ComboFix 11-06-17.04 - Accueil 20/06/2011 9:35.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.573 [GMT 2:00] Lancé depuis: c:\documents and settings\Accueil\Mes documents\TÚlÚchargements\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: BitDefender Pare-feu *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Accueil\Application Data\OfferBox c:\documents and settings\Accueil\Application Data\OfferBox\config.xml c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . ----- BITS: Il y a peut-être des sites infectés ----- . hxxp://au.download.wind . ((((((((((((((((((((((((((((( Fichiers créés du 2011-05-20 au 2011-06-20 )))))))))))))))))))))))))))))))))))) . . 2011-06-20 06:53 . 2011-06-20 06:53 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslcbd9cf49.sys 2011-06-19 20:00 . 2011-06-19 20:00 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl10eb0043.sys 2011-06-19 19:54 . 2011-06-19 19:54 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl5c588189.sys 2011-06-19 18:33 . 2011-06-19 18:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslc40be1ac.sys 2011-06-19 18:27 . 2011-06-19 18:27 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl44e955e2.sys 2011-06-19 17:25 . 2011-06-19 17:25 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl1383b918.sys 2011-06-19 15:26 . 2011-06-19 15:26 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl9a46be98.sys 2011-06-19 15:22 . 2011-06-19 15:22 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl7e8ddab9.sys 2011-06-19 14:14 . 2011-06-19 14:14 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslc3e3c8e0.sys 2011-06-19 14:05 . 2011-06-19 14:05 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslebb08828.sys 2011-06-19 14:00 . 2011-06-19 14:00 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl794763d2.sys 2011-06-19 12:51 . 2011-06-19 15:02 7168 ----a-w- c:\windows\system32\drivers\ute3mjk3.sys 2011-06-19 12:38 . 2011-06-19 12:38 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl3cec93f7.sys 2011-06-19 12:34 . 2011-06-19 12:34 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl540d26f3.sys 2011-06-19 12:28 . 2011-06-19 12:28 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl6b34b7ce.sys 2011-06-19 12:14 . 2011-06-19 12:14 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslaa770c1e.sys 2011-06-19 12:02 . 2011-06-19 12:02 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslf402e760.sys 2011-06-19 11:59 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\mpengine.dll 2011-06-18 20:47 . 2011-06-18 20:47 565923 ----a-w- c:\windows\system32\bda8B.tmp 2011-06-18 17:17 . 2011-06-18 17:17 -------- d-----w- c:\documents and settings\Accueil\Application Data\Malwarebytes 2011-06-18 17:17 . 2011-06-18 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-06-18 17:17 . 2011-06-19 18:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-18 12:53 . 2011-06-18 12:53 -------- d-----w- c:\documents and settings\Accueil\Local Settings\Application Data\Help 2011-06-18 11:11 . 2011-05-09 11:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-06-17 10:40 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-06-17 10:00 . 2011-06-17 10:58 2408 ----a-w- c:\windows\system32\ASOROSet.bin 2011-06-17 09:35 . 2011-06-17 09:37 -------- d-----w- c:\program files\Microsoft Security Client 2011-06-17 09:25 . 2011-06-17 13:36 -------- d-----w- c:\documents and settings\Accueil\Application Data\Systweak 2011-06-17 09:24 . 2011-05-27 15:51 17280 ----a-w- c:\windows\system32\roboot.exe 2011-06-17 09:23 . 2011-06-17 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} 2011-06-17 09:19 . 2011-06-17 09:23 -------- dc----w- c:\documents and settings\All Users\Application Data\~0 2011-06-17 09:18 . 2011-06-17 09:18 -------- d-----w- c:\documents and settings\Accueil\Local Settings\Application Data\PackageAware 2011-06-16 16:45 . 2011-04-14 16:47 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-06-16 16:44 . 2011-04-14 16:47 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-06-16 16:44 . 2011-04-14 16:47 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-06-16 16:44 . 2011-04-14 16:47 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-06-16 16:44 . 2011-04-14 16:47 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-06-16 16:44 . 2011-04-14 16:47 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-06-16 16:44 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-06-16 16:44 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-06-16 15:31 . 2011-06-16 15:31 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help 2011-06-16 13:39 . 2011-06-16 13:39 -------- d-----w- c:\program files\Microsoft.NET 2011-06-16 13:22 . 2011-06-16 13:22 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-06-16 13:19 . 2011-06-16 13:40 -------- d-----w- c:\windows\SHELLNEW 2011-06-16 13:19 . 