Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-07-07.01 - gerald 21/07/2017 10:35:18.1.2 - x86 NETWORK
Microsoft® Windows Vista Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.2155 [GMT 2:00]
Lancé depuis: c:\users\gerald\Downloads\ComboFix.exe
AV: AVG Antivirus *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG Antivirus *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AL37GB77.tmp
c:\users\gerald\AppData\Roaming\.#
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-06-21 au 2017-07-21 ))))))))))))))))))))))))))))))))))))
.
.
2017-07-21 08:40 . 2017-07-21 08:41 -------- d-----w- c:\users\gerald\AppData\Local\temp
2017-07-21 08:40 . 2017-07-21 08:40 -------- d-----w- c:\users\nathalie\AppData\Local\temp
2017-07-21 08:40 . 2017-07-21 08:40 -------- d-----w- c:\users\Invité\AppData\Local\temp
2017-07-21 06:46 . 2017-07-21 06:49 -------- d-----w- C:\FRST
2017-07-21 05:45 . 2017-07-21 05:46 -------- d-----w- c:\users\gerald\AppData\Roaming\ZHP
2017-07-21 05:44 . 2017-07-21 05:45 -------- d-----w- c:\users\gerald\AppData\Local\ZHP
2017-07-21 05:21 . 2017-07-21 05:22 -------- d-----w- c:\program files\AVAST Software
2017-07-21 04:43 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2017-07-21 04:43 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2017-07-21 04:43 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2017-07-21 04:43 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2017-07-21 04:43 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2017-07-21 04:43 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2017-07-21 04:43 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2017-07-21 04:43 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2017-07-21 04:43 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2017-07-20 09:46 . 2017-07-20 09:46 -------- d-----w- c:\windows\system32\ca-ES
2017-07-20 09:46 . 2017-07-20 09:46 -------- d-----w- c:\windows\system32\eu-ES
2017-07-20 09:46 . 2017-07-20 09:46 -------- d-----w- c:\windows\system32\vi-VN
2017-07-20 09:25 . 2017-07-20 09:25 -------- d-----w- c:\windows\system32\EventProviders
2017-07-20 07:12 . 2017-07-20 07:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-20 07:08 . 2016-06-17 06:33 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-20 05:26 . 2012-06-06 13:05 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-20 05:26 . 2012-06-06 13:05 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-07-20 05:13 . 2017-04-07 09:02 116344 ----a-w- c:\windows\system32\drivers\aswefb498872357808c.tmp
2017-07-20 05:12 . 2017-04-07 09:02 195128 ----a-w- c:\windows\system32\drivers\aswdc44f91a03c86a06.tmp
2017-07-20 05:12 . 2017-04-07 09:02 288728 ----a-w- c:\windows\system32\drivers\asw85feba0893fcbb39.tmp
2017-07-20 05:12 . 2017-04-07 09:02 489416 ----a-w- c:\windows\system32\drivers\aswdd8d31ce9a824dde.tmp
2017-07-20 05:12 . 2017-04-07 09:02 63280 ----a-w- c:\windows\system32\drivers\asw e0f09768be86ed2.tmp
2017-07-20 05:12 . 2017-04-07 09:02 62528 ----a-w- c:\windows\system32\drivers\asw76e8b5137664b417.tmp
2017-07-20 05:12 . 2017-04-07 09:02 35264 ----a-w- c:\windows\system32\drivers\aswd4e9d1e06210a4d9.tmp
2017-07-20 05:12 . 2017-04-07 09:02 766728 ----a-w- c:\windows\system32\drivers\aswaa6c26e8e3727fd5.tmp
2017-07-20 05:12 . 2017-04-07 09:02 43992 ----a-w- c:\windows\system32\drivers\asw2f22dbc733ffa186.tmp
2017-07-20 05:12 . 2017-04-07 09:02 270344 ----a-w- c:\windows\system32\drivers\aswf6c1b8295f993d77.tmp
2017-07-20 05:12 . 2017-04-07 09:02 151024 ----a-w- c:\windows\system32\drivers\aswe84578a569ba1573.tmp
2017-07-20 05:12 . 2017-04-07 09:02 260616 ----a-w- c:\windows\system32\drivers\aswc796829844f7d267.tmp
2017-07-20 05:12 . 2017-04-07 09:02 135872 ----a-w- c:\windows\system32\drivers\asw10ba05255908f986.tmp
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-09-28 6889176]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
c:\users\gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
La Solution Ciel.lnk - c:\program files\Ciel\Starter.exe [2012-6-13 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AVG-Secure-Search-Update_1213b"=c:\users\gerald\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=baeb7ad018ab47d3a4b7d156a4d8ddd9-b602d594afd2b0b327e07a06f36ca6a7e42546d0 /CMPID=1213b
"AVG-Secure-Search-Update_0214c"=c:\users\gerald\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=baeb7ad018ab47d3a4b7d156a4d8ddd9-b602d594afd2b0b327e07a06f36ca6a7e42546d0 /CMPID=0214c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"VX3000"="c:\windows\vVX3000.exe"
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" boot
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"Skytel"="Skytel.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2014-04-18 c:\windows\Tasks\0414bUpdateInfo.job
- c:\programdata\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe [2014-04-18 07:48]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\gerald\AppData\Roaming\Mozilla\Firefox\Profiles\jawxgekj.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-21 10:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1560)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Heure de fin: 2017-07-21 10:42:31
ComboFix-quarantined-files.txt 2017-07-21 08:42
.
Avant-CF: 76 607 508 480 octets libres
Après-CF: 77 543 075 840 octets libres
.
