Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-03-07.01 - Zerrouk 13/03/2016 21:51:57.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3067.1980 [GMT 1:00]
Lancé depuis: c:\users\Zerrouk\Downloads\Programs\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\0uj2ndol.exe
c:\program files\Common Files\332z1hn2.exe
c:\programdata\FrivLauncherUS.exe
c:\programdata\HomePage.exe
c:\programdata\LightGate.exe
c:\programdata\msiql.exe
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\programdata\service.exe
c:\programdata\Windows Update
c:\programdata\Windows Update\svrupg.exe
c:\programdata\Windows Update\tmp\carssn---.exe
c:\programdata\Windows Update\tmp\msdtabct.exe
c:\users\Zerrouk\AppData\Local\Zootechi.exe
c:\users\Zerrouk\AppData\Roaming\Inchcom.exe
c:\users\Zerrouk\AppData\Roaming\K-tam.bin
c:\users\Zerrouk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\notepad.lnk
c:\users\Zerrouk\AppData\Roaming\Stocksololab.exe
c:\windows\system32\config\systemprofile\AppData\Local\Trust Solstring
c:\windows\system32\config\systemprofile\AppData\Roaming\svrupg.exe
.
Une copie infectée de c:\windows\system32\Version.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_GoogleChromeUpService
-------\Service_GoogleChromeUpSvc
-------\Service_updatedown
-------\Service_GoogleChromeUpSvc
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-02-13 au 2016-03-13 ))))))))))))))))))))))))))))))))))))
.
.
2016-03-13 20:59 . 2016-03-13 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-13 20:30 . 2016-03-13 20:30 656048 ----a-w- c:\program files\Common Files\xignytnh.exe
2016-03-13 20:27 . 2016-03-13 20:28 -------- d-----w- c:\program files\AdwCleaner
2016-03-13 20:26 . 2016-03-13 20:26 -------- d-----w- c:\program files\Common Files\vxlzrsaz
2016-03-13 19:31 . 2016-03-13 19:31 2030214 ----a-w- c:\program files\Common Files\2k4jymgx.exe
2016-03-13 19:26 . 2016-03-13 19:26 -------- d-----w- c:\program files\Common Files\yxzxoero
2016-03-13 19:12 . 2016-03-13 19:12 3162371 ----a-w- c:\program files\Common Files\l2swa1ix.exe
2016-03-13 18:30 . 2016-03-13 18:30 3110167 ----a-w- c:\program files\Common Files\pg3qz1su.exe
2016-03-13 18:30 . 2016-03-13 18:30 224454 ----a-w- c:\program files\Common Files\onw21oei.exe
2016-03-13 18:26 . 2016-03-13 18:26 -------- d-----w- c:\program files\Common Files\tl5njbah
2016-03-13 17:38 . 2016-03-13 17:38 2266374 ----a-w- c:\program files\Common Files\qb4l5a0u.exe
2016-03-13 17:27 . 2016-03-13 17:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81F21FC8-2F6D-4505-AC50-D6D3F6D72906}\offreg.2300.dll
2016-03-12 19:12 . 2016-03-12 19:12 3170418 ----a-w- c:\program files\Common Files\bg2q05co.exe
2016-03-12 18:28 . 2016-03-12 18:28 3170418 ----a-w- c:\program files\Common Files\sn2wmtwb.exe
2016-03-12 18:16 . 2016-03-12 18:16 -------- d-----w- c:\program files\CCleaner
2016-03-12 16:10 . 2016-03-12 16:10 3170418 ----a-w- c:\program files\Common Files\hdsvf4kn.exe
2016-03-12 16:10 . 2016-03-12 16:10 911334 ----a-w- c:\program files\Common Files\uahfegy2.exe
2016-03-12 16:09 . 2016-03-12 16:09 3170418 ----a-w- c:\program files\Common Files\20kti4tq.exe
2016-03-11 22:03 . 2016-03-12 16:07 -------- d-----w- c:\programdata\MFAData
