ComboFix 13-04-15.01 - Gomez 15/04/2013  17:16:10.1.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1006.514 [GMT 2:00]
Lancé depuis: c:\documents and settings\Gomez\Bureau\Combo.exe
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\118300.34
c:\documents and settings\Gomez\Local Settings\Application Data\ejmvuqul.log
c:\documents and settings\Gomez\Local Settings\Application Data\faqjqqcl.log
c:\documents and settings\Gomez\Local Settings\Application Data\gagyoxfc.log
c:\documents and settings\Gomez\Local Settings\Application Data\jshqwjlg.log
c:\documents and settings\Gomez\Local Settings\Application Data\qykwoggx.log
c:\documents and settings\Gomez\Local Settings\Application Data\suetbfkf.log
c:\documents and settings\Gomez\Local Settings\Application Data\uainrrtb\ddaacrdr.exe
c:\documents and settings\Gomez\Local Settings\Application Data\Updater19962\Updater19962.exe
c:\documents and settings\Gomez\Local Settings\Application Data\wgtjgohd.log
c:\documents and settings\Gomez\luqgnkqpcxaepwuxusruz.exe
c:\documents and settings\Gomez\Menu Démarrer\Programmes\Démarrage\ddaacrdr.exe
c:\documents and settings\Gomez\yyuzgrbyqkhkxb.exe
c:\documents and settings\LocalService\Application Data\b8a724de-60fd-4b33-9ae5-ae5671c27fb4ad
c:\documents and settings\LocalService\Application Data\b8a724de-60fd-4b33-9ae5-ae5671c27fb4ad\badefdbaeaecfbad.exe
c:\documents and settings\NetworkService\Application Data\b8a724de-60fd-4b33-9ae5-ae5671c27fb4ad
c:\documents and settings\NetworkService\Application Data\b8a724de-60fd-4b33-9ae5-ae5671c27fb4ad\badefdbaeaecfbad.exe
c:\program files\TelevisionFanaticEI
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Aide en ligne de commande.txt
c:\program files\xp-AntiSpy\uninst.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\system\oeminfo.ini
c:\windows\system32\drivers\30b51fc98b15f5f7.sys
c:\windows\system32\muzapp.exe
c:\windows\system32\roboot.exe
c:\windows\system32\SET84.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\VM305Cap.exe
F:\install.exe
.
Une copie infectée de c:\windows\system32\Drivers\Volsnap.sys a été trouvée et désinfectée 
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\volsnap.sys
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_30b51fc98b15f5f7
-------\Service_30b51fc98b15f5f7
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-03-15 au 2013-04-15  ))))))))))))))))))))))))))))))))))))
.
.
2013-04-14 06:09 . 2013-04-14 06:09	--------	d-----w-	c:\documents and settings\Gomez\Local Settings\Application Data\Sun
2013-04-13 18:44 . 2013-04-13 18:43	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-11 19:44 . 2013-04-14 19:48	--------	d-----w-	C:\Pre_Scan
2013-04-11 18:04 . 2013-04-11 18:04	388096	----a-r-	c:\documents and settings\Gomez\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-11 10:39 . 2013-04-15 15:20	--------	d-----w-	c:\documents and settings\Gomez\Local Settings\Application Data\uainrrtb
2013-04-10 21:44 . 2013-04-11 05:43	--------	d-----w-	C:\rsit
2013-04-10 20:50 . 2013-04-10 20:50	--------	d-----w-	c:\program files\TeaTimer (Spybot - Search & Destroy)
2013-04-10 20:50 . 2013-04-10 20:50	--------	d-----w-	c:\program files\SDHelper (Spybot - Search & Destroy)
2013-04-10 20:50 . 2013-04-10 20:50	--------	d-----w-	c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2013-04-10 20:50 . 2013-04-10 20:50	--------	d-----w-	c:\program files\File Scanner Library (Spybot - Search & Destroy)
2013-04-10 20:01 . 2013-04-10 20:13	--------	d-----w-	c:\documents and settings\Gomez\Application Data\FIXIO PC Utilities
2013-04-08 17:06 . 2013-04-08 17:20	--------	d-----w-	C:\Ad-Remover
2013-04-08 16:29 . 2013-04-08 16:29	--------	d-----w-	c:\documents and settings\Administrateur
2013-04-08 16:13 . 2013-03-06 22:32	228600	----a-w-	c:\windows\system32\aswBoot.exe
2013-04-07 17:45 . 2013-04-10 20:32	--------	d-----w-	c:\documents and settings\Gomez\Application Data\Noenda
2013-04-07 17:45 . 2013-04-10 20:31	--------	d-----w-	c:\documents and settings\Gomez\Application Data\Oqyxka
2013-04-07 17:45 . 2013-04-07 17:45	--------	d-----w-	c:\documents and settings\Gomez\Application Data\Cuwaom
2013-04-06 21:14 . 2013-04-06 21:14	--------	d-----w-	C:\b8a724de-60fd-4b33-9ae5-ae5671c27fb4ad
2013-04-05 21:36 . 2013-04-05 21:36	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2013-04-05 19:18 . 2013-04-11 20:09	--------	d-----w-	c:\documents and settings\Gomez\Application Data\b8a724de-60fd-4b33-9ae5-ae5671c27fb4ad
