Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 14-03-24.01 - Claudine 31/03/2014 14:41:13.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.767.291 [GMT 2:00]
Lanc� depuis: c:\documents and settings\Claudine\Mes documents\T�l�chargements\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\documents and settings\Claudine\Application Data\18904020-a82b-435d-6163-5e37bbae0aef
c:\documents and settings\Claudine\Application Data\18904020-a82b-435d-6163-5e37bbae0aef\status.cfg
c:\documents and settings\Claudine\Application Data\18904020-a82b-435d-6163-5e37bbae0aef\Updater.xml
c:\documents and settings\Claudine\WINDOWS
c:\windows\system32\images
c:\windows\system32\images\+ DOSSIER UTILISE PAR LE PROGRAMME 'ENREGISTREZ SOUS EDITEUR'
c:\windows\system32\images\1.ico
c:\windows\system32\images\2.ico
c:\windows\system32\images\3.ico
c:\windows\system32\images\4.ico
c:\windows\system32\images\5.ico
c:\windows\system32\images\Fl�che bas.ico
c:\windows\system32\images\Fl�che haut.ico
c:\windows\system32\TZLog.log
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SOFTWARE_UPDATE
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2014-02-28 au 2014-03-31 ))))))))))))))))))))))))))))))))))))
.
.
2014-03-30 18:40 . 2014-03-30 18:49 -------- dc----w- C:\FRST
2014-03-27 21:33 . 2014-03-27 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2014-03-27 15:15 . 2014-03-27 15:15 -------- d-sh--w- c:\documents and settings\Claudine\PrivacIE
2014-03-27 14:29 . 2014-02-26 23:28 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-25 23:45 . 2014-03-25 23:45 -------- d--h--w- c:\windows\PIF
2014-03-25 22:22 . 2014-03-25 22:22 -------- d-sh--w- c:\documents and settings\Claudine\IECompatCache
2014-03-25 20:26 . 2014-03-27 20:39 -------- d-----w- c:\windows\system32\XPSViewer
2014-03-25 20:26 . 2014-03-25 20:26 -------- d-----w- c:\program files\MSBuild
2014-03-25 20:25 . 2014-03-25 20:25 -------- d-----w- c:\program files\Reference Assemblies
2014-03-25 20:25 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-03-25 20:25 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2014-03-25 20:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2014-03-25 20:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2014-03-25 20:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2014-03-25 20:25 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2014-03-25 20:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-03-24 11:24 . 2001-08-17 19:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2014-03-24 11:24 . 2001-08-17 19:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2014-03-24 11:24 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2014-03-24 11:23 . 2008-04-13 10:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2014-03-24 11:23 . 2001-08-23 16:47 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2014-03-24 11:23 . 2001-08-17 20:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2014-03-24 11:18 . 2014-03-24 11:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2014-03-24 11:16 . 2014-03-24 11:16 -------- d-sh--w- c:\documents and settings\Claudine\IETldCache
2014-03-24 10:26 . 2014-02-24 11:45 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-03-24 10:26 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2014-03-24 10:25 . 2014-02-24 11:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2014-03-24 10:25 . 2014-02-24 11:45 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2014-03-24 10:22 . 2014-03-24 10:24 -------- dc-h--w- c:\windows\ie8
2014-03-22 22:05 . 2014-03-22 22:05 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\PCHealth
2014-03-21 10:21 . 2014-03-21 10:21 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2014-03-21 10:21 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-21 10:07 . 2014-03-21 10:07 -------- d-----w- c:\windows\ERUNT
2014-03-20 17:29 . 2014-03-28 11:11 -------- d-----w- c:\documents and settings\Administrateur
2014-03-20 15:54 . 2014-03-20 15:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2014-03-20 15:54 . 2014-03-21 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2014-03-20 15:54 . 2014-03-20 15:54 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\MFAData
2014-03-20 15:54 . 2014-03-20 15:54 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\Avg2014
2014-03-20 15:09 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2014-03-20 14:01 . 2014-03-20 14:01 411552 ----a-w- c:\windows\system32\drivers\bfnxpwhj.sys
2014-03-20 13:17 . 2014-03-20 13:17 -------- d--h--w- c:\program files\CCleaner
