ComboFix 14-03-24.01 - Claudine 31/03/2014 14:41:13.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.767.291 [GMT 2:00] Lancé depuis: c:\documents and settings\Claudine\Mes documents\TÚlÚchargements\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Autorun.inf c:\documents and settings\Claudine\Application Data\18904020-a82b-435d-6163-5e37bbae0aef c:\documents and settings\Claudine\Application Data\18904020-a82b-435d-6163-5e37bbae0aef\status.cfg c:\documents and settings\Claudine\Application Data\18904020-a82b-435d-6163-5e37bbae0aef\Updater.xml c:\documents and settings\Claudine\WINDOWS c:\windows\system32\images c:\windows\system32\images\+ DOSSIER UTILISE PAR LE PROGRAMME 'ENREGISTREZ SOUS EDITEUR' c:\windows\system32\images\1.ico c:\windows\system32\images\2.ico c:\windows\system32\images\3.ico c:\windows\system32\images\4.ico c:\windows\system32\images\5.ico c:\windows\system32\images\Flèche bas.ico c:\windows\system32\images\Flèche haut.ico c:\windows\system32\TZLog.log D:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SOFTWARE_UPDATE . . ((((((((((((((((((((((((((((( Fichiers créés du 2014-02-28 au 2014-03-31 )))))))))))))))))))))))))))))))))))) . . 2014-03-30 18:40 . 2014-03-30 18:49 -------- dc----w- C:\FRST 2014-03-27 21:33 . 2014-03-27 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2014-03-27 15:15 . 2014-03-27 15:15 -------- d-sh--w- c:\documents and settings\Claudine\PrivacIE 2014-03-27 14:29 . 2014-02-26 23:28 13312 ------w- c:\windows\system32\xp_eos.exe 2014-03-25 23:45 . 2014-03-25 23:45 -------- d--h--w- c:\windows\PIF 2014-03-25 22:22 . 2014-03-25 22:22 -------- d-sh--w- c:\documents and settings\Claudine\IECompatCache 2014-03-25 20:26 . 2014-03-27 20:39 -------- d-----w- c:\windows\system32\XPSViewer 2014-03-25 20:26 . 2014-03-25 20:26 -------- d-----w- c:\program files\MSBuild 2014-03-25 20:25 . 2014-03-25 20:25 -------- d-----w- c:\program files\Reference Assemblies 2014-03-25 20:25 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2014-03-25 20:25 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2014-03-25 20:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2014-03-25 20:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2014-03-25 20:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2014-03-25 20:25 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2014-03-25 20:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2014-03-24 11:24 . 2001-08-17 19:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys 2014-03-24 11:24 . 2001-08-17 19:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys 2014-03-24 11:24 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys 2014-03-24 11:23 . 2008-04-13 10:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys 2014-03-24 11:23 . 2001-08-23 16:47 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll 2014-03-24 11:23 . 2001-08-17 20:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys 2014-03-24 11:18 . 2014-03-24 11:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2014-03-24 11:16 . 2014-03-24 11:16 -------- d-sh--w- c:\documents and settings\Claudine\IETldCache 2014-03-24 10:26 . 2014-02-24 11:45 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2014-03-24 10:26 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2014-03-24 10:25 . 2014-02-24 11:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2014-03-24 10:25 . 2014-02-24 11:45 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2014-03-24 10:22 . 2014-03-24 10:24 -------- dc-h--w- c:\windows\ie8 2014-03-22 22:05 . 2014-03-22 22:05 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\PCHealth 2014-03-21 10:21 . 2014-03-21 10:21 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware 2014-03-21 10:21 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-03-21 10:07 . 2014-03-21 10:07 -------- d-----w- c:\windows\ERUNT 2014-03-20 17:29 . 2014-03-28 11:11 -------- d-----w- c:\documents and settings\Administrateur 2014-03-20 15:54 . 2014-03-20 15:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2014-03-20 15:54 . 2014-03-21 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2014-03-20 15:54 . 2014-03-20 15:54 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\MFAData 2014-03-20 15:54 . 2014-03-20 15:54 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\Avg2014 2014-03-20 15:09 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2014-03-20 14:01 . 2014-03-20 14:01 411552 ----a-w- c:\windows\system32\drivers\bfnxpwhj.sys 2014-03-20 13:17 . 