Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 16-08-10.01 - chawki 14/08/2016 14:14:31.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.2046.1417 [GMT 2:00]
Lancé depuis: c:\users\chawki\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\_metadata\computed_hashes.json
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\_metadata\verified_contents.json
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\icons\128x128.png
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\icons\16x16.png
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\icons\512x512.png
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\icons\64x64.png
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\icons\favicon.ico
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\js\background.js
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\js\site.js
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\manifest.json
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_feeilhmlfcpfchpbgoknoeefdkbgionj_0.localstorage-journal
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_feeilhmlfcpfchpbgoknoeefdkbgionj_0.localstorage
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\chawki\AppData\Roaming\Inchtech.exe
c:\users\chawki\AppData\Roaming\Voyabam.exe
c:\users\chawki\AppData\Roaming\Whitetech.bin
c:\users\chawki\AppData\Roaming\Zerhold.bin
c:\windows\run.vbs
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-07-14 au 2016-08-14 ))))))))))))))))))))))))))))))))))))
.
.
2016-08-14 12:27 . 2016-08-14 12:27 -------- d-----w- c:\users\chawki\AppData\Local\temp
2016-08-14 12:27 . 2016-08-14 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-08-12 15:58 . 2016-08-12 15:58 -------- d-----w- c:\program files\iPod
2016-08-12 15:58 . 2016-08-12 15:58 -------- d-----w- c:\program files\iTunes
2016-08-12 15:34 . 2016-08-12 15:34 -------- d-----w- c:\programdata\FonePaw
2016-08-12 15:34 . 2016-08-12 15:34 -------- d-----w- c:\program files\FonePaw
2016-08-12 14:50 . 2016-08-12 15:35 -------- d-----w- c:\users\chawki\AppData\Local\FonePaw
2016-08-12 00:59 . 2015-09-14 12:03 38520 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2016-08-12 00:59 . 2016-08-12 00:59 -------- d-----w- c:\program files\Panda Security
2016-08-12 00:09 . 2016-08-12 00:09 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-08-12 00:09 . 2016-08-12 00:09 -------- d-----w- c:\programdata\RogueKiller
2016-08-11 14:20 . 2016-08-11 14:20 -------- d-----w- c:\users\chawki\AppData\Local\UCBrowser
2016-08-11 14:20 . 2016-08-02 06:55 72064 ----a-w- c:\windows\system32\drivers\ucguard.sys
2016-08-11 14:20 . 2016-08-11 15:29 -------- d-----w- c:\program files\UCBrowser
2016-08-11 14:19 . 2016-08-11 14:19 -------- d--h--w- c:\program files\r5z4A0C
2016-08-11 14:19 . 2016-08-11 14:19 -------- d-----w- c:\program files\SoEasySvc
2016-08-11 14:18 . 2016-08-11 14:19 -------- d-----w- c:\users\chawki\AppData\Roaming\Profiles
2016-08-11 14:18 . 2016-08-11 14:19 -------- d-----w- c:\users\chawki\AppData\Local\bumosyreoqeentdrhge
2016-08-11 14:17 . 2016-08-13 00:50 -------- d-----w- c:\program files\Rafucult
2016-08-11 14:13 . 2016-08-12 00:45 -------- d-----w- c:\users\chawki\AppData\Local\app
2016-08-11 14:12 . 2016-08-11 14:12 -------- d-----w- c:\program files\sbqh
2016-08-11 14:09 . 2016-08-11 14:09 -------- d-----w- c:\program files\Common Files\Hotflex
2016-08-11 13:33 . 2016-08-12 14:13 -------- d-----w- c:\users\chawki\AppData\Roaming\WindSolutions
2016-08-11 13:33 . 2016-08-11 13:37 -------- d-----w- c:\programdata\WindSolutions
2016-08-11 08:46 . 2016-08-11 08:46 -------- d-----w- c:\users\chawki\AppData\Local\Apple Computer
2016-08-11 08:46 . 2016-08-11 13:28 -------- d-----w- c:\users\chawki\AppData\Roaming\Apple Computer
2016-08-11 08:46 . 2016-08-11 08:46 -------- d-----w- c:\programdata\Apple Computer
2016-08-11 08:45 . 2016-08-11 08:45 -------- d-----w- c:\users\chawki\AppData\Local\Apple
2016-08-11 08:45 . 2016-08-11 08:45 -------- d-----w- c:\program files\Apple Software Update
2016-08-11 08:44 . 2016-08-11 08:44 -------- d-----w- c:\program files\Bonjour
2016-08-11 08:44 . 2016-08-12 15:58 -------- d-----w- c:\program files\Common Files\Apple