2014-03-20 10:05 . 2014-03-20 10:05 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\AviraResume
2014-03-20 08:55 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2014-03-20 08:55 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2014-03-20 08:55 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2014-03-20 08:53 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2014-03-20 08:52 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2014-03-20 08:51 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2014-03-20 08:45 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2014-03-20 08:42 . 2001-08-23 16:46 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2014-03-20 08:42 . 2001-08-17 19:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2014-03-20 08:42 . 2001-08-23 16:46 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2014-03-20 08:42 . 2001-08-17 19:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2014-03-20 08:41 . 2013-07-04 07:33 2030592 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2014-03-20 08:41 . 2013-07-04 07:34 2072192 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2014-03-20 08:40 . 2008-04-13 18:07 607452 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2014-03-20 08:40 . 2001-08-23 16:00 728554 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2014-03-20 08:40 . 2001-08-17 20:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2014-03-20 08:40 . 2001-08-17 19:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2014-03-20 08:40 . 2001-08-17 19:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2014-03-20 08:40 . 2001-08-17 19:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2014-03-20 08:40 . 2001-08-23 16:00 16384 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2014-03-20 08:40 . 2008-04-13 10:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2014-03-20 08:40 . 2001-08-23 15:59 26922 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2014-03-20 08:40 . 2001-08-17 19:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2014-03-20 08:38 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2014-03-20 08:37 . 2001-08-17 20:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2014-03-20 08:36 . 2008-04-13 17:59 28544 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2014-03-20 08:35 . 2001-08-17 20:50 144896 -c--a-w- c:\windows\system32\dllcache\epcfw2k.sys
2014-03-20 08:34 . 2001-08-23 16:47 135252 -c--a-w- c:\windows\system32\dllcache\digidbp.dll
2014-03-20 08:33 . 2008-04-13 10:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2014-03-20 08:32 . 2001-08-17 21:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2014-03-20 08:32 . 2001-08-17 21:04 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2014-03-20 08:32 . 2001-08-17 21:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2014-03-20 08:32 . 2001-08-23 16:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2014-03-20 08:32 . 2001-08-17 19:11 31529 -c--a-w- c:\windows\system32\dllcache\brzwlan.sys
2014-03-20 08:32 . 2001-08-17 20:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2014-03-20 08:32 . 2001-08-17 20:12 11008 -c--a-w- c:\windows\system32\dllcache\brusbmdm.sys
2014-03-20 08:32 . 2001-08-17 20:12 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys
2014-03-20 08:32 . 2001-08-23 16:46 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2014-03-20 08:32 . 2001-08-23 16:46 5120 -c--a-w- c:\windows\system32\dllcache\brscnrsm.dll
2014-03-20 08:32 . 2001-08-23 16:01 39808 -c--a-w- c:\windows\system32\dllcache\brparwdm.sys
2014-03-20 08:30 . 2001-08-23 16:46 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
2014-03-20 08:29 . 2001-08-23 16:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2014-03-20 08:29 . 2013-07-04 07:34 2151936 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2014-03-20 08:25 . 2004-08-19 17:09 221184 ----a-w- c:\windows\system32\wmpns.dll
2014-03-20 08:07 . 2008-04-13 18:33 412160 ------w- c:\windows\system32\photometadatahandler.dll
2014-03-20 08:06 . 2007-04-02 10:26 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2014-03-20 08:05 . 2008-04-13 18:33 49152 -c--a-w- c:\windows\system32\dllcache\agentmpx.dll
2014-03-20 08:04 . 2008-04-13 18:33 36864 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2014-03-20 08:04 . 2008-04-13 18:34 142848 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2014-03-20 08:04 . 2008-04-13 18:31 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll
2014-03-20 08:04 . 2007-04-02 10:26 20992 -c--a-w- c:\windows\system32\dllcache\agt0816.dll
