ComboFix 18-03-14.01 - user 07/04/2018  21:08:46.1.2 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.3326.2530 [GMT 2:00]
LancÃ© depuis: c:\documents and settings\user\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
AVERTISSEMENT - LA CONSOLE DE RÃCUPÃRATION N'EST PAS INSTALLÃE SUR CETTE MACHINE !!
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET41A.tmp
c:\windows\system32\SET428.tmp
c:\windows\system32\SET429.tmp
c:\windows\system32\SET43D.tmp
.
.
(((((((((((((((((((((((((((((   Fichiers crÃ©Ã©s du 2018-03-07 au 2018-04-07  ))))))))))))))))))))))))))))))))))))
.
.
2018-04-07 12:28 . 2018-04-07 12:28	--------	d-----w-	c:\documents and settings\user\Application Data\CodeBlocks
2018-04-07 10:40 . 2018-04-07 13:23	--------	d-----w-	C:\FRST
2018-04-06 15:58 . 2018-04-06 16:05	--------	d-----w-	c:\documents and settings\user\Application Data\ZHP
2018-04-06 15:58 . 2018-04-06 15:58	--------	d-----w-	c:\documents and settings\user\Local Settings\Application Data\ZHP
2018-04-06 10:48 . 2018-04-06 11:02	--------	d-----w-	c:\documents and settings\user\Application Data\inkscape
2018-04-05 18:08 . 2018-04-05 18:08	--------	d-----w-	c:\documents and settings\user\Local Settings\Application Data\Adobe
2018-03-25 15:52 . 2018-03-25 16:11	--------	d-----w-	c:\documents and settings\user\Local Settings\Application Data\WMTools Downloaded Files
2018-03-25 12:59 . 2018-03-25 12:59	--------	d-----w-	c:\documents and settings\user\.thumbnails
2018-03-25 12:57 . 2018-03-25 13:19	--------	d-----w-	c:\documents and settings\user\Local Settings\Application Data\gtk-2.0
2018-03-25 12:56 . 2018-03-25 12:56	--------	d-----w-	c:\documents and settings\user\Local Settings\Application Data\fontconfig
2018-03-25 12:55 . 2018-03-25 16:32	--------	d-----w-	c:\documents and settings\user\.gimp-2.8
2018-03-25 12:55 . 2018-03-25 12:55	--------	d-----w-	c:\documents and settings\user\Local Settings\Application Data\gegl-0.2
2018-03-24 16:52 . 2018-03-24 16:52	--------	d-----w-	c:\documents and settings\user\Application Data\FastStone
2018-03-13 16:58 . 2018-03-13 16:58	--------	d-sh--w-	c:\documents and settings\user\IECompatCache
2018-03-11 15:53 . 2018-03-11 15:53	--------	d-----w-	c:\program files\Lame For Audacity
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-02-14 18:46 . 2018-02-14 18:46	113280	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1036\ResourceCache.dll
2018-02-14 18:45 . 2018-02-14 18:45	416	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1036\ResourceCache.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les Ã©lÃ©ments vides & les Ã©lÃ©ments initiaux lÃ©gitimes ne sont pas listÃ©s 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-11-03 17:59	749192	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-26 16858112]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143872]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-11-03 7004376]
"BabyGoCP"="c:\program files\FreeAngel\FreeAngel.exe" [2008-05-30 578560]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2016-12-12 587288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Menu DÃ©marrer\Programmes\DÃ©marrage\
Utilitaire de configuration sans fil TP-LINK.lnk - c:\program files\TP-LINK\Utilitaire de configuration sans fil TP-LINK\TWCU.exe -nogui [2015-6-9 848384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-794017837-3131750297-2016117228-1299\Scripts\Logon\0\0]
"Script"=\\netarseaa.lcl\SYSVOL\netarseaa.lcl\scripts\MAILINBLACK.BAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-794017837-3131750297-2016117228-1299\Scripts\Logon\1\0]
"Script"=Connexion-YPareo.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-794017837-3131750297-2016117228-1302\Scripts\Logon\0\0]
"Script"=\\netarseaa.lcl\SYSVOL\netarseaa.lcl\scripts\MAILINBLACK.BAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-794017837-3131750297-2016117228-1302\Scripts\Logon\1\0]
"Script"=Connexion-YPareo.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-794017837-3131750297-2016117228-1363\Scripts\Logon\0\0]
"Script"=\\netarseaa.lcl\SYSVOL\netarseaa.lcl\scripts\MAILINBLACK.BAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-794017837-3131750297-2016117228-7641\Scripts\Logon\0\0]
"Script"=\\netarseaa.lcl\SYSVOL\netarseaa.lcl\scripts\MAILINBLACK.BAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-794017837-3131750297-2016117228-7641\Scripts\Logon\1\0]
"Script"=Connexion-YPareo.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/06/2015 18:43 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/06/2015 18:43 209432]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/06/2015 18:43 794952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/06/2015 18:43 435464]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10/06/2015 18:43 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/06/2015 18:43 81168]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [11/06/2009 14:19 6016]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [05/09/2015 07:55 167152]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTWlanU.sys [09/06/2015 20:27 1345936]
S2 FusionInventory-Agent;FusionInventory-Agent;c:\program files\FusionInventory-Agent\perl\bin\perl.exe [08/01/2013 14:13 9728]
.
Contenu du dossier 'TÃ¢ches planifiÃ©es'
.
2018-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24 18:45]
.
2018-04-07 c:\windows\Tasks\Avast Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-03 17:07]
.
2018-04-07 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - Ã  la connexion.job
- c:\windows\system32\xp_eos.exe [2015-06-10 23:28]
.
2017-10-08 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\windows\system32\xp_eos.exe [2015-06-10 23:28]
.
.
------- Examen supplÃ©mentaire -------
.
mStart Page = https://www.google.com/?trackid=sp-006
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: E&xporter vers Microsoft Excel - c:\progra~1\Office\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\gwdargbu.default\
FF - prefs.js: browser.startup.homepage - google.com
.
.
------- Associations de fichier -------
.
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Microsoft Visual C++ 2008 Express Edition - FRA - c:\program files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - FRA\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2018-04-07 21:15
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachÃ©s ... 
.
Recherche d'Ã©lÃ©ments en dÃ©marrage automatique cachÃ©s ... 
.
Recherche de fichiers cachÃ©s ... 
.
Scan terminÃ© avec succÃ¨s
Fichiers cachÃ©s: 0
.
**************************************************************************
.
Heure de fin: 2018-04-07  21:17:07
ComboFix-quarantined-files.txt  2018-04-07 19:17
.
Avant-CF: 122Â 069Â 053Â 440 octets libres
AprÃ¨s-CF: 122Â 032Â 562Â 176 octets libres
.
- - End Of File - - 82D3B33786A3E470DBDFD00AA1CB4916
8F558EB6672622401DA993E1E865C861