Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-05-24.14 - MAISON 07/07/2017 17:54:21.1.2 - x86 MINIMAL
Microsoft® Windows Vista Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.2548 [GMT 2:00]
Lancé depuis: c:\users\MAISON.PC-de-CR\Desktop\ComboFix.exe
AV: AVG Antivirus *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG Antivirus *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\programdata\NVIDIA
c:\programdata\NVIDIA\NvApps.xml
c:\programdata\NVIDIA\NvStarted
c:\programdata\VCREDI~3.EXE
c:\windows\system32\AdobePDF.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-06-07 au 2017-07-07 ))))))))))))))))))))))))))))))))))))
.
.
2017-07-07 16:04 . 2017-07-07 16:05 -------- d-----w- c:\users\MAISON.PC-de-CR\AppData\Local\temp
2017-07-07 16:04 . 2017-07-07 16:04 -------- d-----w- c:\users\MAISON\AppData\Local\temp
2017-07-07 16:04 . 2017-07-07 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-06 16:14 . 2017-07-07 10:05 -------- d-----w- C:\FRST
2017-07-06 10:30 . 2017-07-07 10:06 221600 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-06 10:29 . 2017-07-07 09:52 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-06 10:28 . 2017-07-06 10:28 -------- d-----w- c:\program files\Malwarebytes
2017-07-06 07:41 . 2017-07-06 08:11 -------- d-----w- C:\AdwCleaner
2017-07-02 12:26 . 2017-07-06 14:20 -------- d-----w- c:\users\MAISON.PC-de-CR\AppData\Roaming\ZHP
2017-07-02 12:26 . 2017-07-04 06:55 -------- d-----w- c:\users\MAISON.PC-de-CR\AppData\Local\ZHP
2017-06-29 20:46 . 2017-07-07 15:38 -------- d-----w- c:\users\MAISON.PC-de-CR\AppData\Local\AvgSetupLog
2017-06-13 21:05 . 2017-06-13 21:05 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-04-11 10:43 . 2017-04-11 10:43 197376 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-06-26 10:16 230728 ----a-w- c:\users\MAISON.PC-de-CR\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-06-26 10:16 230728 ----a-w- c:\users\MAISON.PC-de-CR\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-06-26 10:16 230728 ----a-w- c:\users\MAISON.PC-de-CR\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 1732608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-06 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-15 596504]
.
c:\users\MAISON.PC-de-CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-24 113664]
Dropbox.lnk - c:\users\MAISON.PC-de-CR\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2017-6-29 3486520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2009-7-23 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 16:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
2016-11-14 19:34 143144 ----atw- c:\users\MAISON.PC-de-CR\AppData\Local\Dropbox\Update\DropboxUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-06 22:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2016-03-01 18:08 50670720 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 18:51 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'
.
2017-07-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2921481685-4267868254-1970428013-1000Core.job
- c:\users\MAISON.PC-de-CR\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 19:34]
.
2017-07-07 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2921481685-4267868254-1970428013-1000UA.job
- c:\users\MAISON.PC-de-CR\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 19:34]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
------- Examen supplémentaire -------
.
uStart Page = https://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 172.20.10.1
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
FF - ProfilePath - c:\users\MAISON.PC-de-CR\AppData\Roaming\Mozilla\Firefox\Profiles\en9eipka.default\
FF - prefs.js: browser.startup.homepage - yahoo.fr
.
.
------- Associations de fichier -------
.
.scr=AutoCADScriptFile
.txt=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\MAISON.PC-de-CR\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
HKLM-Run-AVG_UI - c:\program files\AVG\Framework\Common\avguirnx.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-07 18:05
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1864)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
Heure de fin: 2017-07-07 18:08:00
ComboFix-quarantined-files.txt 2017-07-07 16:07
.
Avant-CF: 12 141 895 680 octets libres
Après-CF: 11 825 164 288 octets libres
.