2014-03-20 08:04 . 2008-04-13 18:33 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2014-03-20 08:04 . 2008-04-13 18:33 109568 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2014-03-20 08:04 . 2008-04-13 18:33 334336 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2014-03-20 08:04 . 2008-04-13 18:33 24064 -c--a-w- c:\windows\system32\dllcache\agentpsh.dll
2014-03-20 08:04 . 2008-04-13 18:33 24064 -c--a-w- c:\windows\system32\dllcache\agentanm.dll
2014-03-20 08:04 . 2014-03-20 08:08 -------- d-----w- c:\windows\ServicePackFiles
2014-03-20 08:01 . 2008-04-13 10:56 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2014-03-19 18:07 . 2014-03-25 19:10 -------- d--h--w- c:\program files\Update Software
2014-03-19 18:07 . 2014-03-19 18:07 -------- d--h--w- c:\program files\Retro PC Calculator
2014-03-19 17:55 . 2014-03-19 17:55 -------- d-----w- c:\documents and settings\Claudine\Application Data\SUPERAntiSpyware.com
2014-03-19 16:39 . 2014-03-20 13:17 -------- d--h--w- c:\program files\Google
2014-03-19 16:39 . 2014-03-19 16:39 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\Google
2014-03-19 14:55 . 2014-03-19 14:55 426 ----a-w- c:\documents and settings\Claudine\Autoexec.bat
2014-03-11 15:46 . 2014-03-11 15:46 82432 ----a-w- c:\documents and settings\Claudine\Application Data\Microsoft\MSXML2\msxml4r.dll
2014-03-11 15:46 . 2014-03-11 15:46 44544 ----a-w- c:\documents and settings\Claudine\Application Data\Microsoft\MSXML2\msxml4a.dll
2014-03-11 15:46 . 2014-03-11 15:46 1275392 ----a-w- c:\documents and settings\Claudine\Application Data\Microsoft\MSXML2\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-24 11:45 . 2006-12-13 12:46 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2006-12-13 12:46 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2006-12-13 12:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:44 . 2006-12-13 12:45 18944 ------w- c:\windows\system32\corpol.dll
2014-02-24 10:55 . 2006-12-13 12:45 385024 ------w- c:\windows\system32\html.iec
2014-02-07 06:36 . 2006-12-13 12:49 1879168 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:54 . 2004-08-19 17:09 563712 ----a-w- c:\windows\system32\qedit.dll
2014-01-04 03:12 . 2006-12-13 12:46 420864 ----a-w- c:\windows\system32\vbscript.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Claudine\Menu D�marrer\Programmes\D�marrage\
IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2011-2-26 112128]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-w- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:34 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [21/03/2014 12:21 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2014 12:21 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2014 12:21 22856]
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'T�ches planifi�es'
.
2014-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-19 16:39]
.
2014-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-19 16:39]
.
2014-03-31 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - � la connexion.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-03-27 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://google.fr
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Claudine\Application Data\Mozilla\Firefox\Profiles\ap5vuvxy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-31 14:50
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2014-03-31 14:54:26 - La machine a red�marr�
ComboFix-quarantined-files.txt 2014-03-31 12:54
.
Avant-CF: 1�718�288�384 octets libres
Apr�s-CF: 1�811�640�320 octets libres
.
- - End Of File - - 2C1AEAFAD6D4EDBB0E3675BDC972792C
C99C3199CFAA4CBDCD91493F6D113A50
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.767.291 [GMT 2:00]
Lanc� depuis: c:\documents and settings\Claudine\Mes documents\T�l�chargements\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\documents and settings\Claudine\Application Data\18904020-a82b-435d-6163-5e37bbae0aef
c:\documents and settings\Claudine\Application Data\18904020-a82b-435d-6163-5e37bbae0aef\status.cfg
c:\documents and settings\Claudine\Application Data\18904020-a82b-435d-6163-5e37bbae0aef\Updater.xml
c:\documents and settings\Claudine\WINDOWS
c:\windows\system32\images
c:\windows\system32\images\+ DOSSIER UTILISE PAR LE PROGRAMME 'ENREGISTREZ SOUS EDITEUR'
c:\windows\system32\images\1.ico
c:\windows\system32\images\2.ico
c:\windows\system32\images\3.ico
c:\windows\system32\images\4.ico
c:\windows\system32\images\5.ico
c:\windows\system32\images\Fl�che bas.ico
c:\windows\system32\images\Fl�che haut.ico
c:\windows\system32\TZLog.log
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SOFTWARE_UPDATE
.