2016-08-11 08:44 . 2016-08-11 08:45 -------- d-----w- c:\programdata\Apple
2016-08-11 01:47 . 2016-08-11 01:47 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.1340.dll
2016-07-21 01:36 . 2016-07-21 01:36 -------- d-----w- c:\users\chawki\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-10 20:23 . 2016-02-16 01:42 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-08-10 20:23 . 2016-02-16 01:42 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-07-12 00:29 . 2016-07-12 00:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.268.dll
2016-07-10 00:41 . 2016-07-10 00:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.2512.dll
2016-07-05 00:22 . 2016-07-05 00:22 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.1484.dll
2016-07-03 00:14 . 2016-07-03 00:14 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.3960.dll
2016-07-02 00:17 . 2016-07-02 00:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.872.dll
2016-07-01 00:18 . 2016-07-01 00:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.3660.dll
2016-06-30 01:23 . 2016-06-30 01:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.1996.dll
2016-06-24 02:59 . 2016-06-24 02:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.924.dll
2016-06-21 02:48 . 2016-06-21 02:48 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.3428.dll
2016-06-18 02:01 . 2016-06-18 02:01 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.2604.dll
2016-06-15 01:12 . 2016-06-10 01:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.2476.dll
2016-06-14 02:40 . 2016-06-14 02:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.2528.dll
2016-06-12 00:28 . 2016-06-12 00:28 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.2584.dll
2016-06-11 00:09 . 2016-06-11 00:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.3340.dll
2016-06-10 02:41 . 2016-06-10 02:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.3812.dll
2016-06-07 02:36 . 2016-06-07 02:36 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.1024.dll
2016-06-02 00:20 . 2016-06-02 00:20 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.832.dll
2016-05-25 00:35 . 2016-05-25 00:35 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.1908.dll
.
[code]
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Tonec Inc." [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ComputerZ-Tray"="c:\program files\LuDaShi\ComputerZTray.exe" [2016-07-21 2949032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-03-10 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"apphide"="c:\program files\sbqh\uc.exe" [2016-08-02 233520]
"FonePaw iPhone Data RecoveryAppService"="c:\program files\FonePaw\FonePaw iPhone Data Recovery\AppService.exe" [2015-08-14 79464]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-07-26 164152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2016-02-15 280576]
.
c:\users\chawki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SystemSettings.exe.tmp [2016-8-12 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 CidighdosaModuleGjg.exe;Cidighdosa Module;c:\program files\Rafucult\CidighdosaModuleGjg.exe {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-02-16 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 UCGuard;UCGuard;c:\windows\system32\DRIVERS\ucguard.sys [2016-08-02 72064]
S2 ComputerZLock;ComputerZLock;c:\program files\LuDaShi\ComputerZLock.sys [2016-05-19 40168]
S2 HpSvc;Hardware Protection Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 KuaiZipDrive2;KuaiZipDrive2;c:\windows\system32\drivers\KuaiZipDrive2.sys [2016-08-11 68368]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2012-06-19 1646608]
S2 SoEasySvc;SoEasySvc;c:\program files\SoEasySvc\SoEasySvc.exe {8DE54EC4-2DF3-4F56-9F19-EBC2BDF2FF59} [x]
S3 ComputerZ;ComputerZ;c:\program files\LuDaShi\ComputerZ.sys [2016-06-27 47616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
kuaizip2updatesvc REG_MULTI_SZ Kuaizip Update Checker
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
HpSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-08-08 22:24 1262408 ----a-w- c:\program files\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-05-12 18:05]
.
2016-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-05-12 18:05]
.