2014-03-20 13:17 -------- d--h--w- c:\program files\CCleaner 2014-03-20 10:05 . 2014-03-20 10:05 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\AviraResume 2014-03-20 08:55 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll 2014-03-20 08:55 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2014-03-20 08:55 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2014-03-20 08:53 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2014-03-20 08:52 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2014-03-20 08:51 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2014-03-20 08:45 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2014-03-20 08:42 . 2001-08-23 16:46 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll 2014-03-20 08:42 . 2001-08-17 19:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys 2014-03-20 08:42 . 2001-08-23 16:46 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll 2014-03-20 08:42 . 2001-08-17 19:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys 2014-03-20 08:41 . 2013-07-04 07:33 2030592 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2014-03-20 08:41 . 2013-07-04 07:34 2072192 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2014-03-20 08:40 . 2008-04-13 18:07 607452 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys 2014-03-20 08:40 . 2001-08-23 16:00 728554 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys 2014-03-20 08:40 . 2001-08-17 20:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys 2014-03-20 08:40 . 2001-08-17 19:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys 2014-03-20 08:40 . 2001-08-17 19:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys 2014-03-20 08:40 . 2001-08-17 19:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys 2014-03-20 08:40 . 2001-08-23 16:00 16384 -c--a-w- c:\windows\system32\dllcache\lit220p.sys 2014-03-20 08:40 . 2008-04-13 10:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2014-03-20 08:40 . 2001-08-23 15:59 26922 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys 2014-03-20 08:40 . 2001-08-17 19:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys 2014-03-20 08:38 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2014-03-20 08:37 . 2001-08-17 20:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys 2014-03-20 08:36 . 2008-04-13 17:59 28544 -c--a-w- c:\windows\system32\dllcache\grserial.sys 2014-03-20 08:35 . 2001-08-17 20:50 144896 -c--a-w- c:\windows\system32\dllcache\epcfw2k.sys 2014-03-20 08:34 . 2001-08-23 16:47 135252 -c--a-w- c:\windows\system32\dllcache\digidbp.dll 2014-03-20 08:33 . 2008-04-13 10:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys 2014-03-20 08:32 . 2001-08-17 21:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys 2014-03-20 08:32 . 2001-08-17 21:04 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys 2014-03-20 08:32 . 2001-08-17 21:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys 2014-03-20 08:32 . 2001-08-23 16:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys 2014-03-20 08:32 . 2001-08-17 19:11 31529 -c--a-w- c:\windows\system32\dllcache\brzwlan.sys 2014-03-20 08:32 . 2001-08-17 20:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys 2014-03-20 08:32 . 2001-08-17 20:12 11008 -c--a-w- c:\windows\system32\dllcache\brusbmdm.sys 2014-03-20 08:32 . 2001-08-17 20:12 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys 2014-03-20 08:32 . 2001-08-23 16:46 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll 2014-03-20 08:32 . 2001-08-23 16:46 5120 -c--a-w- c:\windows\system32\dllcache\brscnrsm.dll 2014-03-20 08:32 . 2001-08-23 16:01 39808 -c--a-w- c:\windows\system32\dllcache\brparwdm.sys 2014-03-20 08:30 . 2001-08-23 16:46 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll 2014-03-20 08:29 . 2001-08-23 16:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2014-03-20 08:29 . 2013-07-04 07:34 2151936 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe 2014-03-20 08:25 . 2004-08-19 17:09 221184 ----a-w- c:\windows\system32\wmpns.dll 2014-03-20 08:07 . 2008-04-13 18:33 412160 ------w- c:\windows\system32\photometadatahandler.dll 2014-03-20 08:06 . 2007-04-02 10:26 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll 2014-03-20 08:05 . 2008-04-13 18:33 49152 -c--a-w- c:\windows\system32\dllcache\agentmpx.dll 2014-03-20 08:04 . 2008-04-13 18:33 36864 -c--a-w- c:\windows\system32\dllcache\iprip.dll 2014-03-20 08:04 . 2008-04-13 18:34 142848 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe 2014-03-20 08:04 . 