2016-03-11 21:44 . 2016-03-11 22:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg
2016-03-11 21:29 . 2016-03-12 16:07 -------- d-----w- c:\program files\AVG
2016-03-11 21:29 . 2016-03-11 21:29 -------- d--h--w- c:\programdata\Common Files
2016-03-11 21:29 . 2016-03-11 22:00 -------- d-----w- c:\programdata\Avg
2016-03-11 20:28 . 2016-03-11 20:29 -------- d-----w- c:\program files\Qualcomm Atheros
2016-03-11 20:28 . 2014-08-11 01:24 3270144 ----a-w- c:\windows\system32\drivers\athr.sys
2016-03-11 20:27 . 2016-03-11 20:27 -------- d-----w- c:\windows\Options
2016-03-11 20:27 . 2009-06-19 14:57 604672 ----a-w- c:\windows\system32\netr28.sys
2016-03-11 09:06 . 2016-03-11 09:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81F21FC8-2F6D-4505-AC50-D6D3F6D72906}\offreg.3448.dll
2016-03-10 20:43 . 2016-03-10 20:43 3148709 ----a-w- c:\program files\Common Files\sb2lmxmi.exe
2016-03-10 18:29 . 2016-03-10 18:29 3148709 ----a-w- c:\program files\Common Files\nainpmx5.exe
2016-03-10 18:26 . 2016-03-10 18:26 -------- d-----w- c:\program files\Common Files\mb1spwvx
2016-03-10 15:15 . 2016-03-10 15:15 3160391 ----a-w- c:\program files\Common Files\xzkd1oxv.exe
2016-03-10 15:12 . 2016-03-10 15:12 -------- d-----w- c:\program files\Common Files\ouf5wwpn
2016-03-10 11:40 . 2016-03-10 11:40 3143087 ----a-w- c:\program files\Common Files\ticwrjts.exe
2016-03-10 11:38 . 2016-03-10 11:38 -------- d-----w- c:\program files\Common Files\welehiqr
2016-03-10 10:24 . 2016-03-10 10:24 3145881 ----a-w- c:\program files\Common Files\fjyaczel.exe
2016-03-10 10:20 . 2016-03-10 10:20 -------- d-----w- c:\program files\Common Files\ix3zaiod
2016-03-09 18:15 . 2016-03-09 18:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2016-03-09 18:15 . 2016-03-09 18:15 -------- d-----r- c:\windows\system32\config\systemprofile\Virtual Machines
2016-03-08 17:11 . 2016-03-08 17:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Baidu
2016-03-08 17:11 . 2016-03-08 17:11 -------- d-----w- c:\program files\Common Files\Baidu
2016-03-08 17:11 . 2016-03-08 17:11 -------- d-----w- c:\program files\Baidu
2016-03-08 17:05 . 2016-03-08 17:06 -------- d-----w- c:\program files\MTV20160128
2016-03-07 20:24 . 2016-03-09 18:14 -------- d-----w- c:\programdata\serfe
2016-03-07 20:03 . 2016-03-07 20:03 -------- d-----w- c:\program files\Launch Manager
2016-03-07 20:03 . 2009-09-09 12:41 348680 ----a-w- c:\windows\UNINST32.EXE
2016-03-07 20:03 . 2009-03-26 10:14 21000 ----a-w- c:\windows\system32\drivers\DKbFltr.sys
2016-03-07 19:54 . 2016-03-07 19:54 -------- d-----w- c:\program files\Acer
2016-03-07 19:54 . 2016-03-07 19:53 200704 ----a-w- c:\windows\PLFSetI.exe
2016-03-07 19:54 . 2008-09-09 18:02 106496 ----a-w- c:\windows\FixUVC.exe
2016-03-07 19:50 . 2016-03-07 19:50 -------- d-----w- c:\program files\DIFX
2016-03-06 21:01 . 2016-03-06 21:01 -------- d-----w- c:\program files\Common Files\Skype
2016-03-06 21:01 . 2016-03-06 21:04 -------- d-----r- c:\program files\Skype
2016-03-06 21:01 . 2016-03-06 21:01 -------- d-----w- c:\programdata\Skype
2016-03-06 19:50 . 2016-03-08 18:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2016-03-06 19:27 . 2016-03-06 19:27 -------- d-----w- c:\programdata\IDM