2013-04-01 19:23 . 2013-04-01 19:23	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-01 19:23 . 2013-04-01 19:23	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 19:33 . 2012-06-06 17:21	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-14 19:33 . 2011-07-03 15:16	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-13 18:43 . 2010-05-05 08:06	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-04-04 12:50 . 2010-06-10 18:20	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-13 18:27 . 2013-03-13 18:27	15859416	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2013-02-12 00:32 . 2008-04-13 18:56	12928	------w-	c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-03-02 12:00	12928	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-05 19:56 . 2006-03-02 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2013-02-05 19:56 . 2006-03-02 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-02-05 19:56 . 2006-03-02 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-02-05 05:54 . 2006-03-02 12:00	385024	----a-w-	c:\windows\system32\html.iec
2013-01-26 03:55 . 2006-03-02 12:00	552448	----a-w-	c:\windows\system32\oleaut32.dll
2012-06-14 22:19 . 2012-07-12 16:14	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-07-12 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-12 311350]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-08-04 28739]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-04-19 9125888]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]
Rappels du Calendrier Microsoft Works.lnk - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-12 24633]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:33	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2006-04-19 15:40	9125888	----a-w-	c:\program files\Intel Audio Studio\IntelAudioStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50	155648	-c--a-w-	c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-03-09 07:29	7561216	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-03-09 07:29	86016	-c--a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-03-09 07:29	1519616	-c--a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-20 07:00	282624	-c----w-	c:\program files\SigmaTel\C-Major Audio\STACGUI\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [08/07/2007 14:20 217208]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Gomez\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Gomez\LOCALS~1\Temp\CFcatchme.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [26/06/2010 07:27 36608]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [18/11/2006 13:51 391688]
.
Contenu du dossier 'Tâches planifiées'
.
2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 19:33]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:51]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 17:51]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mSearch bar = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Gomez\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\documents and settings\Gomez\Application Data\Mozilla\Firefox\Profiles\d0mhjd2r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.accentice.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-10 21:51; SpecialSavings@SpecialSavings.com; c:\documents and settings\Gomez\Application Data\Mozilla\Firefox\Profiles\d0mhjd2r.default\extensions\SpecialSavings@SpecialSavings.com
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-Updater19962.exe - c:\documents and settings\Gomez\Local Settings\Application Data\Updater19962\Updater19962.exe
HKCU-Run-DdaAcrdr - c:\documents and settings\Gomez\Local Settings\Application Data\uainrrtb\ddaacrdr.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_01\bin\jusched.exe
AddRemove-LeTarot (Java Edition) 1.1.3 - c:\program files\Java\jre6\bin\javaw.exe
AddRemove-Supreme Savings - c:\program files\Supreme Savings\Uninstall.exe
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-15 17:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\CLBCATQ.DLL
.
- - - - - - - > 'explorer.exe'(3728)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\ATKKBService.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
.
**************************************************************************
.
Heure de fin: 2013-04-15  17:27:39 - La machine a redémarré
ComboFix-quarantined-files.txt  2013-04-15 15:27
.
Avant-CF: 3 761 676 288 octets libres
Après-CF: 4 197 855 232 octets libres
.
- - End Of File - - 749C17A9156EAD6A751465902112B844