- - End Of File - - A8450CAA86E2F84F9E1E210C50ED22F6
EF9CDC51B437D322D54016B68F003416
Microsoft® Windows Vista Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.2814.2155 [GMT 2:00]
Lancé depuis: c:\users\gerald\Downloads\ComboFix.exe
AV: AVG Antivirus *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG Antivirus *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AL37GB77.tmp
c:\users\gerald\AppData\Roaming\.#
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2017-06-21 au 2017-07-21 ))))))))))))))))))))))))))))))))))))
.
.
2017-07-21 08:40 . 2017-07-21 08:41 -------- d-----w- c:\users\gerald\AppData\Local\temp
2017-07-21 08:40 . 2017-07-21 08:40 -------- d-----w- c:\users\nathalie\AppData\Local\temp
2017-07-21 08:40 . 2017-07-21 08:40 -------- d-----w- c:\users\Invité\AppData\Local\temp
2017-07-21 06:46 . 2017-07-21 06:49 -------- d-----w- C:\FRST
2017-07-21 05:45 . 2017-07-21 05:46 -------- d-----w- c:\users\gerald\AppData\Roaming\ZHP
2017-07-21 05:44 . 2017-07-21 05:45 -------- d-----w- c:\users\gerald\AppData\Local\ZHP
2017-07-21 05:21 . 2017-07-21 05:22 -------- d-----w- c:\program files\AVAST Software
2017-07-21 04:43 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2017-07-21 04:43 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2017-07-21 04:43 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2017-07-21 04:43 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2017-07-21 04:43 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2017-07-21 04:43 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2017-07-21 04:43 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2017-07-21 04:43 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2017-07-21 04:43 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2017-07-20 09:46 . 2017-07-20 09:46 -------- d-----w- c:\windows\system32\ca-ES
2017-07-20 09:46 . 2017-07-20 09:46 -------- d-----w- c:\windows\system32\eu-ES
2017-07-20 09:46 . 2017-07-20 09:46 -------- d-----w- c:\windows\system32\vi-VN
2017-07-20 09:25 . 2017-07-20 09:25 -------- d-----w- c:\windows\system32\EventProviders
2017-07-20 07:12 . 2017-07-20 07:12 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-20 07:08 . 2016-06-17 06:33 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-20 05:26 . 2012-06-06 13:05 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-07-20 05:26 . 2012-06-06 13:05 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-07-20 05:13 . 2017-04-07 09:02 116344 ----a-w- c:\windows\system32\drivers\aswefb498872357808c.tmp
2017-07-20 05:12 . 2017-04-07 09:02 195128 ----a-w- c:\windows\system32\drivers\aswdc44f91a03c86a06.tmp
2017-07-20 05:12 . 2017-04-07 09:02 288728 ----a-w- c:\windows\system32\drivers\asw85feba0893fcbb39.tmp
2017-07-20 05:12 . 2017-04-07 09:02 489416 ----a-w- c:\windows\system32\drivers\aswdd8d31ce9a824dde.tmp
2017-07-20 05:12 . 2017-04-07 09:02 63280 ----a-w- c:\windows\system32\drivers\asw e0f09768be86ed2.tmp
2017-07-20 05:12 . 2017-04-07 09:02 62528 ----a-w- c:\windows\system32\drivers\asw76e8b5137664b417.tmp
2017-07-20 05:12 . 2017-04-07 09:02 35264 ----a-w- c:\windows\system32\drivers\aswd4e9d1e06210a4d9.tmp
2017-07-20 05:12 . 2017-04-07 09:02 766728 ----a-w- c:\windows\system32\drivers\aswaa6c26e8e3727fd5.tmp
2017-07-20 05:12 . 2017-04-07 09:02 43992 ----a-w- c:\windows\system32\drivers\asw2f22dbc733ffa186.tmp
2017-07-20 05:12 . 2017-04-07 09:02 270344 ----a-w- c:\windows\system32\drivers\aswf6c1b8295f993d77.tmp
2017-07-20 05:12 . 2017-04-07 09:02 151024 ----a-w- c:\windows\system32\drivers\aswe84578a569ba1573.tmp
2017-07-20 05:12 . 2017-04-07 09:02 260616 ----a-w- c:\windows\system32\drivers\aswc796829844f7d267.tmp
2017-07-20 05:12 . 2017-04-07 09:02 135872 ----a-w- c:\windows\system32\drivers\asw10ba05255908f986.tmp
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-09-28 6889176]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
c:\users\gerald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
La Solution Ciel.lnk - c:\program files\Ciel\Starter.exe [2012-6-13 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AVG-Secure-Search-Update_1213b"=c:\users\gerald\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=baeb7ad018ab47d3a4b7d156a4d8ddd9-b602d594afd2b0b327e07a06f36ca6a7e42546d0 /CMPID=1213b
"AVG-Secure-Search-Update_0214c"=c:\users\gerald\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=baeb7ad018ab47d3a4b7d156a4d8ddd9-b602d594afd2b0b327e07a06f36ca6a7e42546d0 /CMPID=0214c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"VX3000"="c:\windows\vVX3000.exe"
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" boot
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe"
"Skytel"="Skytel.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
.
2014-04-18 c:\windows\Tasks\0414bUpdateInfo.job
- c:\programdata\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe [2014-04-18 07:48]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\gerald\AppData\Roaming\Mozilla\Firefox\Profiles\jawxgekj.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-21 10:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1560)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Heure de fin: 2017-07-21 10:42:31
ComboFix-quarantined-files.txt 2017-07-21 08:42
.
Avant-CF: 76 607 508 480 octets libres
Après-CF: 77 543 075 840 octets libres
.
- - End Of File - - A8450CAA86E2F84F9E1E210C50ED22F6
EF9CDC51B437D322D54016B68F003416