2016-03-06 19:27 . 2016-03-06 19:27 -------- d-----w- c:\program files\Internet Download Manager
2016-03-06 19:10 . 2016-03-06 19:10 3292864 ----a-w- c:\program files\Common Files\5djtxjbs.exe
2016-03-06 19:00 . 2016-03-06 19:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81F21FC8-2F6D-4505-AC50-D6D3F6D72906}\offreg.940.dll
2016-03-04 19:43 . 2016-03-11 20:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2016-03-04 19:29 . 2016-03-09 18:14 -------- d-----w- c:\programdata\WindowsMsg
2016-03-04 19:29 . 2016-03-09 18:14 -------- d-----w- c:\program files\osTip
2016-03-04 19:20 . 2016-03-04 19:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\LightGate
2016-03-04 19:19 . 2016-03-04 19:19 -------- d-----w- c:\program files\SFK
2016-03-04 19:18 . 2016-03-08 21:56 -------- d-----w- c:\programdata\Baidu
2016-03-04 19:09 . 2016-03-04 19:09 -------- d-----w- c:\program files\Common Files\c5n0xt10
2016-03-04 13:08 . 2016-03-04 13:08 -------- d-----w- c:\program files\Winsere
2016-03-04 13:08 . 2016-03-04 13:08 -------- d-----w- C:\extensions
2016-03-04 13:08 . 2016-03-04 13:08 -------- d-----w- c:\program files\WinTaske
2016-03-04 13:07 . 2016-03-04 19:09 -------- d-----w- c:\program files\REACHit
2016-03-04 13:06 . 2016-03-13 19:27 -------- d-----w- c:\program files\0002C023-1457096790-DF11-BB51-D6ED630F5224
2016-03-03 21:27 . 2016-03-11 21:33 -------- d-----w- c:\program files\Opera
2016-03-03 18:54 . 2015-12-16 09:15 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81F21FC8-2F6D-4505-AC50-D6D3F6D72906}\mpengine.dll
2016-03-03 18:54 . 2015-12-02 12:25 247976 ------w- c:\windows\system32\MpSigStub.exe
2016-03-03 16:17 . 2016-03-03 16:18 -------- d-----w- c:\programdata\Holdtams
2016-03-03 16:17 . 2016-03-03 16:17 -------- d-----w- c:\programdata\LuckyBrowse
2016-03-03 16:17 . 2016-03-03 16:17 -------- d-----w- c:\program files\LuckyBrowse
2016-03-03 16:17 . 2016-03-03 16:17 -------- d-----w- c:\programdata\CloudPrinter
2016-03-03 16:12 . 2016-03-04 13:04 -------- d-----w- c:\program files\Windows 7 Activator
2016-03-03 16:06 . 2016-03-03 16:06 -------- d-----w- c:\programdata\Qualcomm Atheros
2016-03-03 14:37 . 2016-03-03 14:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Intel
2016-03-03 14:37 . 2016-03-03 14:37 -------- d-----w- c:\users\Public\Roaming
2016-03-03 14:37 . 2016-03-03 14:37 -------- d-----w- c:\users\Default\Roaming
2016-03-02 20:43 . 2016-03-02 21:06 -------- d-----w- c:\program files\Google
2016-03-02 20:18 . 2009-06-18 19:07 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2016-03-02 20:18 . 2016-03-02 20:18 -------- d-----w- c:\programdata\Ralink
2016-03-02 20:09 . 2016-03-03 14:37 -------- d-----w- c:\program files\Intel
2016-03-02 19:55 . 1998-06-17 17:07 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
2016-03-02 19:55 . 2016-03-03 16:23 -------- d-----w- c:\program files\Atheros
2016-03-02 19:55 . 2016-03-11 20:27 -------- d-----w- C:\temp
2016-03-02 19:52 . 2016-03-12 18:12 -------- d-sh--w- c:\windows\Installer
2016-03-02 06:06 . 2016-03-12 18:20 -------- d-----w- c:\windows\Panther
2016-03-01 21:19 . 2016-03-13 17:33 -------- d-----w- c:\windows\system32\wbem\Performance