2008-04-13 18:31 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll 2014-03-20 08:04 . 2007-04-02 10:26 20992 -c--a-w- c:\windows\system32\dllcache\agt0816.dll 2014-03-20 08:04 . 2008-04-13 18:33 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll 2014-03-20 08:04 . 2008-04-13 18:33 109568 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll 2014-03-20 08:04 . 2008-04-13 18:33 334336 -c--a-w- c:\windows\system32\dllcache\aqueue.dll 2014-03-20 08:04 . 2008-04-13 18:33 24064 -c--a-w- c:\windows\system32\dllcache\agentpsh.dll 2014-03-20 08:04 . 2008-04-13 18:33 24064 -c--a-w- c:\windows\system32\dllcache\agentanm.dll 2014-03-20 08:04 . 2014-03-20 08:08 -------- d-----w- c:\windows\ServicePackFiles 2014-03-20 08:01 . 2008-04-13 10:56 30592 ------w- c:\windows\system32\drivers\rndismpx.sys 2014-03-19 18:07 . 2014-03-25 19:10 -------- d--h--w- c:\program files\Update Software 2014-03-19 18:07 . 2014-03-19 18:07 -------- d--h--w- c:\program files\Retro PC Calculator 2014-03-19 17:55 . 2014-03-19 17:55 -------- d-----w- c:\documents and settings\Claudine\Application Data\SUPERAntiSpyware.com 2014-03-19 16:39 . 2014-03-20 13:17 -------- d--h--w- c:\program files\Google 2014-03-19 16:39 . 2014-03-19 16:39 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\Google 2014-03-19 14:55 . 2014-03-19 14:55 426 ----a-w- c:\documents and settings\Claudine\Autoexec.bat 2014-03-11 15:46 . 2014-03-11 15:46 82432 ----a-w- c:\documents and settings\Claudine\Application Data\Microsoft\MSXML2\msxml4r.dll 2014-03-11 15:46 . 2014-03-11 15:46 44544 ----a-w- c:\documents and settings\Claudine\Application Data\Microsoft\MSXML2\msxml4a.dll 2014-03-11 15:46 . 2014-03-11 15:46 1275392 ----a-w- c:\documents and settings\Claudine\Application Data\Microsoft\MSXML2\msxml4.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-24 11:45 . 2006-12-13 12:46 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45 . 2006-12-13 12:46 43520 ------w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45 . 2006-12-13 12:45 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:44 . 2006-12-13 12:45 18944 ------w- c:\windows\system32\corpol.dll 2014-02-24 10:55 . 2006-12-13 12:45 385024 ------w- c:\windows\system32\html.iec 2014-02-07 06:36 . 2006-12-13 12:49 1879168 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 08:54 . 2004-08-19 17:09 563712 ----a-w- c:\windows\system32\qedit.dll 2014-01-04 03:12 . 2006-12-13 12:46 420864 ----a-w- c:\windows\system32\vbscript.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\documents and settings\Claudine\Menu Démarrer\Programmes\Démarrage\ IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2011-2-26 112128] OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleStartMenu"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "MaxRecentDocs"= 15 (0xf) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "DisallowCpl"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] 2007-08-09 13:48 528384 ----a-w- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-13 18:34 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= . R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [21/03/2014 12:21 418376] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2014 12:21 701512] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2014 12:21 22856] . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - WS2IFSL . Contenu du dossier 'Tâches planifiées' . 2014-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-03-19 16:39] . 2014-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-03-19 16:39] . 2014-03-31 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job - c:\windows\system32\xp_eos.exe [2014-03-27 23:28] . 2014-03-27 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job - c:\windows\system32\xp_eos.exe [2014-03-27 23:28] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://google.fr uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Claudine\Application Data\Mozilla\Firefox\Profiles\ap5vuvxy.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-31 14:50 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'explorer.exe'(3480) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\WgaTray.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2014-03-31 14:54:26 - La machine a redémarré ComboFix-quarantined-files.txt 2014-03-31 12:54 . Avant-CF: 1 718 288 384 octets libres Après-CF: 1 811 640 320 octets libres . - - End Of File - - 2C1AEAFAD6D4EDBB0E3675BDC972792C C99C3199CFAA4CBDCD91493F6D113A50