alex29

bonjour,j'avoue utiliser internet en touriste et ne comprend donc que les fonctions élémentaires de l'informatique... apres avoir avoir ete hameçonné par security central ,j'ai telecharge combofix sur les conseils trouves sur un autre forum qui me conseillais de lancer combofix en mode sans echec ,ce que j'ai fais et n'ai pas pris la peine de soliciter l'interpretation du rapport pensant que le scan avait fait le travail ... j'ai effectue plusieurs scans sur le meme principe et me demande donc si je n'ai pas commis trop de bevues; je vous soumet le dernier rapport du scan effectue hier dans l'attente d'un diagnostic. merci d'avance: ComboFix 10-06-03.01 - controle 03/01/2003 13:19:04.13.1 - FAT32x86 NETWORK Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.278 [GMT 1:00] Lancé depuis: c:\documents and settings\controle\Bureau\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100422-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Exécution préalable ------- . c:\documents and settings\PictureViewer.Resources\PictureViewer.dll c:\documents and settings\PictureViewer.Resources\PictureViewer.qtr c:\documents and settings\Plugins\npqtplugin.dll c:\documents and settings\Plugins\npqtplugin2.dll c:\documents and settings\Plugins\npqtplugin3.dll c:\documents and settings\Plugins\npqtplugin4.dll c:\documents and settings\Plugins\npqtplugin5.dll c:\documents and settings\Plugins\npqtplugin6.dll c:\documents and settings\Plugins\npqtplugin7.dll c:\documents and settings\PropertyPanels\PanelHelperBase.qpa c:\documents and settings\PropertyPanels\PropPanelHelpers.qpa c:\documents and settings\QTSystem\AppleProResDecoder.qtx c:\documents and settings\QTSystem\CoreVideo.qtx c:\documents and settings\QTSystem\ExportController.exe c:\documents and settings\QTSystem\ExportControllerPS.dll c:\documents and settings\QTSystem\QTCF.dll c:\documents and settings\QTSystem\QTJavaNative.dll c:\documents and settings\QTSystem\QTJNative.dll c:\documents and settings\QTSystem\QTMLClient.dll c:\documents and settings\QTSystem\QuickTime.qts c:\documents and settings\QTSystem\QuickTime3GPP.qtx c:\documents and settings\QTSystem\QuickTime3GPPAuthoring.qtx c:\documents and settings\QTSystem\QuickTimeAudioSupport.qtx c:\documents and settings\QTSystem\QuickTimeAuthoring.qtx c:\documents and settings\QTSystem\QuickTimeCapture.qtx c:\documents and settings\QTSystem\QuickTimeCheck.ocx c:\documents and settings\QTSystem\QuickTimeEffects.qtx c:\documents and settings\QTSystem\QuickTimeEssentials.qtx c:\documents and settings\QTSystem\QuickTimeH264.qtx c:\documents and settings\QTSystem\QuickTimeImage.qtx c:\documents and settings\QTSystem\QuickTimeInternetExtras.qtx c:\documents and settings\QTSystem\QuickTimeJavaExtras.qtx c:\documents and settings\QTSystem\QuickTimeMPEG.qtx c:\documents and settings\QTSystem\QuickTimeMPEG4.qtx c:\documents and settings\QTSystem\QuickTimeMPEG4Authoring.qtx c:\documents and settings\QTSystem\QuickTimeMusic.qtx c:\documents and settings\QTSystem\QuickTimeMusicalInstruments.qtx c:\documents and settings\QTSystem\QuickTimeStreaming.qtx c:\documents and settings\QTSystem\QuickTimeStreamingAuthoring.qtx c:\documents and settings\QTSystem\QuickTimeStreamingExtras.qtx c:\documents and settings\QTSystem\QuickTimeUpdateHelper.exe c:\documents and settings\QTSystem\QuickTimeVR.qtx c:\documents and settings\QTSystem\QuickTimeVRAuthoring.qtx c:\documents and settings\QTSystem\QuickTimeWebHelper.qtx c:\documents and settings\QuickTimePlayer.Resources\QuickTimePlayer.qtr c:\windows\system\winspool.drv -- Exécution préalable -- c:\windows\system32\msgsvc.dll . . . est infecté!! -------- c:\windows\system32\msgsvc.dll . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2002-12-03 au 2003-01-03 )))))))))))))))))))))))))))))))))))) . 2010-06-02 14:51 . 2010-06-02 14:51 -------- d-----w- C:\FOUND.009 2010-05-31 07:25 . 2010-05-31 07:26 4088832 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold_fr.exe 2010-05-30 13:25 . 