.
((((((((((((((((((((((((((((( Fichiers cr��s du 2014-02-28 au 2014-03-31 ))))))))))))))))))))))))))))))))))))
.
.
2014-03-30 18:40 . 2014-03-30 18:49 -------- dc----w- C:\FRST
2014-03-27 21:33 . 2014-03-27 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2014-03-27 15:15 . 2014-03-27 15:15 -------- d-sh--w- c:\documents and settings\Claudine\PrivacIE
2014-03-27 14:29 . 2014-02-26 23:28 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-25 23:45 . 2014-03-25 23:45 -------- d--h--w- c:\windows\PIF
2014-03-25 22:22 . 2014-03-25 22:22 -------- d-sh--w- c:\documents and settings\Claudine\IECompatCache
2014-03-25 20:26 . 2014-03-27 20:39 -------- d-----w- c:\windows\system32\XPSViewer
2014-03-25 20:26 . 2014-03-25 20:26 -------- d-----w- c:\program files\MSBuild
2014-03-25 20:25 . 2014-03-25 20:25 -------- d-----w- c:\program files\Reference Assemblies
2014-03-25 20:25 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-03-25 20:25 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2014-03-25 20:25 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2014-03-25 20:25 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2014-03-25 20:25 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2014-03-25 20:25 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2014-03-25 20:25 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-03-24 11:24 . 2001-08-17 19:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2014-03-24 11:24 . 2001-08-17 19:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2014-03-24 11:24 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2014-03-24 11:23 . 2008-04-13 10:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2014-03-24 11:23 . 2001-08-23 16:47 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2014-03-24 11:23 . 2001-08-17 20:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2014-03-24 11:18 . 2014-03-24 11:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2014-03-24 11:16 . 2014-03-24 11:16 -------- d-sh--w- c:\documents and settings\Claudine\IETldCache
2014-03-24 10:26 . 2014-02-24 11:45 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-03-24 10:26 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2014-03-24 10:25 . 2014-02-24 11:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2014-03-24 10:25 . 2014-02-24 11:45 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2014-03-24 10:22 . 2014-03-24 10:24 -------- dc-h--w- c:\windows\ie8
2014-03-22 22:05 . 2014-03-22 22:05 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\PCHealth
2014-03-21 10:21 . 2014-03-21 10:21 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2014-03-21 10:21 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-21 10:07 . 2014-03-21 10:07 -------- d-----w- c:\windows\ERUNT
2014-03-20 17:29 . 2014-03-28 11:11 -------- d-----w- c:\documents and settings\Administrateur
2014-03-20 15:54 . 2014-03-20 15:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2014-03-20 15:54 . 2014-03-21 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2014-03-20 15:54 . 2014-03-20 15:54 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\MFAData
2014-03-20 15:54 . 2014-03-20 15:54 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\Avg2014
2014-03-20 15:09 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2014-03-20 14:01 . 2014-03-20 14:01 411552 ----a-w- c:\windows\system32\drivers\bfnxpwhj.sys
2014-03-20 13:17 . 2014-03-20 13:17 -------- d--h--w- c:\program files\CCleaner
2014-03-20 10:05 . 2014-03-20 10:05 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\AviraResume
