ComboFix 17-08-04.01 - ChrisXav 07/08/2017 15:10:45.2.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.762 [GMT 2:00] Lancé depuis: c:\users\ChrisXav\Desktop\ComboFix.exe AV: Panda Free Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} SP: Panda Free Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb c:\windows\system32\DEBUG.log . . ((((((((((((((((((((((((((((( Fichiers créés du 2017-07-07 au 2017-08-07 )))))))))))))))))))))))))))))))))))) . . 2017-08-07 13:35 . 2017-08-07 13:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2017-08-07 06:40 . 2015-05-22 08:45 50832 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2017-07-29 14:27 . 2017-07-29 16:07 -------- d-----w- C:\FRST 2017-07-24 17:27 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2017-07-24 17:27 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2017-07-24 17:27 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2017-07-24 17:27 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2017-07-24 17:27 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2017-07-24 17:27 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2017-07-24 17:27 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2017-07-24 17:26 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2017-07-24 17:26 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2017-07-23 17:18 . 2017-07-23 17:18 -------- d-----w- c:\windows\system32\ca-ES 2017-07-23 17:18 . 2017-07-23 17:18 -------- d-----w- c:\windows\system32\eu-ES 2017-07-23 17:18 . 2017-07-23 17:18 -------- d-----w- c:\windows\system32\vi-VN 2017-07-22 06:56 . 2017-07-22 06:57 -------- d-----w- c:\program files\Panda Security 2017-07-22 06:54 . 2017-07-22 06:57 -------- d-----w- c:\programdata\Panda Security 2017-07-21 19:46 . 2017-07-21 20:03 -------- d-----w- C:\AdwCleaner 2017-07-21 19:24 . 2017-07-21 19:24 -------- d-----w- c:\program files\AVAST Software 2017-07-16 07:46 . 2017-07-16 07:46 -------- d-----w- c:\windows\system32\EventProviders 2017-07-16 01:59 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2017-07-16 01:59 . 2009-03-14 00:44 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2017-07-16 01:59 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll 2017-07-16 01:59 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe 2017-07-16 01:57 . 2009-04-11 06:28 152576 ----a-w- c:\windows\system32\wbem\wmiprov.dll 2017-07-15 16:38 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2017-07-15 16:38 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2017-07-15 16:38 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll 2017-07-15 06:01 . 2017-07-15 06:01 -------- d-----w- c:\program files\Microsoft.NET 2017-07-15 06:00 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2017-07-15 06:00 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2017-07-15 06:00 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2017-07-15 06:00 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2017-07-15 06:00 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2017-07-15 05:47 . 2017-07-15 05:51 -------- d-----w- c:\windows\system32\MRT 2017-07-14 22:47 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2017-07-14 22:25 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2017-07-14 22:25 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2017-07-14 22:25 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2017-07-14 22:24 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2017-07-14 22:23 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2017-07-14 22:23 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2017-07-14 22:23 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll 2017-07-14 22:23 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2017-07-14 22:23 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2017-07-14 22:23 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2017-07-14 22:23 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2017-07-14 22:23 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2017-07-14 22:23 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE 2017-07-14 22:23 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe 2017-07-14 22:22 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll 2017-07-14 22:22 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll 2017-07-14 22:22 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe 2017-07-14 22:22 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll 2017-07-14 22:21 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll 2017-07-14 22:21 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2017-07-14 22:21 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2017-07-14 22:21 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2017-07-14 22:21 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2017-07-14 22:21 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2017-07-14 22:19 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs 2017-07-14 22:19 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll 2017-07-14 22:19 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll 2017-07-14 22:19 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll 2017-07-14 22:19 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll 2017-07-14 22:19 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe 2017-07-14 22:19 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll 2017-07-14 22:18 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2017-07-14 22:18 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2017-07-14 22:18 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll 2017-07-14 22:18 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2017-07-14 22:18 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2017-07-14 22:18 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll 2017-07-14 22:18 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll 2017-07-14 22:18 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll 2017-07-14 22:18 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2017-07-14 22:17 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2017-07-14 22:17 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2017-07-14 22:17 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll 2017-07-14 22:17 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll 2017-07-14 22:17 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll 2017-07-14 22:17 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll 2017-07-14 22:17 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll 2017-07-14 22:17 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys 2017-07-14 22:15 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll 2017-07-14 22:14 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll 2017-07-14 22:14 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2017-07-14 22:13 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll 2017-07-14 22:13 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll 2017-07-14 22:13 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2017-07-14 22:12 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2017-07-14 22:12 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2017-07-14 22:12 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2017-07-14 22:12 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2017-07-14 22:12 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2017-07-14 22:12 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll 2017-07-14 22:12 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll 2017-07-14 22:12 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2017-07-14 22:12 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll 2017-07-14 22:12 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe 2017-07-14 22:12 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll 2017-07-14 22:08 . 2010-01-21 15:05 62464 ----a-w- c:\windows\system32\l3codeca.acm 2017-07-14 22:08 . 2009-04-11 06:27 220672 ----a-w- c:\windows\system32\l3codecp.acm 2017-07-14 22:06 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2017-07-14 22:05 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll 2017-07-14 22:05 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll 2017-07-14 22:05 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll 2017-07-14 22:05 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2017-07-14 22:05 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll 2017-07-14 22:04 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2017-07-14 22:04 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll 2017-07-14 22:04 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll 2017-07-14 22:04 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll 2017-07-14 22:04 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2017-07-14 22:04 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll 2017-07-14 22:04 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll 2017-07-14 22:04 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll 2017-07-14 22:04 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll 2017-07-14 22:04 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll 2017-07-14 22:04 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2017-07-14 22:03 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2017-07-14 22:02 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe 2017-07-14 22:02 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2017-07-14 22:02 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe 2017-07-14 22:02 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\msdxm.ocx . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "toolbar_eula_launcher"="c:\tb_eula\EULALauncher.exe" [2008-02-20 21504] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416] "HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-01-25 716800] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024] "PSUAMain"="c:\program files\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-10-22 54520] "NDSTray.exe"="NDSTray.exe" [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "MaxGPOScriptWait"= 600 (0x258) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . . ------- Examen supplémentaire ------- . uStart Page = https://www.google.com/?bcutc=sp-006 mStart Page = https://www.google.com/?bcutc=sp-006 mSearch Bar = https://www.google.com/?bcutc=sp-006 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\ChrisXav\AppData\Roaming\Mozilla\Firefox\Profiles\ip7yyp0o.default-1501172050055\ . - - - - ORPHELINS SUPPRIMES - - - - . HKLM-Run-ITSecMng - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2017-08-07 15:36 Windows 6.0.6002 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2017-08-07 15:42:48 ComboFix-quarantined-files.txt 2017-08-07 13:42 . Avant-CF: 98 868 576 256 octets libres Après-CF: 98 602 676 224 octets libres . - - End Of File - - 2386DC366B2230BF8DE09C0B7CF95C44 5C616939100B85E558DA92B899A0FC36