2010-05-30 13:25 503808 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d5ebf16-n\msvcp71.dll 2010-05-30 13:25 . 2010-05-30 13:25 499712 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d5ebf16-n\jmc.dll 2010-05-30 13:25 . 2010-05-30 13:25 348160 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4d5ebf16-n\msvcr71.dll 2010-05-30 13:25 . 2010-05-30 13:25 61440 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-77317de4-n\decora-sse.dll 2010-05-30 13:25 . 2010-05-30 13:25 12800 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-77317de4-n\decora-d3d.dll 2010-05-14 08:29 . 2010-03-26 09:33 43008 ----a-w- c:\documents and settings\controle\Application Data\Mozilla\Firefox\Profiles\krudqwtl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-05-14 08:29 . 2010-03-26 09:33 339456 ----a-w- c:\documents and settings\controle\Application Data\Mozilla\Firefox\Profiles\krudqwtl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-05-14 08:29 . 2010-03-26 09:32 346112 ----a-w- c:\documents and settings\controle\Application Data\Mozilla\Firefox\Profiles\krudqwtl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-05-14 08:29 . 2010-03-26 09:33 1496064 ----a-w- c:\documents and settings\controle\Application Data\Mozilla\Firefox\Profiles\krudqwtl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-04-03 20:02 . 2010-04-03 20:02 503808 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b866c6b-n\msvcp71.dll 2010-04-03 20:02 . 2010-04-03 20:02 499712 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b866c6b-n\jmc.dll 2010-04-03 20:02 . 2010-04-03 20:02 348160 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b866c6b-n\msvcr71.dll 2010-04-03 20:02 . 2010-04-03 20:02 61440 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-17e24411-n\decora-sse.dll 2010-04-03 20:02 . 2010-04-03 20:02 12800 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-17e24411-n\decora-d3d.dll 2010-04-03 20:01 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-03-23 08:24 . 2010-03-23 08:24 -------- d-----w- C:\FOUND.006 2010-03-22 14:33 . 2010-03-22 14:34 8405312 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2010-03-22 14:31 . 2010-03-22 14:31 149000 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe 2010-03-22 14:30 . 2010-03-22 14:31 10309448 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe 2010-03-22 14:28 . 2010-03-22 14:28 79368 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\RUP\vista.exe 2010-03-22 14:28 . 2010-03-22 14:28 64000 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll 2010-03-22 14:28 . 2010-03-22 14:28 52288 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll 2010-03-22 14:28 . 2010-03-22 14:28 50688 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll 2010-03-22 14:28 . 2010-03-22 14:28 49152 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll 2010-03-22 14:28 . 2010-03-22 14:28 118784 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll 2010-03-22 06:27 . 2010-05-31 07:26 443912 ----a-w- c:\documents and settings\controle\Application Data\Real\Update\setup3.10\setup.exe 2010-03-12 05:31 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-03-07 06:49 . 2010-03-07 06:49 -------- d-----w- C:\FOUND.004 2010-03-05 19:31 . 2010-03-05 19:31 -------- d-----w- c:\program files\dl 2010-03-05 19:31 . 1996-11-05 15:13 299008 ----a-w- c:\windows\uninst.exe 2010-03-05 19:30 . 2010-03-05 19:30 -------- d-----w- c:\documents and settings\controle\WINDOWS 2010-03-05 06:17 . 2010-03-05 06:17 -------- d-sh--w- c:\documents and settings\controle\IECompatCache 2010-02-25 13:37 . 2010-01-21 16:24 52224 ----a-w- c:\documents and settings\controle\Application Data\Mozilla\Firefox\Profiles\krudqwtl.default\extensions\{d5b75883-e809-4120-bfeb-8d707d5dfbe3}\components\FFExternalAlert.dll 2010-02-25 13:37 . 2010-01-21 16:24 101376 ----a-w- c:\documents and settings\controle\Application Data\Mozilla\Firefox\Profiles\krudqwtl.default\extensions\{d5b75883-e809-4120-bfeb-8d707d5dfbe3}\components\RadioWMPCore.dll 2010-02-17 12:24 . 