2014-03-20 08:55 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2014-03-20 08:55 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2014-03-20 08:55 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2014-03-20 08:53 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2014-03-20 08:52 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2014-03-20 08:51 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2014-03-20 08:45 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2014-03-20 08:42 . 2001-08-23 16:46 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2014-03-20 08:42 . 2001-08-17 19:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2014-03-20 08:42 . 2001-08-23 16:46 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2014-03-20 08:42 . 2001-08-17 19:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2014-03-20 08:41 . 2013-07-04 07:33 2030592 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2014-03-20 08:41 . 2013-07-04 07:34 2072192 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2014-03-20 08:40 . 2008-04-13 18:07 607452 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2014-03-20 08:40 . 2001-08-23 16:00 728554 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2014-03-20 08:40 . 2001-08-17 20:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2014-03-20 08:40 . 2001-08-17 19:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2014-03-20 08:40 . 2001-08-17 19:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2014-03-20 08:40 . 2001-08-17 19:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2014-03-20 08:40 . 2001-08-23 16:00 16384 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2014-03-20 08:40 . 2008-04-13 10:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2014-03-20 08:40 . 2001-08-23 15:59 26922 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2014-03-20 08:40 . 2001-08-17 19:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2014-03-20 08:38 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2014-03-20 08:37 . 2001-08-17 20:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2014-03-20 08:36 . 2008-04-13 17:59 28544 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2014-03-20 08:35 . 2001-08-17 20:50 144896 -c--a-w- c:\windows\system32\dllcache\epcfw2k.sys
2014-03-20 08:34 . 2001-08-23 16:47 135252 -c--a-w- c:\windows\system32\dllcache\digidbp.dll
2014-03-20 08:33 . 2008-04-13 10:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2014-03-20 08:32 . 2001-08-17 21:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2014-03-20 08:32 . 2001-08-17 21:04 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2014-03-20 08:32 . 2001-08-17 21:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2014-03-20 08:32 . 2001-08-23 16:02 14080 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2014-03-20 08:32 . 2001-08-17 19:11 31529 -c--a-w- c:\windows\system32\dllcache\brzwlan.sys
2014-03-20 08:32 . 2001-08-17 20:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2014-03-20 08:32 . 2001-08-17 20:12 11008 -c--a-w- c:\windows\system32\dllcache\brusbmdm.sys
2014-03-20 08:32 . 2001-08-17 20:12 60416 -c--a-w- c:\windows\system32\dllcache\brserwdm.sys
2014-03-20 08:32 . 2001-08-23 16:46 9728 -c--a-w- c:\windows\system32\dllcache\brserif.dll
2014-03-20 08:32 . 2001-08-23 16:46 5120 -c--a-w- c:\windows\system32\dllcache\brscnrsm.dll
2014-03-20 08:32 . 2001-08-23 16:01 39808 -c--a-w- c:\windows\system32\dllcache\brparwdm.sys
2014-03-20 08:30 . 2001-08-23 16:46 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
2014-03-20 08:29 . 2001-08-23 16:46 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2014-03-20 08:29 . 2013-07-04 07:34 2151936 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2014-03-20 08:25 . 2004-08-19 17:09 221184 ----a-w- c:\windows\system32\wmpns.dll
2014-03-20 08:07 . 2008-04-13 18:33 412160 ------w- c:\windows\system32\photometadatahandler.dll
2014-03-20 08:06 . 2007-04-02 10:26 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2014-03-20 08:05 . 2008-04-13 18:33 49152 -c--a-w- c:\windows\system32\dllcache\agentmpx.dll
2014-03-20 08:04 . 2008-04-13 18:33 36864 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2014-03-20 08:04 . 2008-04-13 18:34 142848 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2014-03-20 08:04 . 2008-04-13 18:31 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll
2014-03-20 08:04 . 2007-04-02 10:26 20992 -c--a-w- c:\windows\system32\dllcache\agt0816.dll
2014-03-20 08:04 . 2008-04-13 18:33 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2014-03-20 08:04 . 2008-04-13 18:33 109568 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2014-03-20 08:04 . 2008-04-13 18:33 334336 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2014-03-20 08:04 . 2008-04-13 18:33 24064 -c--a-w- c:\windows\system32\dllcache\agentpsh.dll