2016-03-01 21:09 . 2016-03-01 21:09 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-28 09:20 . 2016-02-11 14:26 134248 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 12:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-08-04 3907152]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2016-02-10 50599552]
"BingSvc"="c:\users\Zerrouk\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2016-03-07 144008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cessrs.exe -start"="c:\users\Zerrouk\AppData\Roaming\UPUpdata\cessrs.exe" [2016-03-04 155648]
"PLFSetI"="c:\windows\PLFSetI.exe" [2016-03-07 200704]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"MTview"="c:\program files\MTV20160128\MTView.exe" [2016-01-26 1877512]
"AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2016-02-18 179624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [2016-02-18 865704]
R2 ggbugreport;ggbugreport;c:\program files\SearchesToYesbnd\bugreport.exe {154DFF63-3402-4815-941A-AAD63AE8B428} [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R2 Winsere;Winsere;c:\program files\Winsere\Winsere\Winsere.exe {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [x]
R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2009-07-30 56320]
R4 serfe;serfe;c:\programdata\\serfe\\serfe.exe [2016-03-07 529408]
R4 SSFK;SSFK;c:\program files\SFK\SSFK.exe [2016-03-04 359616]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-01-08 1433216]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-01-08 1773696]
S2 CloudPrinter;CloudPrinter;c:\programdata\\CloudPrinter\\CloudPrinter.exe [2016-03-03 764416]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-01-28 134248]
S2 REACHit;REACHit;c:\program files\REACHit\REACHit.exe [2016-03-04 382976]
S2 xyqujowizbt;Watermark Plug And Play;c:\program files\0002C023-1457096790-DF11-BB51-D6ED630F5224\knsp88F9.tmp [2016-03-13 185344]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-02 21:06 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-03-02 20:43]
.
2016-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-03-02 20:43]
.
.
------- Examen supplémentaire -------
.
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Zerrouk\AppData\Roaming\Mozilla\Firefox\Profiles\3ndnxvfp.default\
FF - prefs.js: browser.search.selectedEngine - Palikan
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-msiql - c:\programdata\msiql.exe
HKLM-Run-LightGate - c:\programdata\lightgate.exe
HKLM-Run-HomePageHelper - c:\programdata\homepage.exe
AddRemove-AppHelper - c:\users\Zerrouk\AppData\Local\Temp\un.exe
AddRemove-PopupProduct - c:\users\Zerrouk\AppData\Local\0002C023-1457902777-DF11-BB51-D6ED630F5224\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xyqujowizbt]
"ImagePath"="c:\program files\0002C023-1457096790-DF11-BB51-D6ED630F5224\knsp88F9.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\programdata\CloudPrinter\CloudPrinter.exe
c:\program files\REACHit\packages\922a6d51-fe88-4711-9624-68a5c27eaafb\amdide.exe
c:\windows\system32\taskhost.exe
c:\program files\LuckyBrowse\app\luckybrowse.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2016-03-13 22:03:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-03-13 21:03
.
Avant-CF: 229 825 196 032 octets libres
Après-CF: 229 440 225 280 octets libres
.
