ComboFix 18-08-08.01 - aaa 14/12/2018 18:14:57.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1212 [GMT 1:00]
Lancé depuis: c:\documents and settings\aaa\Bureau\ComboFix.exe
AV: AVG Antivirus *Disabled/Updated* {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ma-config.com
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\activex.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\maconfservice.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\npapi.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Temp\mc_160.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\mes documents\Downloads\PowerPointViewer.exe
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\windows\msdownld.tmp
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
c:\windows\Temp\tmp3.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2018-11-14 au 2018-12-14 ))))))))))))))))))))))))))))))))))))
.
.
2018-12-14 10:26 . 2018-12-14 10:40 -------- dc-h--w- c:\windows\ie8
2018-12-12 23:18 . 2018-06-21 19:45 875384 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2018-12-12 23:18 . 2018-06-21 15:19 517072 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2018-12-08 17:27 . 2018-12-08 17:27 -------- d-----w- c:\documents and settings\aaa\Local Settings\Application Data\DivX
2018-11-30 11:16 . 2018-11-30 11:16 -------- d-----w- c:\program files\CPUID
2018-11-28 20:35 . 2018-11-28 20:34 323344 ----a-w- c:\windows\system32\avgBoot.exe
2018-11-28 19:02 . 2018-11-28 19:02 -------- d-----w- c:\windows\system32\wbem\Repository
2018-11-28 18:42 . 2018-11-28 18:44 -------- d-----w- c:\program files\GUMD2.tmp
2018-11-28 18:27 . 2018-11-28 18:27 -------- d-----w- c:\documents and settings\aaa\Application Data\AVG
2018-11-28 17:40 . 2018-11-28 18:43 -------- d-----w- c:\program files\AVG
2018-11-23 14:29 . 2018-11-23 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Symobi
2018-11-23 13:54 . 2018-11-23 14:00 -------- d-----w- c:\program files\HDClone 8 Free Edition
2018-11-15 19:42 . 2018-11-15 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SystemAcCrux
2018-11-15 19:28 . 2018-05-03 08:30 19912 ----a-w- c:\windows\system32\drivers\EuEumDk.sys
2018-11-15 19:28 . 2018-05-03 08:30 65352 ----a-w- c:\windows\system32\drivers\EuDskCp.sys
2018-11-15 17:17 . 2018-11-21 17:17 -------- d-----w- c:\program files\EaseUS
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-12-06 19:26 . 2012-04-15 09:27 842240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-12-06 19:26 . 2011-05-23 17:07 175104 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVGUI.exe"="c:\program files\AVG\Antivirus\AvLaunch.exe" [2018-11-28 290064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^aaa^Menu Démarrer^Programmes^Démarrage^Widget SFR - Mon Compte et Ma Messagerie.lnk]
path=c:\documents and settings\aaa\Menu Démarrer\Programmes\Démarrage\Widget SFR - Mon Compte et Ma Messagerie.lnk
backup=c:\windows\pss\Widget SFR - Mon Compte et Ma Messagerie.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AWUS036H Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AWUS036H Wireless LAN Utility.lnk
backup=c:\windows\pss\AWUS036H Wireless LAN Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-05-08 13:48 959904 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 08:13 152872 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2018-11-13 13:18 13797712 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2017-02-10 10:25 1046488 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2014-04-01 07:36 118104 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2004-02-24 08:20 401491 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-05-17 00:58 213936 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-05-17 00:58 213936 ----a-w- c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-05-17 00:58 86960 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-12-11 09:52 1564528 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-12-11 09:52 311152 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2011-10-05 18:24 36864 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-10 16:49 50688 -c--a-w- c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 10:00 204800 -c--a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:34 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57 153136 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
2011-10-30 14:44 571392 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-05-16 13:44 1084840 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2017-05-05 14:43 27716568 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-08-04 11:33 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 13:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 12:00 143872 -c--a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater13.3.2"=2 (0x2)
"ERSvc"=2 (0x2)
"helpsvc"=2 (0x2)
"MDM"=2 (0x2)
"PolicyAgent"=2 (0x2)
"seclogon"=2 (0x2)
"WebClient"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Home Jukebox\\bin\\HomeJukebox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\adslTV\\VLC\\vlc.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\AWUS036H Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\FreeMi UPnP Media Server\\FreeMi UPnP Media Server.exe"=
"c:\\Program Files\\FreeMi UPnP Media Server\\FreeMi.WindowsService.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CCleaner\\CCUpdate.exe"=
"c:\\Program Files\\AVG\\Antivirus\\AvEmUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:WPS TCP Prot
"1542:UDP"= 1542:UDP:WPS UDP Prot
"53:UDP"= 53:UDP:AP UDP Prot
.
