ComboFix 11-03-21.02 - NEO 22/03/2011 15:29:34.2.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.239.78 [GMT 1:00] Lancé depuis: c:\documents and settings\NEO\Bureau\ComboFix.exe FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Un nouveau point de restauration a été créé . . ((((((((((((((((((((((((((((( Fichiers créés du 2011-02-22 au 2011-03-22 )))))))))))))))))))))))))))))))))))) . . 2011-03-01 12:30 . 2011-03-01 12:30 -------- d-----w- c:\program files\Wireshark 2011-03-01 12:30 . 2011-03-01 12:30 -------- d-----r- C:\cwsandbox . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2010-11-25_21.20.22 ))))))))))))))))))))))))))))))))))))))))) . + 2006-12-01 23:46 . 2006-12-01 23:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll + 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 23:08 . 2006-12-01 23:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 23:08 . 2006-12-01 23:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 23:08 . 2006-12-01 23:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 23:08 . 2006-12-01 23:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 23:26 . 2006-12-01 23:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 23:25 . 2006-12-01 23:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 21:56 . 2006-12-01 21:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2011-03-22 13:54 . 2011-03-22 13:54 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat + 2010-12-31 12:36 . 2009-05-11 09:12 28520 c:\windows\system32\drivers\ssmdrv.sys - 2010-11-19 22:52 . 2009-05-11 09:12 28520 c:\windows\system32\drivers\ssmdrv.sys - 2010-05-22 00:51 . 2010-04-29 14:39 38224 c:\windows\system32\drivers\mbamswissarmy.sys + 2010-05-22 00:51 . 2010-12-20 17:09 38224 c:\windows\system32\drivers\mbamswissarmy.sys - 2010-05-22 00:50 . 2010-04-29 14:39 20952 c:\windows\system32\drivers\mbam.sys + 2010-05-22 00:50 . 2010-12-20 17:08 20952 c:\windows\system32\drivers\mbam.sys + 2010-12-31 12:36 . 2009-05-11 11:49 22360 c:\windows\system32\drivers\avgntmgr.sys - 2010-11-19 22:52 . 2009-05-11 11:49 22360 c:\windows\system32\drivers\avgntmgr.sys + 2010-12-31 12:36 . 2010-02-16 13:24 60936 c:\windows\system32\drivers\avgntflt.sys - 2010-11-19 22:52 . 2010-11-20 07:18 60936 c:\windows\system32\drivers\avgntflt.sys - 2010-11-19 22:52 . 2009-05-11 11:49 45416 c:\windows\system32\drivers\avgntdd.sys + 2010-12-31 12:36 . 2009-05-11 11:49 45416 c:\windows\system32\drivers\avgntdd.sys + 2010-09-23 03:47 . 2010-09-23 03:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\reader_sl.exe + 2010-09-23 02:03 . 2010-09-23 02:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\eula.exe + 2010-09-23 01:52 . 2010-09-23 01:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\acrotextextractor.exe + 2010-09-22 17:12 . 2010-09-22 17:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\AcroRd32Info.exe + 2010-05-09 22:18 . 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe - 2010-05-09 22:18 . 2010-05-09 22:18 155648 c:\windows\system32\NeroCheck.exe + 2010-11-27 20:34 . 2010-11-27 20:34 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe + 2010-12-31 12:36 . 2010-03-01 09:06 124784 c:\windows\system32\drivers\avipbb.sys + 2010-12-01 21:20 . 2010-12-01 21:20 100352 c:\windows\Installer\52f9b3.msi + 2010-12-29 01:58 . 2010-12-29 01:58 689152 c:\windows\Installer\482fc9.msi + 2011-01-06 23:32 . 2011-01-06 23:32 331264 c:\windows\Installer\24595d4.msi + 2010-12-29 01:53 . 2010-12-29 01:53 371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe + 2010-09-10 17:17 . 2010-09-10 17:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\JP2KLib.dll + 2010-09-22 19:41 . 2010-09-22 19:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\AdobeCollabSync.exe + 2010-09-23 03:47 . 2010-09-23 03:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\AcroRd32.exe + 2010-09-22 17:04 . 2010-09-22 17:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\AcroPDF.dll + 2010-09-22 18:39 . 2010-09-22 18:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\acrobroker.exe + 2010-09-22 17:50 . 2010-09-22 17:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\a3dutility.exe + 2006-12-01 23:25 . 2006-12-01 23:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 23:25 . 2006-12-01 23:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2010-01-27 01:07 . 2010-11-27 20:34 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2010-12-29 01:53 . 2010-12-29 01:53 1580544 c:\windows\Installer\482fc2.msi + 2010-09-22 17:05 . 