2014-03-20 08:04 . 2008-04-13 18:33 24064 -c--a-w- c:\windows\system32\dllcache\agentanm.dll
2014-03-20 08:04 . 2014-03-20 08:08 -------- d-----w- c:\windows\ServicePackFiles
2014-03-20 08:01 . 2008-04-13 10:56 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2014-03-19 18:07 . 2014-03-25 19:10 -------- d--h--w- c:\program files\Update Software
2014-03-19 18:07 . 2014-03-19 18:07 -------- d--h--w- c:\program files\Retro PC Calculator
2014-03-19 17:55 . 2014-03-19 17:55 -------- d-----w- c:\documents and settings\Claudine\Application Data\SUPERAntiSpyware.com
2014-03-19 16:39 . 2014-03-20 13:17 -------- d--h--w- c:\program files\Google
2014-03-19 16:39 . 2014-03-19 16:39 -------- d-----w- c:\documents and settings\Claudine\Local Settings\Application Data\Google
2014-03-19 14:55 . 2014-03-19 14:55 426 ----a-w- c:\documents and settings\Claudine\Autoexec.bat
2014-03-11 15:46 . 2014-03-11 15:46 82432 ----a-w- c:\documents and settings\Claudine\Application Data\Microsoft\MSXML2\msxml4r.dll
2014-03-11 15:46 . 2014-03-11 15:46 44544 ----a-w- c:\documents and settings\Claudine\Application Data\Microsoft\MSXML2\msxml4a.dll
2014-03-11 15:46 . 2014-03-11 15:46 1275392 ----a-w- c:\documents and settings\Claudine\Application Data\Microsoft\MSXML2\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-24 11:45 . 2006-12-13 12:46 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2006-12-13 12:46 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2006-12-13 12:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:44 . 2006-12-13 12:45 18944 ------w- c:\windows\system32\corpol.dll
2014-02-24 10:55 . 2006-12-13 12:45 385024 ------w- c:\windows\system32\html.iec
2014-02-07 06:36 . 2006-12-13 12:49 1879168 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:54 . 2004-08-19 17:09 563712 ----a-w- c:\windows\system32\qedit.dll
2014-01-04 03:12 . 2006-12-13 12:46 420864 ----a-w- c:\windows\system32\vbscript.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les �l�ments vides & les �l�ments initiaux l�gitimes ne sont pas list�s
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Claudine\Menu D�marrer\Programmes\D�marrage\
IcoSauve.lnk - c:\windows\system32\IcoSauve.exe [2011-2-26 112128]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-w- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 18:34 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [21/03/2014 12:21 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/03/2014 12:21 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/03/2014 12:21 22856]
.
--- Autres Services/Pilotes en m�moire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'T�ches planifi�es'
.
2014-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-19 16:39]
.
2014-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-03-19 16:39]
.
2014-03-31 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP - � la connexion.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
2014-03-27 c:\windows\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job
- c:\windows\system32\xp_eos.exe [2014-03-27 23:28]
.
.
------- Examen suppl�mentaire -------
.
uStart Page = hxxp://google.fr
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Claudine\Application Data\Mozilla\Firefox\Profiles\ap5vuvxy.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-31 14:50
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cach�s ...
.
Recherche d'�l�ments en d�marrage automatique cach�s ...
.
Recherche de fichiers cach�s ...
.
Scan termin� avec succ�s
Fichiers cach�s: 0
.
**************************************************************************
.
--------------------- DLLs charg�es dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2014-03-31 14:54:26 - La machine a red�marr�
ComboFix-quarantined-files.txt 2014-03-31 12:54
.
Avant-CF: 1�718�288�384 octets libres
Apr�s-CF: 1�811�640�320 octets libres
.
- - End Of File - - 2C1AEAFAD6D4EDBB0E3675BDC972792C
C99C3199CFAA4CBDCD91493F6D113A50