- - End Of File - - FAFFFE1B7E967893D2460DBA39DDCD61
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.3067.1980 [GMT 1:00]
Lancé depuis: c:\users\Zerrouk\Downloads\Programs\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\0uj2ndol.exe
c:\program files\Common Files\332z1hn2.exe
c:\programdata\FrivLauncherUS.exe
c:\programdata\HomePage.exe
c:\programdata\LightGate.exe
c:\programdata\msiql.exe
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\programdata\service.exe
c:\programdata\Windows Update
c:\programdata\Windows Update\svrupg.exe
c:\programdata\Windows Update\tmp\carssn---.exe
c:\programdata\Windows Update\tmp\msdtabct.exe
c:\users\Zerrouk\AppData\Local\Zootechi.exe
c:\users\Zerrouk\AppData\Roaming\Inchcom.exe
c:\users\Zerrouk\AppData\Roaming\K-tam.bin
c:\users\Zerrouk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\notepad.lnk
c:\users\Zerrouk\AppData\Roaming\Stocksololab.exe
c:\windows\system32\config\systemprofile\AppData\Local\Trust Solstring
c:\windows\system32\config\systemprofile\AppData\Roaming\svrupg.exe
.
Une copie infectée de c:\windows\system32\Version.dll a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_GoogleChromeUpService
-------\Service_GoogleChromeUpSvc
-------\Service_updatedown
-------\Service_GoogleChromeUpSvc
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-02-13 au 2016-03-13 ))))))))))))))))))))))))))))))))))))
.
.
2016-03-13 20:59 . 2016-03-13 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-13 20:30 . 2016-03-13 20:30 656048 ----a-w- c:\program files\Common Files\xignytnh.exe
2016-03-13 20:27 . 2016-03-13 20:28 -------- d-----w- c:\program files\AdwCleaner
2016-03-13 20:26 . 2016-03-13 20:26 -------- d-----w- c:\program files\Common Files\vxlzrsaz
2016-03-13 19:31 . 2016-03-13 19:31 2030214 ----a-w- c:\program files\Common Files\2k4jymgx.exe
2016-03-13 19:26 . 2016-03-13 19:26 -------- d-----w- c:\program files\Common Files\yxzxoero
2016-03-13 19:12 . 2016-03-13 19:12 3162371 ----a-w- c:\program files\Common Files\l2swa1ix.exe
2016-03-13 18:30 . 2016-03-13 18:30 3110167 ----a-w- c:\program files\Common Files\pg3qz1su.exe
2016-03-13 18:30 . 2016-03-13 18:30 224454 ----a-w- c:\program files\Common Files\onw21oei.exe
2016-03-13 18:26 . 2016-03-13 18:26 -------- d-----w- c:\program files\Common Files\tl5njbah
2016-03-13 17:38 . 2016-03-13 17:38 2266374 ----a-w- c:\program files\Common Files\qb4l5a0u.exe
2016-03-13 17:27 . 2016-03-13 17:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81F21FC8-2F6D-4505-AC50-D6D3F6D72906}\offreg.2300.dll
2016-03-12 19:12 . 2016-03-12 19:12 3170418 ----a-w- c:\program files\Common Files\bg2q05co.exe
2016-03-12 18:28 . 2016-03-12 18:28 3170418 ----a-w- c:\program files\Common Files\sn2wmtwb.exe
2016-03-12 18:16 . 2016-03-12 18:16 -------- d-----w- c:\program files\CCleaner
2016-03-12 16:10 . 2016-03-12 16:10 3170418 ----a-w- c:\program files\Common Files\hdsvf4kn.exe
2016-03-12 16:10 . 2016-03-12 16:10 911334 ----a-w- c:\program files\Common Files\uahfegy2.exe
2016-03-12 16:09 . 2016-03-12 16:09 3170418 ----a-w- c:\program files\Common Files\20kti4tq.exe
2016-03-11 22:03 . 2016-03-12 16:07 -------- d-----w- c:\programdata\MFAData
2016-03-11 21:44 . 2016-03-11 22:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg
2016-03-11 21:29 . 2016-03-12 16:07 -------- d-----w- c:\program files\AVG
2016-03-11 21:29 . 2016-03-11 21:29 -------- d--h--w- c:\programdata\Common Files
2016-03-11 21:29 . 2016-03-11 22:00 -------- d-----w- c:\programdata\Avg
2016-03-11 20:28 . 2016-03-11 20:29 -------- d-----w- c:\program files\Qualcomm Atheros
2016-03-11 20:28 . 2014-08-11 01:24 3270144 ----a-w- c:\windows\system32\drivers\athr.sys
2016-03-11 20:27 . 2016-03-11 20:27 -------- d-----w- c:\windows\Options
2016-03-11 20:27 . 2009-06-19 14:57 604672 ----a-w- c:\windows\system32\netr28.sys
2016-03-11 09:06 . 2016-03-11 09:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81F21FC8-2F6D-4505-AC50-D6D3F6D72906}\offreg.3448.dll
2016-03-10 20:43 . 2016-03-10 20:43 3148709 ----a-w- c:\program files\Common Files\sb2lmxmi.exe
2016-03-10 18:29 . 2016-03-10 18:29 3148709 ----a-w- c:\program files\Common Files\nainpmx5.exe
2016-03-10 18:26 . 2016-03-10 18:26 -------- d-----w- c:\program files\Common Files\mb1spwvx
2016-03-10 15:15 . 2016-03-10 15:15 3160391 ----a-w- c:\program files\Common Files\xzkd1oxv.exe
2016-03-10 15:12 . 2016-03-10 15:12 -------- d-----w- c:\program files\Common Files\ouf5wwpn
2016-03-10 11:40 . 2016-03-10 11:40 3143087 ----a-w- c:\program files\Common Files\ticwrjts.exe
2016-03-10 11:38 . 2016-03-10 11:38 -------- d-----w- c:\program files\Common Files\welehiqr
2016-03-10 10:24 . 2016-03-10 10:24 3145881 ----a-w- c:\program files\Common Files\fjyaczel.exe
2016-03-10 10:20 . 2016-03-10 10:20 -------- d-----w- c:\program files\Common Files\ix3zaiod
2016-03-09 18:15 . 2016-03-09 18:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2016-03-09 18:15 . 2016-03-09 18:15 -------- d-----r- c:\windows\system32\config\systemprofile\Virtual Machines
2016-03-08 17:11 . 2016-03-08 17:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Baidu
2016-03-08 17:11 . 2016-03-08 17:11 -------- d-----w- c:\program files\Common Files\Baidu
2016-03-08 17:11 . 2016-03-08 17:11 -------- d-----w- c:\program files\Baidu
2016-03-08 17:05 . 2016-03-08 17:06 -------- d-----w- c:\program files\MTV20160128
2016-03-07 20:24 . 2016-03-09 18:14 -------- d-----w- c:\programdata\serfe
2016-03-07 20:03 . 2016-03-07 20:03 -------- d-----w- c:\program files\Launch Manager
2016-03-07 20:03 . 2009-09-09 12:41 348680 ----a-w- c:\windows\UNINST32.EXE
2016-03-07 20:03 . 2009-03-26 10:14 21000 ----a-w- c:\windows\system32\drivers\DKbFltr.sys
2016-03-07 19:54 . 2016-03-07 19:54 -------- d-----w- c:\program files\Acer
2016-03-07 19:54 . 2016-03-07 19:53 200704 ----a-w- c:\windows\PLFSetI.exe
2016-03-07 19:54 . 2008-09-09 18:02 106496 ----a-w- c:\windows\FixUVC.exe
2016-03-07 19:50 . 2016-03-07 19:50 -------- d-----w- c:\program files\DIFX
2016-03-06 21:01 . 2016-03-06 21:01 -------- d-----w- c:\program files\Common Files\Skype
2016-03-06 21:01 . 2016-03-06 21:04 -------- d-----r- c:\program files\Skype
2016-03-06 21:01 . 2016-03-06 21:01 -------- d-----w- c:\programdata\Skype
2016-03-06 19:50 . 2016-03-08 18:47 -------- d-----w- c:\program files\Mozilla Maintenance Service
2016-03-06 19:27 . 2016-03-06 19:27 -------- d-----w- c:\programdata\IDM
2016-03-06 19:27 . 2016-03-06 19:27 -------- d-----w- c:\program files\Internet Download Manager
2016-03-06 19:10 . 2016-03-06 19:10 3292864 ----a-w- c:\program files\Common Files\5djtxjbs.exe