2010-02-17 12:24 -------- d-----w- C:\FOUND.003 2010-02-17 11:23 . 2010-02-17 11:23 -------- d-----w- C:\FOUND.002 2010-02-17 11:17 . 2010-02-17 11:17 -------- d-----w- C:\FOUND.001 2010-02-17 11:14 . 2010-02-17 11:14 -------- d-----w- C:\FOUND.000 2010-02-16 15:14 . 2010-02-16 15:14 -------- d-----w- c:\program files\LogiEscalier 2010-02-13 09:25 . 2010-02-13 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Boole & Partners 2010-02-13 09:25 . 2010-02-13 09:25 -------- d-----w- c:\program files\Boole & Partners 2010-02-12 05:34 . 2010-02-12 05:34 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll 2010-02-06 17:26 . 2010-02-06 17:26 -------- d-----w- c:\program files\CCleaner 2010-02-06 17:24 . 2010-02-06 17:24 -------- d-----w- c:\program files\Replay Converter 2010-02-03 16:35 . 2010-02-03 16:35 -------- d-----w- c:\program files\Fichiers communs\xing shared 2010-02-02 08:53 . 2010-02-02 08:53 -------- d-----w- c:\program files\7-Zip 2010-02-01 09:05 . 2010-02-01 09:05 -------- d-----w- c:\program files\Trend Micro 2010-01-31 18:55 . 2010-01-31 18:55 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared 2010-01-28 12:11 . 2010-01-28 12:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Recherche_France 2010-01-28 12:09 . 2010-01-28 12:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2010-01-28 06:42 . 2010-01-28 06:42 -------- d-----w- c:\program files\SpeedBit Video Downloader 2010-01-27 07:49 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll 2010-01-27 07:49 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2010-01-27 07:49 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2010-01-27 07:49 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll 2010-01-27 07:49 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2010-01-27 07:49 . 2010-01-05 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-01-27 07:49 . 2010-01-27 07:49 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-01-26 19:25 . 2010-01-26 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit 2010-01-26 19:25 . 2010-01-26 19:25 -------- d-----w- c:\program files\DAP 2010-01-26 14:27 . 2010-01-26 14:27 -------- d-----w- c:\documents and settings\controle\Application Data\Apple Computer 2010-01-26 14:20 . 2010-01-26 14:20 -------- d-----w- c:\documents and settings\controle\Local Settings\Application Data\Apple Computer 2010-01-26 14:09 . 2010-01-26 14:09 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-01-26 14:09 . 2010-01-26 14:09 -------- d-----w- c:\documents and settings\controle\Local Settings\Application Data\Apple 2010-01-26 14:09 . 2010-01-26 14:09 -------- d-----w- c:\program files\Apple Software Update 2010-01-26 14:09 . 2010-01-26 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-01-25 11:09 . 2010-01-25 11:09 -------- d-----w- c:\documents and settings\controle\Application Data\Media Player Classic 2010-01-25 06:33 . 2010-01-25 06:33 -------- d-----w- c:\program files\MediaCoder 2010-01-24 11:00 . 2007-05-17 16:30 318976 ----a-w- c:\windows\system32\avisynth.dll 2010-01-24 11:00 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll 2010-01-24 11:00 . 2005-11-02 14:52 -------- d-----w- c:\program files\AviSynth 2.5 2010-01-24 11:00 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2010-01-24 11:00 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll 2010-01-23 10:46 . 2010-01-23 10:46 -------- d-----w- c:\documents and settings\controle\Application Data\GRETECH 2010-01-23 10:46 . 2010-01-23 10:46 -------- d-----w- c:\program files\GRETECH 2010-01-22 17:16 . 2010-01-22 17:16 1956072 ----a-w- c:\documents and settings\controle\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-01-21 17:19 . 2010-01-21 17:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-01-20 18:27 . 2010-01-20 18:27 -------- d-----w- c:\program files\eMule 2010-01-19 19:37 . 2010-01-19 19:37 -------- d-sh--w- c:\documents and settings\controle\PrivacIE 2010-01-19 19:37 . 