2011-06-16 13:19 -------- d-----w- c:\documents and settings\Accueil\Local Settings\Application Data\Microsoft Help 2011-06-16 13:18 . 2011-06-16 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2011-06-16 13:17 . 2011-06-16 13:17 -------- d-----r- C:\MSOCache 2011-06-15 19:18 . 2011-06-19 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras 2011-06-15 19:17 . 2011-06-15 19:17 -------- d-----w- c:\program files\Fichiers communs\Skype 2011-06-15 18:38 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-15 18:34 . 2011-06-15 18:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-02 15:31 . 2010-02-06 14:21 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:06 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:06 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:06 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2006-03-02 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-03-28 08:09 . 2011-03-28 08:09 40960 ----a-w- c:\windows\_dsC.tmp 2009-07-31 11:07 . 2010-07-17 13:51 208896 ----a-w- c:\program files\DjVuViewer.exe 2009-07-31 11:07 . 2010-07-17 13:51 372736 ----a-w- c:\program files\djvu0409.dll 2009-07-31 11:07 . 2010-07-17 13:51 667648 ----a-w- c:\program files\DjVuCntl.dll 2009-07-31 11:06 . 2010-07-17 13:51 1654784 ----a-w- c:\program files\npdjvu.dll 2000-12-08 08:42 . 2010-07-17 13:44 2154496 ------w- c:\program files\DjVuSolo.exe 2011-04-14 16:47 . 2011-06-16 16:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}] 2010-08-31 16:15 257384 ----a-w- c:\program files\AlterGeo\AlterGeo Magic Scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-08 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "WebCallDirect"="c:\program files\WebCallDirect.com\WebCallDirect\WebCallDirect.exe" [2010-12-21 13053240] "BudgetSip"="c:\program files\BudgetSip.com\BudgetSip\BudgetSip.exe" [2010-11-09 11739440] "12Voip"="c:\program files\12Voip.com\12Voip\12Voip.exe" [2010-12-18 12898088] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-03 1385472] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "Lingvo Launcher"="c:\program files\ABBYY Lingvo x3\LvAgent.exe" [2008-07-16 1029408] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2011-06-15 1198048] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Guard.Mail.ru.gui"="c:\program files\Mail.Ru\Guard\GuardMailRu.exe" [2011-01-28 1041088] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-01 421160] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Accueil\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] setup_9.0.0.722_24.02.2010_00-06.lnk - c:\documents and settings\Accueil\Bureau\Virus Removal Tool\setup_9.0.0.722_24.02.2010_00-06\startup.exe [N/A] _uninst_setup_9.0.0.722_09.01.2011_10-39.exe.lnk - c:\documents and settings\Accueil\Local Settings\Temp\_uninst_setup_9.0.0.722_09.01.2011_10-39.exe.bat [N/A] _uninst_setup_9.0.0.722_10.12.2010_10-22.exe.lnk - c:\documents and settings\Accueil\Local Settings\Temp\_uninst_setup_9.0.0.722_10.12.2010_10-22.exe.bat [N/A] _uninst_setup_9.0.0.722_13.09.2010_12-24.exe.lnk - c:\documents and settings\Accueil\Local Settings\Temp\_uninst_setup_9.0.0.722_13.09.2010_12-24.exe.bat [N/A] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\12Voip.com\\12Voip\\12Voip.exe"= "c:\\Program Files\\NetAppel.com\\NetAppel\\NetAppel.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\VoipZoom.com\\VoipZoom\\VoipZoom.exe"= "c:\\Program Files\\WebCallDirect.com\\WebCallDirect\\WebCallDirect.exe"= "c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"= "c:\\Program Files\\BudgetSip.com\\BudgetSip\\BudgetSip.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= . R0 80692522;80692522 Boot Guard Driver;c:\windows\system32\drivers\80692522.sys [09/01/2011 12:21 37392] R0 83556002;83556002 Boot Guard Driver;c:\windows\system32\drivers\83556002.sys [24/02/2010 01:55 37392] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/02/2010 22:09 691696] R1 80692521;80692521;c:\windows\system32\drivers\80692521.sys [09/01/2011 12:21 128016] R1 83556001;83556001;c:\windows\system32\drivers\83556001.sys [24/02/2010 01:55 128016] R1 MpKsl1383b918;MpKsl1383b918;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl1383b918.sys [19/06/2011 19:25 28752] R1 MpKsl3cec93f7;MpKsl3cec93f7;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl3cec93f7.sys [19/06/2011 14:38 28752] R1 MpKsl44e955e2;MpKsl44e955e2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl44e955e2.sys [19/06/2011 20:27 28752] R1 MpKsl540d26f3;MpKsl540d26f3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl540d26f3.sys [19/06/2011 14:34 28752] R1 MpKsl5c588189;MpKsl5c588189;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl5c588189.sys [19/06/2011 21:54 28752] R1 MpKsl6b34b7ce;MpKsl6b34b7ce;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl6b34b7ce.sys [19/06/2011 14:28 