2016-03-06 19:00 . 2016-03-06 19:00 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81F21FC8-2F6D-4505-AC50-D6D3F6D72906}\offreg.940.dll
2016-03-04 19:43 . 2016-03-11 20:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2016-03-04 19:29 . 2016-03-09 18:14 -------- d-----w- c:\programdata\WindowsMsg
2016-03-04 19:29 . 2016-03-09 18:14 -------- d-----w- c:\program files\osTip
2016-03-04 19:20 . 2016-03-04 19:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\LightGate
2016-03-04 19:19 . 2016-03-04 19:19 -------- d-----w- c:\program files\SFK
2016-03-04 19:18 . 2016-03-08 21:56 -------- d-----w- c:\programdata\Baidu
2016-03-04 19:09 . 2016-03-04 19:09 -------- d-----w- c:\program files\Common Files\c5n0xt10
2016-03-04 13:08 . 2016-03-04 13:08 -------- d-----w- c:\program files\Winsere
2016-03-04 13:08 . 2016-03-04 13:08 -------- d-----w- C:\extensions
2016-03-04 13:08 . 2016-03-04 13:08 -------- d-----w- c:\program files\WinTaske
2016-03-04 13:07 . 2016-03-04 19:09 -------- d-----w- c:\program files\REACHit
2016-03-04 13:06 . 2016-03-13 19:27 -------- d-----w- c:\program files\0002C023-1457096790-DF11-BB51-D6ED630F5224
2016-03-03 21:27 . 2016-03-11 21:33 -------- d-----w- c:\program files\Opera
2016-03-03 18:54 . 2015-12-16 09:15 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81F21FC8-2F6D-4505-AC50-D6D3F6D72906}\mpengine.dll
2016-03-03 18:54 . 2015-12-02 12:25 247976 ------w- c:\windows\system32\MpSigStub.exe
2016-03-03 16:17 . 2016-03-03 16:18 -------- d-----w- c:\programdata\Holdtams
2016-03-03 16:17 . 2016-03-03 16:17 -------- d-----w- c:\programdata\LuckyBrowse
2016-03-03 16:17 . 2016-03-03 16:17 -------- d-----w- c:\program files\LuckyBrowse
2016-03-03 16:17 . 2016-03-03 16:17 -------- d-----w- c:\programdata\CloudPrinter
2016-03-03 16:12 . 2016-03-04 13:04 -------- d-----w- c:\program files\Windows 7 Activator
2016-03-03 16:06 . 2016-03-03 16:06 -------- d-----w- c:\programdata\Qualcomm Atheros
2016-03-03 14:37 . 2016-03-03 14:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Intel
2016-03-03 14:37 . 2016-03-03 14:37 -------- d-----w- c:\users\Public\Roaming
2016-03-03 14:37 . 2016-03-03 14:37 -------- d-----w- c:\users\Default\Roaming
2016-03-02 20:43 . 2016-03-02 21:06 -------- d-----w- c:\program files\Google
2016-03-02 20:18 . 2009-06-18 19:07 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2016-03-02 20:18 . 2016-03-02 20:18 -------- d-----w- c:\programdata\Ralink
2016-03-02 20:09 . 2016-03-03 14:37 -------- d-----w- c:\program files\Intel
2016-03-02 19:55 . 1998-06-17 17:07 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
2016-03-02 19:55 . 2016-03-03 16:23 -------- d-----w- c:\program files\Atheros
2016-03-02 19:55 . 2016-03-11 20:27 -------- d-----w- C:\temp
2016-03-02 19:52 . 2016-03-12 18:12 -------- d-sh--w- c:\windows\Installer
2016-03-02 06:06 . 2016-03-12 18:20 -------- d-----w- c:\windows\Panther
2016-03-01 21:19 . 2016-03-13 17:33 -------- d-----w- c:\windows\system32\wbem\Performance
2016-03-01 21:09 . 2016-03-01 21:09 0 ----a-w- c:\windows\ativpsrm.bin
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-28 09:20 . 2016-02-11 14:26 134248 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 12:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-08-04 3907152]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2016-02-10 50599552]