2010-01-19 19:37 -------- d-----w- c:\program files\Conduit 2010-01-19 19:37 . 2010-01-19 19:37 -------- d-----w- c:\documents and settings\controle\Local Settings\Application Data\Recherche_France 2010-01-19 19:37 . 2010-01-19 19:37 -------- d-----w- c:\documents and settings\controle\Local Settings\Application Data\Conduit 2010-01-19 19:37 . 2010-01-19 19:37 -------- d-----w- c:\program files\Recherche_France 2010-01-19 10:29 . 2010-01-19 10:29 1924744 ----a-w- c:\documents and settings\controle\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-01-18 15:07 . 2010-01-18 15:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-01-18 14:46 . 2010-01-18 14:46 -------- d-----w- c:\documents and settings\controle\Local Settings\Application Data\Temp 2010-01-18 13:46 . 2010-01-18 13:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-01-18 13:40 . 2010-01-18 13:40 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-01-18 06:32 . 2010-01-18 06:32 -------- d-sh--w- c:\documents and settings\controle\IETldCache 2010-01-18 06:20 . 2010-02-25 07:17 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll 2010-01-18 06:20 . 2010-02-25 07:17 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2010-01-18 06:19 . 2010-01-18 06:19 -------- d-----w- c:\windows\ie8updates 2010-01-18 06:19 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2010-01-18 06:16 . 2010-01-18 06:16 -------- d--h--w- c:\windows\ie8 2010-01-17 12:08 . 2009-11-21 15:58 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-17 11:59 . 2009-10-15 16:32 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2010-01-17 11:59 . 2009-10-15 16:32 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2010-01-17 11:58 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2010-01-17 11:54 . 2010-01-29 16:00 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2010-01-15 14:01 . 2010-01-15 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-01-15 14:01 . 2010-01-15 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-01-15 11:23 . 2003-01-01 22:29 79488 ----a-w- c:\documents and settings\controle\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-01-13 15:01 . 2010-01-13 15:01 87040 ------w- c:\windows\system32\dllcache\cabview.dll 2010-01-08 22:42 . 2010-01-08 22:42 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-12-24 08:00 . 2009-12-24 08:00 177664 ------w- c:\windows\system32\dllcache\wintrust.dll 2009-12-17 07:41 . 2009-12-17 07:41 347648 ------w- c:\windows\system32\dllcache\mspaint.exe 2009-12-14 07:09 . 2009-12-14 07:09 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll 2009-11-27 17:13 . 2009-11-27 17:13 17920 ------w- c:\windows\system32\dllcache\msyuv.dll 2009-11-27 16:08 . 2009-11-27 16:08 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll 2009-11-27 16:08 . 2009-11-27 16:08 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll 2009-11-27 16:08 . 2009-11-27 16:08 11264 ------w- c:\windows\system32\dllcache\msrle32.dll 2009-11-27 12:44 . 2007-04-09 12:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2009-11-27 12:44 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll 2009-11-27 12:41 . 2009-11-27 12:41 -------- d-----w- c:\windows\SHELLNEW 2009-11-27 12:40 . 2009-11-27 12:41 -------- d-----w- c:\program files\Microsoft.NET 2009-11-10 22:35 . 2009-11-10 22:35 1230112 ----a-w- c:\documents and settings\QuickTimePlayer.exe 2009-11-10 22:34 . 2009-11-10 22:34 7865632 ----a-w- c:\documents and settings\QuickTimePlayer.dll 2009-11-10 22:34 . 2009-11-10 22:34 369952 ----a-w- c:\documents and settings\QTUIPanelControl.dll 2009-11-10 22:34 . 2009-11-10 22:34 894240 ----a-w- c:\documents and settings\QTOControl.dll 2009-11-10 22:34 . 2009-11-10 22:34 820512 ----a-w- c:\documents and settings\QTOLibrary.dll 2009-11-10 22:34 . 2009-11-10 22:34 800032 ----a-w- c:\documents and settings\QTInfo.exe 2009-11-10 22:08 . 2009-11-10 22:08 417792 ----a-w- c:\documents and settings\QTTask.exe 2009-11-10 22:08 . 