R2 gupdate1c9f372e43ae5ba;Service Google Update (gupdate1c9f372e43ae5ba);c:\program files\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-04-05 317400]
R3 avgbIDSAgent;avgbIDSAgent;c:\program files\AVG\Antivirus\aswidsagent.exe [2018-11-28 6848016]
R3 avgHwid;avgHwid;c:\windows\system32\drivers\avgHwid.sys [2018-11-28 42984]
R3 avgStmXP;avgStmXP;c:\windows\system32\drivers\avgStmXP.sys [2018-11-28 146832]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-08-21 84248]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2013-04-18 20032]
R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\DRIVERS\evserial.sys [2008-05-19 53888]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2009-06-26 323328]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-08-21 182680]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [2014-03-21 13824]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\DRIVERS\evsbc.sys [2008-05-19 27904]
R3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\DRIVERS\mrv8ka51.sys [2004-05-20 258560]
R3 X86BDA;OEM Capture;c:\windows\system32\DRIVERS\OEMDrv.sys [2011-06-08 195712]
R4 EUDSKCP;EUDSKCP;c:\windows\system32\drivers\EuDskCp.sys [2018-05-03 65352]
R4 EUEUMDK;EUEUMDK;c:\windows\system32\drivers\EuEumDk.sys [2018-05-03 19912]
S0 avgbidsh;avgbidsh;c:\windows\system32\drivers\avgbidshx.sys [2018-11-28 165944]
S0 avgblog;avgblog;c:\windows\system32\drivers\avgblogx.sys [2018-11-28 284304]
S0 avgbuniv;avgbuniv;c:\windows\system32\drivers\avgbunivx.sys [2018-11-28 57952]
S0 avgRvrt;avgRvrt;c:\windows\system32\drivers\avgRvrt.sys [2018-11-28 73040]
S0 avgVmm;avgVmm;c:\windows\system32\drivers\avgVmm.sys [2018-11-28 310248]
S1 avgArPot;avgArPot;c:\windows\system32\drivers\avgArPot.sys [2018-11-28 167728]
S1 avgbidsdriver;avgbidsdriver;c:\windows\system32\drivers\avgbidsdriverx.sys [2018-11-28 189344]
S1 avgKbd;avgKbd;c:\windows\system32\drivers\avgKbd.sys [2018-11-28 40936]
S1 avgRdr;avgRdr;c:\windows\system32\drivers\avgRdr.sys [2018-11-28 70888]
S1 avgSnx;avgSnx;c:\windows\system32\drivers\avgSnx.sys [2018-11-28 784800]
S1 avgSP;avgSP;c:\windows\system32\drivers\avgSP.sys [2018-11-28 398232]
S2 AVG Antivirus;AVG Antivirus;c:\program files\AVG\Antivirus\AVGSvc.exe [2018-11-28 324048]
S2 avgMonFlt;avgMonFlt;c:\windows\system32\drivers\avgMonFlt.sys [2018-11-28 135440]
S2 FreeMiWindowsService;FreeMi UPnP Media Server Service;c:\program files\FreeMi UPnP Media Server\FreeMi.WindowsService.exe [2015-07-21 71680]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-04-01 431960]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2008-12-29 56960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-16 17:31 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2018-12-08 c:\windows\Tasks\Adobe Flash Player NPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-06 19:25]
.
2018-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 19:26]
.
2018-12-14 c:\windows\Tasks\Antivirus Emergency Update.job
- c:\program files\AVG\Antivirus\AvEmUpdate.exe [2018-11-28 20:33]
.
2018-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2018-12-14 c:\windows\Tasks\CCleaner Update.job
- c:\program files\CCleaner\CCUpdate.exe [2017-12-13 13:18]
.
2018-12-14 c:\windows\Tasks\DivXUpdate.job
- c:\program files\Fichiers communs\DivX Shared\DivX Update\DivXUpdate.exe [2017-02-03 05:30]
.
2018-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 13:40]
.
2018-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-22 13:40]
.
2018-12-14 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job
- c:\windows\system32\xp_eos.exe [2014-03-24 23:28]
.
2018-12-08 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\windows\system32\xp_eos.exe [2014-03-24 23:28]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.duxet.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxps://img.ui-portal.de/os/activex/gmxinc_osupload_2002.cab
FF - ProfilePath - c:\documents and settings\aaa\Application Data\Mozilla\Firefox\Profiles\utxq35uw.default-1544657785340\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
AddRemove-Freemake Video Converter_is1 - h:\telechargements\Freemake\Freemake Video Converter\Uninstall\unins000.exe
AddRemove-SaveByClick - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~2\SAVEBY~1\Setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-Audio Converter - c:\program files\AudioConverter\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2018-12-14 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,66,c1,a5,d8,50,05,47,99,4f,45,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,23,66,c1,a5,d8,50,05,47,99,4f,45,\
.
[HKEY_USERS\S-1-5-21-1708537768-1592454029-682003330-1004_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\Version]
@DACL=(02 0000)
@="4.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_101_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2092)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\Antivirus\AVGUI.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Heure de fin: 2018-12-14 20:54:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2018-12-14 19:54
.
Avant-CF: 234 006 716 416 octets libres
Après-CF: 234 140 106 752 octets libres
.
- - End Of File - - 5F758849C3EF355F6513EA314ED56D8F
C99C3199CFAA4CBDCD91493F6D113A50