ComboFix 13-02-26.01 - immordino 27/02/2013  17:12:23.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.33.1036.18.1013.218 [GMT 1:00]
Lancé depuis: c:\users\immordino\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
c:\windows\system32\mshtml.dll . . . est infecté!!
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-01-27 au 2013-02-27  ))))))))))))))))))))))))))))))))))))
.
.
2013-02-27 16:31 . 2013-02-27 16:31	--------	d-----w-	c:\users\immordino\AppData\Local\temp
2013-02-26 20:12 . 2013-02-27 15:10	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2013-02-26 20:10 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-26 20:10 . 2013-02-26 20:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-02-22 21:30 . 2013-02-25 11:51	512	-c--a-w-	C:\PhysicalDisk0_MBR.bin
2013-02-22 21:19 . 2013-02-25 11:57	--------	dc----w-	C:\ZHP
2013-02-22 21:19 . 2013-02-25 11:55	--------	d-----w-	c:\program files\ZHPDiag
2013-02-22 20:22 . 2013-02-22 20:22	--------	d-----w-	c:\program files\Ashampoo
2013-02-22 16:45 . 2013-02-22 16:45	--------	d-----w-	c:\program files\Unlocker
2013-02-21 17:53 . 2013-02-21 17:53	--------	d-----w-	c:\program files\Common Files\Skype
2013-02-21 17:53 . 2013-02-21 17:53	--------	d-----r-	c:\program files\Skype
2013-02-21 14:42 . 2013-02-21 14:42	--------	d-sh--we	c:\windows\system32\config\systemprofile\Menu Démarrer
2013-02-21 14:42 . 2013-02-21 14:42	--------	d-sh--we	c:\windows\system32\config\systemprofile\Mes documents
2013-02-19 07:09 . 2013-01-18 11:17	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7051C2D9-74C0-4941-9346-F8514902BCB6}\mpengine.dll
2013-02-16 21:33 . 2013-02-16 21:33	--------	d-----w-	c:\program files\Astroburn Lite
2013-02-16 21:33 . 2013-02-16 21:33	--------	d-----w-	c:\programdata\Astroburn Lite
2013-02-16 21:33 . 2013-02-16 21:33	--------	d-----w-	c:\users\immordino\AppData\Roaming\Astroburn Lite
2013-02-15 16:51 . 2012-10-30 22:51	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-02-15 16:51 . 2012-10-30 22:51	361032	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-02-15 16:51 . 2012-10-30 22:51	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2013-02-15 16:51 . 2012-10-30 22:51	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-02-15 16:51 . 2012-10-30 22:51	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-02-15 16:51 . 2012-10-30 22:51	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-02-15 16:48 . 2012-10-30 22:51	41224	----a-w-	c:\windows\avastSS.scr
2013-02-15 16:48 . 2012-10-30 22:50	227648	----a-w-	c:\windows\system32\aswBoot.exe
2013-02-15 16:45 . 2013-02-15 16:45	--------	d-----w-	c:\programdata\AVAST Software
2013-02-15 16:45 . 2013-02-15 16:45	--------	d-----w-	c:\program files\AVAST Software
2013-02-13 08:55 . 2013-01-08 21:56	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-13 08:55 . 2013-01-08 22:42	149528	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-02-13 08:55 . 2013-01-08 21:58	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-02-13 08:55 . 2013-01-08 22:00	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-02-13 07:42 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 07:25 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-02-13 07:24 . 2013-01-04 11:28	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 07:24 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 07:24 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-02 15:01 . 2013-02-16 13:23	--------	d-----w-	c:\users\immordino\AppData\Roaming\TeamViewer
2013-02-02 12:09 . 2013-02-02 12:09	--------	d-----w-	c:\users\immordino\AppData\Local\Macromedia
2013-02-01 21:51 . 2013-02-01 21:51	--------	d-----w-	c:\users\immordino\AppData\Roaming\GlarySoft
2013-02-01 20:49 . 2013-02-01 20:49	--------	d-----w-	c:\program files\Glary Utilities
2013-02-01 20:34 . 2013-02-01 20:37	--------	d-----w-	c:\program files\Spybot - Search & Destroy
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 07:06 . 2012-07-23 01:52	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-02-27 07:06 . 2011-10-28 12:02	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 07:50 . 2012-07-27 00:47	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-21 07:50 . 2010-04-21 09:50	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-17 00:28 . 2010-03-11 17:44	232336	------w-	c:\windows\system32\MpSigStub.exe
2012-12-16 13:12 . 2012-12-22 08:47	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 08:47	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-10 11:01 . 2013-01-24 10:10	18360	----a-w-	c:\windows\system32\roboot.exe
2012-04-07 17:56 . 2012-04-07 17:56	3993600	----a-w-	c:\program files\GUT9EEE.tmp
2013-02-03 19:31 . 2013-02-03 19:31	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^immordino^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Enregistrement du produit.lnk]
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39	41208	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConduitHelper]
2011-08-04 07:07	274216	----a-w-	c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-02-06 22:04	464168	----a-w-	c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-11-06 01:05	106496	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-11-06 01:02	98304	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-08-11 13:30	249856	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2006-12-08 12:35	614400	----a-w-	c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36	2793304	----a-w-	c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-12-14 15:49	512360	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-11-22 07:29	7757824	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-11-22 07:29	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2006-11-22 07:29	90191	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-11-06 01:02	81920	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-12-01 05:37	4186112	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:58	18708224	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-01-07 11:03	446648	----a-w-	c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-10-23 03:00	815104	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2006-10-18 15:58	1185264	----a-w-	c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48	57344	----a-w-	c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-04-01 18:49	36352	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-24 13:39	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 07:06]
.
2013-02-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2013-02-01 23:26]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-25 09:31]
.
2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-25 09:31]
.
2013-02-21 c:\windows\Tasks\{164789F2-AE50-40D4-B1D4-15E7B5B9F766}.job
- c:\program files\google\chrome\application\chrome.exe [2011-10-25 05:23]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\immordino\AppData\Roaming\Mozilla\Firefox\Profiles\1ppieufj.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/?pc=UP31&ocid=univskyhp
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: keyword.URL - 
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-15 17:58; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-08-29 07:06; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-27 17:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\relog_ap.dll
.
Heure de fin: 2013-02-27  17:38:06
ComboFix-quarantined-files.txt  2013-02-27 16:38
.
Avant-CF: 11 014 397 952 octets libres
Après-CF: 10 978 971 648 octets libres
.
- - End Of File - - 1A580F9CDF762FED73634FAFA638C9F2