2009-11-10 22:08 935850 ----a-w- c:\documents and settings\QTSystem\QTJava.zip . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-10 07:16 . 2004-08-05 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 07:17 . 2005-07-03 02:16 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 14:11 . 2005-01-19 04:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 20:07 . 2005-03-02 18:07 2148352 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 20:06 . 2005-03-02 18:08 2026496 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 10:03 . 2002-12-31 23:04 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 05:34 . 2004-08-05 04:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 13:02 . 2004-08-05 04:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-01-29 16:00 . 2004-08-05 04:00 691712 ----a-w- c:\windows\system32\inetcomm.dll 2010-01-26 14:21 . 2010-01-26 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-01-13 15:01 . 2004-08-05 04:00 87040 ----a-w- c:\windows\system32\cabview.dll 2009-12-31 16:50 . 2005-05-10 00:17 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-24 08:00 . 2004-08-05 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2009-12-17 07:41 . 2004-08-05 04:00 347648 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:09 . 2004-08-05 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-11-27 17:13 . 2004-08-05 04:00 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 17:13 . 2004-08-05 04:00 1297920 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 16:08 . 2004-08-05 04:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:08 . 2004-08-05 04:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:08 . 2004-08-05 04:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:08 . 2004-08-05 04:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:08 . 2004-08-05 04:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-21 15:58 . 2004-08-05 04:00 471552 ----a-w- c:\windows\AppPatch\AcLayers.dll 2009-10-21 05:39 . 2004-08-05 04:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2004-08-05 04:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-05 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-15 16:32 . 2004-08-05 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-10-15 16:32 . 2004-08-05 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-10-13 10:33 . 2004-08-05 04:00 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2004-08-05 04:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:39 . 2004-08-05 04:00 150528 ----a-w- c:\windows\system32\rastls.dll 2009-09-11 14:18 . 2004-08-05 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:04 . 2004-08-05 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-26 08:01 . 2004-08-05 04:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 09:18 . 2004-08-05 04:00 354816 ----a-w- c:\windows\system32\winhttp.dll 2009-08-14 15:14 . 2005-03-02 18:07 1850752 ----a-w- c:\windows\system32\win32k.sys 2009-08-06 18:24 . 2004-08-05 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 18:24 . 2004-08-05 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 18:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 18:24 . 2004-08-05 04:00 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 18:24 . 2004-08-05 04:00 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 18:24 . 2004-08-05 04:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 18:23 . 2004-08-05 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 18:23 . 2004-08-05 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:00 . 2004-08-05 04:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-31 09:03 . 2008-04-14 03:33 1372672 ------w- c:\windows\system32\msxml6.dll 2009-07-31 04:33 . 2004-08-05 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2009-07-17 19:03 . 2004-08-05 04:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 16:16 . 2004-08-05 04:00 1440768 ----a-w- c:\windows\system32\query.dll 2009-07-14 00:15 . 2003-09-30 14:08 685056 ----a-w- c:\windows\system32\divx.dll 2009-07-13 22:43 . 2004-08-05 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-25 08:26 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:26 . 2004-10-28 01:24 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2004-08-05 04:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-08-05 04:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-08-05 04:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-24 11:18 . 2004-08-05 04:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-15 10:44 . 2005-05-11 02:30 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 08:21 . 2004-08-05 04:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-05 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-05-07 16:33 . 2004-08-05 04:00 348672 ----a-w- c:\windows\system32\localspl.dll 2009-04-15 15:53 . 2004-08-05 04:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-01 22:02 . 2004-08-05 04:00 604160 ----a-w- c:\windows\system32\wmspdmod.dll 2009-03-08 03:34 . 2004-08-05 04:00 43008 ----a-w- c:\windows\system32\licmgr10.dll 2009-03-08 03:33 . 2004-08-05 04:00 18944 ----a-w- c:\windows\system32\corpol.dll 2009-03-08 03:32 . 2004-08-05 04:00 72704 ----a-w- c:\windows\system32\admparse.dll 2009-03-08 03:32 . 2004-08-05 04:00 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-03-08 03:31 . 2004-08-05 04:00 34816 ----a-w- c:\windows\system32\imgutil.dll 2009-03-08 03:31 . 2004-08-05 04:00 48128 ----a-w- c:\windows\system32\mshtmler.dll 2009-03-08 03:31 . 2004-08-05 04:00 45568 ----a-w- c:\windows\system32\mshta.exe 2009-03-08 03:22 . 2004-08-05 04:00 156160 ----a-w- c:\windows\system32\msls31.dll 2009-03-06 15:20 . 2004-08-05 04:00 286720 ----a-w- c:\windows\system32\pdh.dll 2009-02-09 12:23 . 2004-08-05 04:00 111104 ------w- c:\windows\system32\services.exe 2009-02-09 11:53 . 2005-04-28 19:32 401408 ------w- c:\windows\system32\rpcss.dll 2009-02-09 11:53 . 2004-08-05 04:00 739840 ----a-w- c:\windows\system32\ntdll.dll 2009-02-09 11:53 . 2004-08-05 04:00 685568 ----a-w- c:\windows\system32\advapi32.dll 2009-02-09 11:53 . 2004-08-05 04:00 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-02-09 11:53 . 2004-08-05 04:00 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll 2009-02-06 11:39 . 2004-08-05 04:00 35328 ----a-w- c:\windows\system32\sc.exe 2009-02-06 11:10 . 2004-08-05 04:00 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe 2009-01-07 17:21 . 2005-02-24 12:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2008-10-28 07:35 . 2005-11-02 14:53 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2008-10-23 12:36 . 2004-08-05 04:00 286720 ----a-w- c:\windows\system32\gdi32.dll 2008-08-14 11:04 . 2004-08-05 04:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2008-07-07 21:28 . 2004-08-05 04:00 253952 ------w- c:\windows\system32\es.dll 2008-06-24 17:44 . 2005-06-29 01:49 74240 ----a-w- c:\windows\system32\mscms.dll 2008-06-24 17:12 . 2006-10-18 20:47 295936 ------w- c:\windows\system32\wmpeffects.dll 2008-06-20 18:47 . 2004-08-05 04:00 247808 ------w- c:\windows\system32\mswsock.dll 2008-06-20 12:51 . 2004-08-05 04:00 361600 ------w- c:\windows\system32\drivers\tcpip.sys 2008-06-18 04:03 . 2004-08-05 04:00 938496 ----a-w- c:\windows\system32\WMNetmgr.dll 2008-06-18 00:09 . 2004-08-05 04:00 100864 ----a-w- c:\windows\system32\logagent.exe 2008-06-12 15:22 . 2004-08-05 04:00 956928 ----a-w- c:\windows\system32\msdtctm.dll 2008-06-12 15:22 . 2004-08-05 04:00 91648 ----a-w- c:\windows\system32\mtxoci.dll 2008-06-12 15:22 . 2004-08-05 04:00 66560 ----a-w- c:\windows\system32\mtxclu.dll 2008-06-12 15:22 . 2004-08-05 04:00 428032 ----a-w- c:\windows\system32\msdtcprx.dll 2008-06-12 15:22 . 2004-08-05 04:00 161792 ----a-w- c:\windows\system32\msdtcuiu.dll 2008-06-12 15:22 . 2004-08-05 04:00 58880 ----a-w- c:\windows\system32\msdtclog.dll 2008-05-09 10:55 . 2004-08-05 04:00 90112 ----a-w- c:\windows\system32\wshext.dll 2008-05-09 10:55 . 2004-08-05 04:00 180224 ----a-w- c:\windows\system32\scrobj.dll 2008-05-09 10:55 . 