28752] R1 MpKsl794763d2;MpKsl794763d2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl794763d2.sys [19/06/2011 16:00 28752] R1 MpKsl7e8ddab9;MpKsl7e8ddab9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl7e8ddab9.sys [19/06/2011 17:22 28752] R1 MpKsl9a46be98;MpKsl9a46be98;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl9a46be98.sys [19/06/2011 17:26 28752] R1 MpKslaa770c1e;MpKslaa770c1e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslaa770c1e.sys [19/06/2011 14:14 28752] R1 MpKslc3e3c8e0;MpKslc3e3c8e0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslc3e3c8e0.sys [19/06/2011 16:14 28752] R1 MpKslc40be1ac;MpKslc40be1ac;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslc40be1ac.sys [19/06/2011 20:33 28752] R1 MpKslcbd9cf49;MpKslcbd9cf49;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslcbd9cf49.sys [20/06/2011 08:53 28752] R1 MpKslebb08828;MpKslebb08828;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslebb08828.sys [19/06/2011 16:05 28752] R1 MpKslf402e760;MpKslf402e760;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKslf402e760.sys [19/06/2011 14:02 28752] R1 setup_9.0.0.722_24.02.2010_00-06drv;setup_9.0.0.722_24.02.2010_00-06drv;c:\windows\system32\drivers\8355600.sys [24/02/2010 01:55 315408] R2 ABBYY.Licensing.Lingvo.Desktop.14.0;ABBYY Lingvo x3 Licensing Service;c:\program files\Fichiers communs\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe [14/07/2008 18:10 808224] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [19/01/2010 19:32 85128] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [03/02/2010 13:57 153448] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [04/01/2010 19:41 111312] S1 MpKsl108a1ba8;MpKsl108a1ba8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl108a1ba8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl108a1ba8.sys [?] S1 MpKsl10eb0043;MpKsl10eb0043;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A17D1298-B997-40B8-BE65-4486E6420C28}\MpKsl10eb0043.sys [19/06/2011 22:00 28752] S1 MpKsl2e551c5d;MpKsl2e551c5d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{485683AB-0254-4D32-94F6-FE838D3D6994}\MpKsl2e551c5d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{485683AB-0254-4D32-94F6-FE838D3D6994}\MpKsl2e551c5d.sys [?] S1 MpKsl3fd34714;MpKsl3fd34714;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl3fd34714.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl3fd34714.sys [?] S1 MpKsl5e88d6d7;MpKsl5e88d6d7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl5e88d6d7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{285979F1-33F8-4D7A-816D-34E418EFD5C6}\MpKsl5e88d6d7.sys [?] S1 MpKslb7218639;MpKslb7218639;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{485683AB-0254-4D32-94F6-FE838D3D6994}\MpKslb7218639.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{485683AB-0254-4D32-94F6-FE838D3D6994}\MpKslb7218639.sys [?] S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Mail.Ru\Guard\GuardMailRu.exe [18/12/2010 12:19 1041088] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2010 10:50 135664] S3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19/10/2009 17:06 183880] S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [12/05/2005 17:24 260608] . --- Autres Services/Pilotes en mémoire --- . *NewlyCreated* - MPKSLCBD9CF49 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contenu du dossier 'Tâches planifiées' . 2011-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . 2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:50] . 2011-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:50] . 2011-06-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26] . 2011-06-20 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26] . . ------- Examen supplémentaire ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: Translate with ABBYY Lingvo x&3 - c:\program files\ABBYY Lingvo x3\Lingvo.exe/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Accueil\Application Data\Mozilla\Firefox\Profiles\0e6gdmfa.default\ FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/portail FF - prefs.js: keyword.URL - hxxp://go.mail.ru/search?utf8in=1&fr=fftbUFix&q= FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHELINS SUPPRIMES - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-20 09:40 Windows 5.1.2600 Service Pack 3 NTFS . Recherche de processus cachés ... . Recherche d'éléments en démarrage automatique cachés ... . Recherche de fichiers cachés ... . Scan terminé avec succès Fichiers cachés: 0 . ************************************************************************** . Heure de fin: 2011-06-20 09:42:56 ComboFix-quarantined-files.txt 2011-06-20 07:42 . Avant-CF: 78 530 117 632 octets libres Après-CF: 78 964 162 560 octets libres . WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect . - - End Of File - - 002C17754CA627FC6562FBA612661D30