- - End Of File - - A41D591A11E5E082301EBC7FC6F81DE5
5C616939100B85E558DA92B899A0FC36
Microsoft® Windows Vista Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.2548 [GMT 2:00]
Lancé depuis: c:\users\MAISON.PC-de-CR\Desktop\ComboFix.exe
AV: AVG Antivirus *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG Antivirus *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\programdata\NVIDIA
c:\programdata\NVIDIA\NvApps.xml
c:\programdata\NVIDIA\NvStarted
c:\programdata\VCREDI~3.EXE
c:\windows\system32\AdobePDF.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-06-07 au 2017-07-07 ))))))))))))))))))))))))))))))))))))
.
.
2017-07-07 16:04 . 2017-07-07 16:05 -------- d-----w- c:\users\MAISON.PC-de-CR\AppData\Local\temp
2017-07-07 16:04 . 2017-07-07 16:04 -------- d-----w- c:\users\MAISON\AppData\Local\temp
2017-07-07 16:04 . 2017-07-07 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-07-06 16:14 . 2017-07-07 10:05 -------- d-----w- C:\FRST
2017-07-06 10:30 . 2017-07-07 10:06 221600 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-06 10:29 . 2017-07-07 09:52 59936 ----a-w- c:\windows\system32\drivers\mbae.sys
2017-07-06 10:28 . 2017-07-06 10:28 -------- d-----w- c:\program files\Malwarebytes
2017-07-06 07:41 . 2017-07-06 08:11 -------- d-----w- C:\AdwCleaner
2017-07-02 12:26 . 2017-07-06 14:20 -------- d-----w- c:\users\MAISON.PC-de-CR\AppData\Roaming\ZHP
2017-07-02 12:26 . 2017-07-04 06:55 -------- d-----w- c:\users\MAISON.PC-de-CR\AppData\Local\ZHP
2017-06-29 20:46 . 2017-07-07 15:38 -------- d-----w- c:\users\MAISON.PC-de-CR\AppData\Local\AvgSetupLog
2017-06-13 21:05 . 2017-06-13 21:05 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-04-11 10:43 . 2017-04-11 10:43 197376 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2017-06-26 10:16 230728 ----a-w- c:\users\MAISON.PC-de-CR\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2017-06-26 10:16 230728 ----a-w- c:\users\MAISON.PC-de-CR\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2017-06-26 10:16 230728 ----a-w- c:\users\MAISON.PC-de-CR\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 1732608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-06 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-06-15 596504]
.
c:\users\MAISON.PC-de-CR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-24 113664]
Dropbox.lnk - c:\users\MAISON.PC-de-CR\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2017-6-29 3486520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2009-7-23 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-18 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2015-03-20 16:12 60712 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
2016-11-14 19:34 143144 ----atw- c:\users\MAISON.PC-de-CR\AppData\Local\Dropbox\Update\DropboxUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-04-06 22:29 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2016-03-01 18:08 50670720 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 18:51 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'
.
2017-07-05 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2921481685-4267868254-1970428013-1000Core.job
- c:\users\MAISON.PC-de-CR\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 19:34]
.
2017-07-07 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2921481685-4267868254-1970428013-1000UA.job
- c:\users\MAISON.PC-de-CR\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17 19:34]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
------- Examen supplémentaire -------
.
uStart Page = https://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 172.20.10.1
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
FF - ProfilePath - c:\users\MAISON.PC-de-CR\AppData\Roaming\Mozilla\Firefox\Profiles\en9eipka.default\
FF - prefs.js: browser.startup.homepage - yahoo.fr
.
.
------- Associations de fichier -------
.
.scr=AutoCADScriptFile
.txt=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\MAISON.PC-de-CR\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
HKLM-Run-AVG_UI - c:\program files\AVG\Framework\Common\avguirnx.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-07 18:05
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1864)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
Heure de fin: 2017-07-07 18:08:00
ComboFix-quarantined-files.txt 2017-07-07 16:07
.
Avant-CF: 12 141 895 680 octets libres
Après-CF: 11 825 164 288 octets libres
.
- - End Of File - - A41D591A11E5E082301EBC7FC6F81DE5
5C616939100B85E558DA92B899A0FC36