 -------- d-----w- c:\program files\Common Files\AV
2016-04-16 09:23 . 2016-04-16 09:23 -------- d-----w- c:\program files\CCleaner
2016-04-14 22:52 . 2016-04-22 15:46 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-14 22:52 . 2016-04-14 22:52 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-04-14 22:52 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-14 22:52 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-14 22:52 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-14 22:03 . 2016-04-14 22:43 -------- d-----w- C:\AdwCleaner
2016-04-13 10:11 . 2016-04-13 10:11 -------- d-----w- c:\users\musique\AppData\Local\Macromedia
2016-04-13 10:09 . 2016-04-17 12:50 -------- d-----w- c:\users\musique\AppData\Roaming\ZHP
2016-04-13 06:45 . 2016-04-17 21:51 -------- d-----w- c:\users\musique\AppData\Local\Chromium
2016-04-12 15:26 . 2016-04-12 15:26 -------- d-----w- C:\UsbFix
2016-04-05 06:21 . 2016-04-05 06:21 -------- d-----w- c:\users\adminlocal\AppData\Local\Google
2016-04-04 12:10 . 2016-04-05 06:17 -------- d-----w- c:\users\adminlocal\AppData\Local\ElevatedDiagnostics
2016-04-04 09:33 . 2016-04-04 09:33 -------- d-----w- c:\users\musique\AppData\Local\Trend Micro
2016-03-31 09:22 . 2016-03-31 09:22 -------- d-----w- c:\users\musique\AppData\Local\CEF
2016-03-30 07:30 . 2016-03-30 07:30 -------- d-----w- c:\users\musique\Tracing
2016-03-30 07:09 . 2016-03-30 07:09 -------- d-----w- c:\windows\fr
2016-03-30 07:08 . 2016-03-30 07:08 -------- dc----w- c:\windows\system32\DRVSTORE
2016-03-30 07:08 . 2014-03-31 19:36 49856 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2016-03-30 07:07 . 2016-03-30 07:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2016-03-30 07:05 . 2016-03-30 07:05 -------- d-----w- c:\windows\PCHEALTH
2016-03-30 07:05 . 2016-03-30 07:08 -------- d-----w- c:\program files\Windows Live
2016-03-30 07:04 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2016-03-30 07:04 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2016-03-30 07:04 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2016-03-30 07:04 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2016-03-30 07:04 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2016-03-30 07:04 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2016-03-30 07:04 . 2016-03-30 07:04 -------- d-----w- c:\program files\Microsoft OneDrive
2016-03-30 07:04 . 2016-03-30 07:04 -------- d-----r- c:\users\musique\OneDrive
2016-03-30 07:03 . 2016-03-30 07:03 -------- d-----w- c:\programdata\Microsoft OneDrive
2016-03-30 07:02 . 2016-03-30 07:30 -------- d-----w- c:\users\musique\AppData\Local\Windows Live
2016-03-30 07:02 . 2016-03-30 07:02 -------- d-----w- c:\program files\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-23 13:53 . 2014-03-18 09:51 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-04-15 17:39 . 2014-03-18 11:58 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-04-15 17:39 . 2014-03-18 11:58 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-04-14 21:39 . 2012-07-17 12:37 24288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-03-17 07:39 . 2016-03-17 07:39 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{649E72B5-E6ED-4BC9-9A6D-635D10CE9068}\offreg.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-03-30 07:03 223432 ----a-w- c:\users\musique\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-03-30 07:03 223432 ----a-w- c:\users\musique\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-03-30 07:03 223432 ----a-w- c:\users\musique\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{21DF9D55-93C0-41E7-9932-54319AD24439}"="c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe" [2009-07-14 452608]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-03-11 6667992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-08-30 11672208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
eInstruction Device Manager.lnk - c:\program files\eInstruction\Device Manager\Launch.exe [2014-3-18 4912184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPublishingWizard"= 1 (0x1)
"NoWebServices"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42 286904 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contenu du dossier 'Tâches planifiées'
.
2016-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18 17:39]
.
2016-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-18 10:47]
.
2016-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-18 10:47]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
TCP: Interfaces\{49D86DF2-668B-411C-9DFB-86F12FA4B687}: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\musique\AppData\Roaming\Mozilla\Firefox\Profiles\ufykbhwd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
SafeBoot-AppXSvc
SafeBoot-ClipSvc
SafeBoot-TweakingRemoveSafeBoot
SafeBoot-WSService
MSConfigStartUp-Chromium - c:\users\musique\appdata\local\chromium\application\chrome.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1764289010-3462079764-291958604-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1764289010-3462079764-291958604-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Realtek\Audio\HDA\AERTSrv.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2016-04-23 17:52:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-04-23 15:52
.
Avant-CF: 197 878 157 312 octets libres
Après-CF: 197 461 544 960 octets libres
.
- - End Of File - - 4276C14241887EC32F0C253BDEAD867D
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité