ComboFix 11-06-19.0r1 - Accueil 21/06/2011  16:02:26.6.1 - x86
Microsoft Windows XP dition familiale  5.1.2600.3.1252.33.1036.18.1022.522 [GMT 2:00]
Lanc depuis: c:\documents and settings\Accueil\Mes documents\Tlchargements\ComboFix.exe
Commutateurs utiliss :: c:\documents and settings\Accueil\Bureau\CFScript.txt
AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Pare-feu *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
FILE ::
"c:\windows\_dsC.tmp"
"c:\windows\system32\bda8B.tmp"
"c:\windows\system32\roboot.exe"
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\_dsC.tmp
c:\windows\system32\bda8B.tmp
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((((((((   Fichiers crs du 2011-05-21 au 2011-06-21  ))))))))))))))))))))))))))))))))))))
.
.
2011-06-19 12:51 . 2011-06-19 15:02	7168	----a-w-	c:\windows\system32\drivers\ute3mjk3.sys
2011-06-18 17:17 . 2011-06-18 17:17	--------	d-----w-	c:\documents and settings\Accueil\Application Data\Malwarebytes
2011-06-18 17:17 . 2011-06-18 17:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-18 17:17 . 2011-06-19 18:27	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-18 12:53 . 2011-06-18 12:53	--------	d-----w-	c:\documents and settings\Accueil\Local Settings\Application Data\Help
2011-06-17 10:40 . 2010-10-19 20:51	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-06-17 10:00 . 2011-06-17 10:58	2408	----a-w-	c:\windows\system32\ASOROSet.bin
2011-06-17 09:25 . 2011-06-17 13:36	--------	d-----w-	c:\documents and settings\Accueil\Application Data\Systweak
2011-06-17 09:23 . 2011-06-17 09:23	--------	d-----w-	c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-17 09:19 . 2011-06-17 09:23	--------	dc----w-	c:\documents and settings\All Users\Application Data\~0
2011-06-17 09:18 . 2011-06-17 09:18	--------	d-----w-	c:\documents and settings\Accueil\Local Settings\Application Data\PackageAware
2011-06-16 16:45 . 2011-04-14 16:47	142296	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-16 16:44 . 2011-04-14 16:47	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-16 16:44 . 2011-04-14 16:47	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-16 16:44 . 2011-04-14 16:47	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-06-16 16:44 . 2011-04-14 16:47	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-16 16:44 . 2011-04-14 16:47	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-06-16 16:44 . 2010-01-01 08:00	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-06-16 16:44 . 2010-01-01 08:00	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-06-16 15:31 . 2011-06-16 15:31	--------	d-----w-	c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2011-06-16 13:39 . 2011-06-16 13:39	--------	d-----w-	c:\program files\Microsoft.NET
2011-06-16 13:22 . 2011-06-16 13:22	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2011-06-16 13:19 . 2011-06-16 13:40	--------	d-----w-	c:\windows\SHELLNEW
2011-06-16 13:19 . 2011-06-16 13:19	--------	d-----w-	c:\documents and settings\Accueil\Local Settings\Application Data\Microsoft Help
2011-06-16 13:18 . 2011-06-16 15:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2011-06-16 13:17 . 2011-06-16 13:17	--------	d-----r-	C:\MSOCache
2011-06-15 19:18 . 2011-06-19 09:08	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype Extras
2011-06-15 19:17 . 2011-06-15 19:17	--------	d-----w-	c:\program files\Fichiers communs\Skype
2011-06-15 18:38 . 2011-04-21 13:37	105472	-c----w-	c:\windows\system32\dllcache\mup.sys
2011-06-15 18:34 . 2011-06-15 18:39	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2011-06-07 10:35 . 2011-06-07 10:35	103864	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 10:35 . 2011-06-07 10:35	103864	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 15:31 . 2010-02-06 14:21	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2006-03-02 12:00	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06 . 2006-03-02 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2006-03-02 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2006-03-02 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-03-02 12:00	385024	----a-w-	c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-03-02 12:00	105472	----a-w-	c:\windows\system32\drivers\mup.sys
2009-07-31 11:07 . 2010-07-17 13:51	208896	----a-w-	c:\program files\DjVuViewer.exe
2009-07-31 11:07 . 2010-07-17 13:51	372736	----a-w-	c:\program files\djvu0409.dll
2009-07-31 11:07 . 2010-07-17 13:51	667648	----a-w-	c:\program files\DjVuCntl.dll
2009-07-31 11:06 . 2010-07-17 13:51	1654784	----a-w-	c:\program files\npdjvu.dll
2000-12-08 08:42 . 2010-07-17 13:44	2154496	------w-	c:\program files\DjVuSolo.exe
2011-04-14 16:47 . 2011-06-16 16:45	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\~0 ----
.
2011-06-17 09:19 . 2011-06-08 08:32	590523	-c----w-	c:\documents and settings\All Users\Application Data\~0\mia.lib
2011-06-17 09:19 . 2011-06-08 08:32	3293536	-c----w-	c:\documents and settings\All Users\Application Data\~0\bm_installer.exe
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les lments vides & les lments initiaux lgitimes ne sont pas lists 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2010-08-31 16:15	257384	----a-w-	c:\program files\AlterGeo\AlterGeo Magic Scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-08 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"WebCallDirect"="c:\program files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe" [2010-12-21 13053240]
"BudgetSip"="c:\program files\BudgetSip.com\BudgetSip\BudgetSip.exe" [2010-11-09 11739440]
"12Voip"="c:\program files\12Voip.com\12Voip\12Voip.exe" [2010-12-18 12898088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-03 1385472]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo x3\LvAgent.exe" [2008-07-16 1029408]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2011-06-15 1198048]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Guard.Mail.ru.gui"="c:\program files\Mail.Ru\Guard\GuardMailRu.exe" [2011-01-28 1041088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-01 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Accueil\Menu Dmarrer\Programmes\Dmarrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
setup_9.0.0.722_24.02.2010_00-06.lnk - c:\documents and settings\Accueil\Bureau\Virus Removal Tool\setup_9.0.0.722_24.02.2010_00-06\startup.exe [N/A]
_uninst_setup_9.0.0.722_09.01.2011_10-39.exe.lnk - c:\documents and settings\Accueil\Local Settings\Temp\_uninst_setup_9.0.0.722_09.01.2011_10-39.exe.bat [N/A]
_uninst_setup_9.0.0.722_10.12.2010_10-22.exe.lnk - c:\documents and settings\Accueil\Local Settings\Temp\_uninst_setup_9.0.0.722_10.12.2010_10-22.exe.bat [N/A]
_uninst_setup_9.0.0.722_13.09.2010_12-24.exe.lnk - c:\documents and settings\Accueil\Local Settings\Temp\_uninst_setup_9.0.0.722_13.09.2010_12-24.exe.bat [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"=
"c:\\Program Files\\NetAppel.com\\NetAppel\\NetAppel.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VoipZoom.com\\VoipZoom\\VoipZoom.exe"=
"c:\\Program Files\\WebCallDirect.com\\WebCallDirect\\WebCallDirect.exe"=
"c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Program Files\\BudgetSip.com\\BudgetSip\\BudgetSip.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R0 80692522;80692522 Boot Guard Driver;c:\windows\system32\drivers\80692522.sys [09/01/2011 12:21 37392]
R0 83556002;83556002 Boot Guard Driver;c:\windows\system32\drivers\83556002.sys [24/02/2010 01:55 37392]
R1 80692521;80692521;c:\windows\system32\drivers\80692521.sys [09/01/2011 12:21 128016]
R1 83556001;83556001;c:\windows\system32\drivers\83556001.sys [24/02/2010 01:55 128016]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [19/01/2010 19:32 85128]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [03/02/2010 13:57 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [04/01/2010 19:41 111312]
S1 MpKsl108a1ba8;MpKsl108a1ba8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl108a1ba8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl108a1ba8.sys [?]
S1 MpKsl10eb0043;MpKsl10eb0043;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl10eb0043.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl10eb0043.sys [?]
S1 MpKsl2e551c5d;MpKsl2e551c5d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{485683AB-0254-4D32-94F6-FE838D3D6994}\MpKsl2e551c5d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{485683AB-0254-4D32-94F6-FE838D3D6994}\MpKsl2e551c5d.sys [?]
S1 MpKsl3fd34714;MpKsl3fd34714;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl3fd34714.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl3fd34714.sys [?]
S1 MpKsl5e88d6d7;MpKsl5e88d6d7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl5e88d6d7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl5e88d6d7.sys [?]
S1 MpKslb7218639;MpKslb7218639;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{485683AB-0254-4D32-94F6-FE838D3D6994}\MpKslb7218639.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{485683AB-0254-4D32-94F6-FE838D3D6994}\MpKslb7218639.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx	REG_MULTI_SZ   	scan
.
Contenu du dossier 'Tches planifies'
.
2011-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:50]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:50]
.
.
------- Examen supplmentaire -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter  la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prvisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Translate with ABBYY Lingvo x&3 - c:\program files\ABBYY Lingvo x3\Lingvo.exe/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Accueil\Application Data\Mozilla\Firefox\Profiles\0e6gdmfa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/portail
FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-21 16:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachs ... 
.
Recherche d'lments en dmarrage automatique cachs ... 
.
Recherche de fichiers cachs ... 
.
Scan termin avec succs
Fichiers cachs: 0
.
**************************************************************************
.
--------------------- DLLs charges dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2404)
c:\program files\ABBYY Lingvo x3\LvHook.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroSearchBar.dll
c:\program files\Fichiers communs\Ahead\Lib\MFC71U.DLL
c:\program files\Fichiers communs\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Fichiers communs\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Heure de fin: 2011-06-21  16:28:12 - La machine a redmarr
ComboFix-quarantined-files.txt  2011-06-21 14:28
ComboFix2.txt  2011-06-20 15:33
ComboFix3.txt  2011-06-20 15:13
ComboFix4.txt  2011-06-20 07:42
.
Avant-CF: 78958374912 octets libres
Aprs-CF: 79092752384 octets libres
.
- - End Of File - - A78D75CED5E544CC910F6F5A9ECCDF3E