2016-08-14 c:\windows\Tasks\UCBrowserUpdater.job
- c:\program files\UCBrowser\Application\update_task.exe [2016-08-11 06:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2TlPbfGRogFokxBZm9hvK3Km0sRIjmP4t2BP3BBglHuDQbEyQf7RtWWZ8mbiPDICSZv7pPZXXtQlH5hWTi1cKuXppt7ieR-DUtWQra1pf5AePM5r-GsrlAKY0bMIp-Y-M5WPvhzW5g8qf8IxjdQwVYLQ4Bjquuq0_o4yPgVQ,,
uInternet Settings,ProxyOverride = *.local
IE: Télécharger avec IDM - c:\program files\Tonec Inc., Copyright © 1999 - 2015\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Tonec Inc., Copyright © 1999 - 2015\Internet Download Manager\IEGetAll.htm
LSP: chtbrkg.dll
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - c:\users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\pe4jzj4g.default\
FF - prefs.js: browser.startup.homepage - c:\programdata\Quoteexs\ff.HP
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - c:\users\chawki\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - c:\users\chawki\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - c:\users\chawki\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} - c:\program files\KuaiZip\X86\KZipShell.dll
AddRemove-DriverEasy_is1 - c:\program files\Easeware\DriverEasy\unins000.exe
AddRemove-Internet Download Manager 6, 25, 2, 2 - c:\program files\Tonec Inc.
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1525682710-1008469388-749619866-1001_Classes\CLSID\{4b1259a3-3815-4c42-91c7-b9ece31f14b6}]
@Denied: (Full) (Everyone)
.
[HKEY_USERS\S-1-5-21-1525682710-1008469388-749619866-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):67,46,9c,5f,1d,20,57,4f,05,d1,20,6c,bc,13,1e,93,69,e5,fa,dc,06,
3a,37,2d,5e,86,a6,c7,35,60,35,3d,65,c7,87,fa,90,3f,83,ab,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2016-08-14 14:28:48
ComboFix-quarantined-files.txt 2016-08-14 12:28
.
Avant-CF: 240 407 306 240 octets libres
Après-CF: 240 388 931 584 octets libres
.
- - End Of File - - ADBFC41B7BF988A6A2EE35C7563E158A
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Édition Intégrale 6.1.7601.1.1252.33.1036.18.2046.1417 [GMT 2:00]
Lancé depuis: c:\users\chawki\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\_metadata\computed_hashes.json
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\_metadata\verified_contents.json
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\icons\128x128.png
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\icons\16x16.png
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\icons\512x512.png
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\icons\64x64.png
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\icons\favicon.ico
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\js\background.js
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\js\site.js
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj\1.0.0_0\manifest.json
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_feeilhmlfcpfchpbgoknoeefdkbgionj_0.localstorage-journal
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_feeilhmlfcpfchpbgoknoeefdkbgionj_0.localstorage
c:\users\chawki\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\chawki\AppData\Roaming\Inchtech.exe
c:\users\chawki\AppData\Roaming\Voyabam.exe
c:\users\chawki\AppData\Roaming\Whitetech.bin
c:\users\chawki\AppData\Roaming\Zerhold.bin
c:\windows\run.vbs
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2016-07-14 au 2016-08-14 ))))))))))))))))))))))))))))))))))))
.
.
2016-08-14 12:27 . 2016-08-14 12:27 -------- d-----w- c:\users\chawki\AppData\Local\temp
2016-08-14 12:27 . 2016-08-14 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-08-12 15:58 . 2016-08-12 15:58 -------- d-----w- c:\program files\iPod
2016-08-12 15:58 . 2016-08-12 15:58 -------- d-----w- c:\program files\iTunes
2016-08-12 15:34 . 2016-08-12 15:34 -------- d-----w- c:\programdata\FonePaw
2016-08-12 15:34 . 2016-08-12 15:34 -------- d-----w- c:\program files\FonePaw
2016-08-12 14:50 . 2016-08-12 15:35 -------- d-----w- c:\users\chawki\AppData\Local\FonePaw
2016-08-12 00:59 . 2015-09-14 12:03 38520 ----a-w- c:\windows\system32\drivers\DasPtct.SYS
2016-08-12 00:59 . 2016-08-12 00:59 -------- d-----w- c:\program files\Panda Security
2016-08-12 00:09 . 2016-08-12 00:09 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-08-12 00:09 . 2016-08-12 00:09 -------- d-----w- c:\programdata\RogueKiller
2016-08-11 14:20 . 2016-08-11 14:20 -------- d-----w- c:\users\chawki\AppData\Local\UCBrowser
2016-08-11 14:20 . 2016-08-02 06:55 72064 ----a-w- c:\windows\system32\drivers\ucguard.sys
2016-08-11 14:20 . 2016-08-11 15:29 -------- d-----w- c:\program files\UCBrowser
2016-08-11 14:19 . 2016-08-11 14:19 -------- d--h--w- c:\program files\r5z4A0C
2016-08-11 14:19 . 2016-08-11 14:19 -------- d-----w- c:\program files\SoEasySvc
2016-08-11 14:18 . 2016-08-11 14:19 -------- d-----w- c:\users\chawki\AppData\Roaming\Profiles
2016-08-11 14:18 . 2016-08-11 14:19 -------- d-----w- c:\users\chawki\AppData\Local\bumosyreoqeentdrhge
2016-08-11 14:17 . 2016-08-13 00:50 -------- d-----w- c:\program files\Rafucult
2016-08-11 14:13 . 2016-08-12 00:45 -------- d-----w- c:\users\chawki\AppData\Local\app
2016-08-11 14:12 . 2016-08-11 14:12 -------- d-----w- c:\program files\sbqh
2016-08-11 14:09 . 2016-08-11 14:09 -------- d-----w- c:\program files\Common Files\Hotflex
2016-08-11 13:33 . 2016-08-12 14:13 -------- d-----w- c:\users\chawki\AppData\Roaming\WindSolutions
2016-08-11 13:33 . 2016-08-11 13:37 -------- d-----w- c:\programdata\WindSolutions
2016-08-11 08:46 . 2016-08-11 08:46 -------- d-----w- c:\users\chawki\AppData\Local\Apple Computer
2016-08-11 08:46 . 2016-08-11 13:28 -------- d-----w- c:\users\chawki\AppData\Roaming\Apple Computer
2016-08-11 08:46 . 2016-08-11 08:46 -------- d-----w- c:\programdata\Apple Computer
2016-08-11 08:45 . 2016-08-11 08:45 -------- d-----w- c:\users\chawki\AppData\Local\Apple
2016-08-11 08:45 . 2016-08-11 08:45 -------- d-----w- c:\program files\Apple Software Update
2016-08-11 08:44 . 2016-08-11 08:44 -------- d-----w- c:\program files\Bonjour
2016-08-11 08:44 . 2016-08-12 15:58 -------- d-----w- c:\program files\Common Files\Apple
2016-08-11 08:44 . 2016-08-11 08:45 -------- d-----w- c:\programdata\Apple
2016-08-11 01:47 . 2016-08-11 01:47 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.1340.dll
2016-07-21 01:36 . 2016-07-21 01:36 -------- d-----w- c:\users\chawki\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-08-10 20:23 . 2016-02-16 01:42 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-08-10 20:23 . 2016-02-16 01:42 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-07-12 00:29 . 2016-07-12 00:29 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.268.dll
2016-07-10 00:41 . 2016-07-10 00:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.2512.dll
2016-07-05 00:22 . 2016-07-05 00:22 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.1484.dll
2016-07-03 00:14 . 2016-07-03 00:14 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.3960.dll
2016-07-02 00:17 . 2016-07-02 00:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.872.dll
2016-07-01 00:18 . 2016-07-01 00:18 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.3660.dll
2016-06-30 01:23 . 2016-06-30 01:23 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.1996.dll
2016-06-24 02:59 . 2016-06-24 02:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.924.dll
2016-06-21 02:48 . 2016-06-21 02:48 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.3428.dll
2016-06-18 02:01 . 2016-06-18 02:01 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.2604.dll
2016-06-15 01:12 . 2016-06-10 01:16 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.2476.dll
2016-06-14 02:40 . 2016-06-14 02:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.2528.dll
2016-06-12 00:28 . 2016-06-12 00:28 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.2584.dll
2016-06-11 00:09 . 2016-06-11 00:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.3340.dll
2016-06-10 02:41 . 2016-06-10 02:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.3812.dll
2016-06-07 02:36 . 2016-06-07 02:36 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.1024.dll
2016-06-02 00:20 . 2016-06-02 00:20 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.832.dll
2016-05-25 00:35 . 2016-05-25 00:35 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2323ADED-77C8-4503-BCE1-E4DDFFD3555D}\offreg.1908.dll
.
[code]
[/code]
c:\program files\Tonec Inc., Copyright © 1999 - 2015\Internet Download Manager\IDMan .exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Tonec Inc." [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ComputerZ-Tray"="c:\program files\LuDaShi\ComputerZTray.exe" [2016-07-21 2949032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-03-10 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"apphide"="c:\program files\sbqh\uc.exe" [2016-08-02 233520]
"FonePaw iPhone Data RecoveryAppService"="c:\program files\FonePaw\FonePaw iPhone Data Recovery\AppService.exe" [2015-08-14 79464]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-07-26 164152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2016-02-15 280576]
.
c:\users\chawki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SystemSettings.exe.tmp [2016-8-12 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 CidighdosaModuleGjg.exe;Cidighdosa Module;c:\program files\Rafucult\CidighdosaModuleGjg.exe {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-02-16 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 UCGuard;UCGuard;c:\windows\system32\DRIVERS\ucguard.sys [2016-08-02 72064]
S2 ComputerZLock;ComputerZLock;c:\program files\LuDaShi\ComputerZLock.sys [2016-05-19 40168]
S2 HpSvc;Hardware Protection Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 KuaiZipDrive2;KuaiZipDrive2;c:\windows\system32\drivers\KuaiZipDrive2.sys [2016-08-11 68368]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2012-06-19 1646608]
S2 SoEasySvc;SoEasySvc;c:\program files\SoEasySvc\SoEasySvc.exe {8DE54EC4-2DF3-4F56-9F19-EBC2BDF2FF59} [x]
S3 ComputerZ;ComputerZ;c:\program files\LuDaShi\ComputerZ.sys [2016-06-27 47616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
kuaizip2updatesvc REG_MULTI_SZ Kuaizip Update Checker
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
HpSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-08-08 22:24 1262408 ----a-w- c:\program files\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2016-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-05-12 18:05]
.
2016-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-05-12 18:05]
.
2016-08-14 c:\windows\Tasks\UCBrowserUpdater.job
- c:\program files\UCBrowser\Application\update_task.exe [2016-08-11 06:00]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2TlPbfGRogFokxBZm9hvK3Km0sRIjmP4t2BP3BBglHuDQbEyQf7RtWWZ8mbiPDICSZv7pPZXXtQlH5hWTi1cKuXppt7ieR-DUtWQra1pf5AePM5r-GsrlAKY0bMIp-Y-M5WPvhzW5g8qf8IxjdQwVYLQ4Bjquuq0_o4yPgVQ,,
uInternet Settings,ProxyOverride = *.local
IE: Télécharger avec IDM - c:\program files\Tonec Inc., Copyright © 1999 - 2015\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Tonec Inc., Copyright © 1999 - 2015\Internet Download Manager\IEGetAll.htm
LSP: chtbrkg.dll
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - c:\users\chawki\AppData\Roaming\Mozilla\Firefox\Profiles\pe4jzj4g.default\
FF - prefs.js: browser.startup.homepage - c:\programdata\Quoteexs\ff.HP
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - c:\users\chawki\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - c:\users\chawki\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - c:\users\chawki\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} - c:\program files\KuaiZip\X86\KZipShell.dll
AddRemove-DriverEasy_is1 - c:\program files\Easeware\DriverEasy\unins000.exe
AddRemove-Internet Download Manager 6, 25, 2, 2 - c:\program files\Tonec Inc.
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1525682710-1008469388-749619866-1001_Classes\CLSID\{4b1259a3-3815-4c42-91c7-b9ece31f14b6}]
@Denied: (Full) (Everyone)
.
[HKEY_USERS\S-1-5-21-1525682710-1008469388-749619866-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):67,46,9c,5f,1d,20,57,4f,05,d1,20,6c,bc,13,1e,93,69,e5,fa,dc,06,
3a,37,2d,5e,86,a6,c7,35,60,35,3d,65,c7,87,fa,90,3f,83,ab,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2016-08-14 14:28:48
ComboFix-quarantined-files.txt 2016-08-14 12:28
.
Avant-CF: 240 407 306 240 octets libres
Après-CF: 240 388 931 584 octets libres
.
- - End Of File - - ADBFC41B7BF988A6A2EE35C7563E158A
A36C5E4F47E84449FF07ED3517B43A31