"BingSvc"="c:\users\Zerrouk\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2016-03-07 144008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cessrs.exe -start"="c:\users\Zerrouk\AppData\Roaming\UPUpdata\cessrs.exe" [2016-03-04 155648]
"PLFSetI"="c:\windows\PLFSetI.exe" [2016-03-07 200704]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"MTview"="c:\program files\MTV20160128\MTView.exe" [2016-01-26 1877512]
"AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2016-02-18 179624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [2016-02-18 865704]
R2 ggbugreport;ggbugreport;c:\program files\SearchesToYesbnd\bugreport.exe {154DFF63-3402-4815-941A-AAD63AE8B428} [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-07-09 327296]
R2 Winsere;Winsere;c:\program files\Winsere\Winsere\Winsere.exe {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [x]
R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2009-07-30 56320]
R4 serfe;serfe;c:\programdata\\serfe\\serfe.exe [2016-03-07 529408]
R4 SSFK;SSFK;c:\program files\SFK\SSFK.exe [2016-03-04 359616]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-01-08 1433216]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-01-08 1773696]
S2 CloudPrinter;CloudPrinter;c:\programdata\\CloudPrinter\\CloudPrinter.exe [2016-03-03 764416]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-01-28 134248]
S2 REACHit;REACHit;c:\program files\REACHit\REACHit.exe [2016-03-04 382976]
S2 xyqujowizbt;Watermark Plug And Play;c:\program files\0002C023-1457096790-DF11-BB51-D6ED630F5224\knsp88F9.tmp [2016-03-13 185344]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-02 21:06 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-03-02 20:43]
.
2016-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-03-02 20:43]
.
.
------- Examen supplémentaire -------
.
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec Internet Download Manager - c:\program files\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Zerrouk\AppData\Roaming\Mozilla\Firefox\Profiles\3ndnxvfp.default\
FF - prefs.js: browser.search.selectedEngine - Palikan
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-msiql - c:\programdata\msiql.exe
HKLM-Run-LightGate - c:\programdata\lightgate.exe
HKLM-Run-HomePageHelper - c:\programdata\homepage.exe
AddRemove-AppHelper - c:\users\Zerrouk\AppData\Local\Temp\un.exe
AddRemove-PopupProduct - c:\users\Zerrouk\AppData\Local\0002C023-1457902777-DF11-BB51-D6ED630F5224\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xyqujowizbt]
"ImagePath"="c:\program files\0002C023-1457096790-DF11-BB51-D6ED630F5224\knsp88F9.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\programdata\CloudPrinter\CloudPrinter.exe
c:\program files\REACHit\packages\922a6d51-fe88-4711-9624-68a5c27eaafb\amdide.exe
c:\windows\system32\taskhost.exe
c:\program files\LuckyBrowse\app\luckybrowse.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2016-03-13 22:03:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2016-03-13 21:03
.
Avant-CF: 229 825 196 032 octets libres
Après-CF: 229 440 225 280 octets libres
.
- - End Of File - - FAFFFE1B7E967893D2460DBA39DDCD61
A36C5E4F47E84449FF07ED3517B43A31