2010-09-22 17:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\rt3d.dll + 2010-06-19 16:51 . 2010-06-19 16:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\AGM.dll + 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\38a684.msp + 2010-09-23 02:03 . 2010-09-23 02:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B7449A0400000010\9.4.0\AcroRd32.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-09 3118512] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-15 395640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-30 22528] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600] "conime"="conime.exe" [2004-08-04 27648] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] . c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Fenˆtre d'‚tat de Canon LASER SHOT LBP-1120.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2002-7-30 30720] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Documents and Settings\\NEO\\Application Data\\Thinstall\\Vidal CD\\4000002400003i\\java.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/03/2010 10:23 697328] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [31/12/2010 13:36 135336] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/05/2010 14:35 26352] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [31/12/2010 13:36 337064] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [31/12/2010 13:36 405672] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [09/06/2010 01:01 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [09/06/2010 01:32 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [09/06/2010 01:32 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [09/06/2010 01:33 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [09/06/2010 01:33 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [09/06/2010 01:33 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [09/06/2010 01:33 97704] S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/03/2010 21:48 133104] S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/05/2010 14:35 493032] . Contenu du dossier 'Tâches planifiées' . 2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 20:48] . 2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-04 20:48] . . ------- Examen supplémentaire ------- . IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll FF - ProfilePath - c:\documents and settings\NEO\Application Data\Mozilla\Firefox\Profiles\ho3a8i5h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:fr:official FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - %profile%\extensions\mozilla_cc@internetdownloadmanager.com FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} FF - Ext: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - %profile%\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\NEO\Application Data\IDM\idmmzcc3 FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker . - - - - ORPHELINS SUPPRIMES - - - - . URLSearchHooks-{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - (no file) Toolbar-{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - (no file) WebBrowser-{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - (no file) HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-22 15:40 Windows 5.1.2600 Service Pack 2 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1902ec02-b3c8-4faa-a8a3-c2ad5d7431d9}] @Denied: (Full) (Everyone) "Model"=dword:00000095 "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):94,fe,f8,d3,5c,04,46,80,ad,5c,2c,ef,13,ca,7d,94,03,a5,40,fc,93, da,3c,0e,70,d4,6b,b5,9f,82,78,69,12,ff,e6,4f,11,8d,4f,8a,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{68f5f69f-6f53-4339-8117-6056275bbc9c}] @Denied: (Full) (Everyone) "Model"=dword:00000054 "Therad"=dword:00000017 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):b6,91,86,43,03,48,b6,7c,2d,84,cf,be,ae,5f,30,c1,03,b8,c3,6c,08, e7,7a,ea,07,cd,a9,a1,1d,d6,66,51,b1,93,99,55,ef,ff,95,ba,00,00,00,00,00,00,\ . --------------------- DLLs chargées dans les processus actifs --------------------- . - - - - - - - > 'lsass.exe'(592) c:\program files\Avira\AntiVir Desktop\avsda.dll . - - - - - - - > 'explorer.exe'(1008) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Heure de fin: 2011-03-22 15:47:02 ComboFix-quarantined-files.txt 2011-03-22 14:46 ComboFix2.txt 2010-11-25 21:29 . Avant-CF: 8 466 866 176 octets libres Après-CF: 9 058 193 408 octets libres . - - End Of File - - 5C4CE14C64EA501A667EAF0B566058B8