2004-08-05 04:00 172032 ----a-w- c:\windows\system32\scrrun.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{d5b75883-e809-4120-bfeb-8d707d5dfbe3}"= "c:\program files\Recherche_France\tbRec1.dll" [2010-02-16 2349080] [HKEY_CLASSES_ROOT\clsid\{d5b75883-e809-4120-bfeb-8d707d5dfbe3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d5b75883-e809-4120-bfeb-8d707d5dfbe3}] 2010-02-16 19:03 2349080 ----a-w- c:\program files\Recherche_France\tbRec1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{d5b75883-e809-4120-bfeb-8d707d5dfbe3}"= "c:\program files\Recherche_France\tbRec1.dll" [2010-02-16 2349080] [HKEY_CLASSES_ROOT\clsid\{d5b75883-e809-4120-bfeb-8d707d5dfbe3}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D5B75883-E809-4120-BFEB-8D707D5DFBE3}"= "c:\program files\Recherche_France\tbRec1.dll" [2010-02-16 2349080] [HKEY_CLASSES_ROOT\clsid\{d5b75883-e809-4120-bfeb-8d707d5dfbe3}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-26 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "SiSPower"="SiSPower.dll" [2005-07-13 49152] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312] "QuickTime Task"="c:\documents and settings\QTTask.exe" [2009-11-10 417792] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2010-02-03 198160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-8-2 262144] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Documents and Settings\\CONTROLE\\Mes documents\\Autre utilisateur\\utorrent.exe"= "c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mpc-hc.exe"= "c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21057:TCP"= 21057:TCP:emule "45812:UDP"= 45812:UDP:emule udp "16591:TCP"= 16591:TCP:emule tcp "10125:UDP"= 10125:UDP:emule udp "36338:TCP"= 36338:TCP:torrent R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/04/2008 09:20 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/04/2008 09:20 20560] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/01/2010 14:41 135664] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - INT15.SYS . Contenu du dossier 'Tâches planifiées' 2003-01-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-11 20:22] 2003-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 13:40] 2010-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 13:40] 2010-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-06-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://search.speedbit.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b47d5dbb178a4fa1863b9c6ad4b72418 IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b47d5dbb178a4fa1863b9c6ad4b72418 FF - ProfilePath - c:\documents and settings\controle\Application Data\Mozilla\Firefox\Profiles\krudqwtl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2297721&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Recherche France Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr FF - component: c:\documents and settings\controle\Application Data\Mozilla\Firefox\Profiles\krudqwtl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\controle\Application Data\Mozilla\Firefox\Profiles\krudqwtl.default\extensions\{d5b75883-e809-4120-bfeb-8d707d5dfbe3}\components\FFExternalAlert.dll FF - component: c:\documents and settings\controle\Application Data\Mozilla\Firefox\Profiles\krudqwtl.default\extensions\{d5b75883-e809-4120-bfeb-8d707d5dfbe3}\components\RadioWMPCore.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2003-01-03 13:26 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(4056) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\SOUNDMAN.EXE c:\windows\system32\dllhost.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Heure de fin: 2003-01-03 13:30:54 - La machine a redémarré ComboFix-quarantined-files.txt 2003-01-03 12:30 ComboFix2.txt 2003-01-01 23:20 ComboFix3.txt 2003-01-02 15:49 ComboFix4.txt 2003-01-01 22:14 ComboFix5.txt 2003-01-01 05:17 Avant-CF: 19 360 317 440 octets libres Après-CF: 18 875 023 360 octets libres - - End Of File - - 68D5E346836E5FC5C092A37279123770