ComboFix 13-06-06.04 - Sébastien 06/06/2013  22:58:18.1.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.895.208 [GMT 2:00]
Lancé depuis: d:\documents and settings\Sébastien\Mes documents\Téléchargements\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
d:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-05-06 au 2013-06-06  ))))))))))))))))))))))))))))))))))))
.
.
2013-06-06 13:59 . 2013-06-06 13:59	512	-c--a-w-	C:\PhysicalMBR.bin
2013-05-15 13:54 . 2013-05-16 09:21	--------	d-----w-	c:\program files\Mozilla Thunderbird1
2013-05-15 11:44 . 2013-05-15 11:44	--------	d-----w-	d:\documents and settings\Sébastien\AppData
2013-05-15 11:41 . 2013-05-15 11:42	--------	d-----w-	d:\documents and settings\Sébastien\Local Settings\Application Data\jZip
2013-05-15 11:41 . 2013-05-15 11:41	--------	d-----w-	c:\program files\jZip
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 11:13 . 2012-06-19 20:42	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-15 11:13 . 2011-08-24 07:27	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:16 . 2004-08-16 15:41	920064	----a-w-	c:\windows\system32\wininet.dll
2013-04-16 22:16 . 2004-08-16 15:40	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-16 22:16 . 2004-08-16 15:40	1469440	------w-	c:\windows\system32\inetcpl.cpl
2013-04-12 23:29 . 2004-08-16 15:40	385024	----a-w-	c:\windows\system32\html.iec
2013-04-12 14:00 . 2004-08-16 15:41	1876480	----a-w-	c:\windows\system32\win32k.sys
2013-03-29 20:36 . 2013-02-27 09:25	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-29 20:36 . 2013-02-27 09:25	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-29 20:36 . 2013-02-27 09:25	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
1999-04-06 13:27 . 1999-04-06 13:27	99840	----a-w-	c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 03:53 . 1998-12-09 03:53	70144	----a-w-	c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53	48640	----a-w-	c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53	31744	----a-w-	c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53	186368	----a-w-	c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 03:53 . 1998-12-09 03:53	17920	----a-w-	c:\program files\Fichiers communs\IRASRIAL.DLL
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-15 67128]
"updateMgr"="c:\program files\ADOBE\ACROBAT 7.0\READER\ADOBEUPDATEMANAGER.EXE" [2004-11-22 307200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-23 98304]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-23 180269]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-09-17 254896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-13 345312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-7-15 67128]
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2002-12-02 19:56	40960	----a-w-	c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-05 12:00	208952	----a-w-	c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34	1695232	--sh--w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-05-11 11:48	127118	----a-w-	c:\apps\Powercinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-08-23 15:04	98304	----a-w-	c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2004-11-26 09:43	90112	----a-w-	c:\program files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vade Retro Outlook Express]
2004-10-04 11:03	310272	----a-w-	c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Inventime\\my.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
"c:\\Program Files\\devolo\\informer\\devinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [27/02/2013 11:25 37352]
R2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/02/2013 11:25 86752]
R2 AntiVirWebService;Avira Protection Web;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [27/02/2013 11:25 562744]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [11/06/2012 17:22 193616]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [13/05/2008 16:00 35840]
S2 EasyBoxApache;EasyBoxApache;"c:\program files\Easybox\Apache\Apache.exe" -k runservice --> c:\program files\Easybox\Apache\Apache.exe [?]
S2 hpdj5100;hpdj5100;d:\docume~1\SBASTI~1\LOCALS~1\Temp\hpdj5100.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product=5100 --> d:\docume~1\SBASTI~1\LOCALS~1\Temp\hpdj5100.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product=5100 [?]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [11/06/2012 17:22 240208]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2013-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 11:13]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-19 21:00]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-19 21:00]
.
2006-10-27 c:\windows\Tasks\Rappel d'enregistrement 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-16 02:34]
.
2013-06-06 c:\windows\Tasks\User_Feed_Synchronization-{A55E8462-3B39-49DD-829B-C119EB95E9A1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - d:\documents and settings\Sébastien\Application Data\Mozilla\Firefox\Profiles\dq2218pp.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-hbbvfztn - d:\documents and settings\sébastien\local settings\application data\hbbvfztn.exe
AddRemove-jziptoolbargaw - c:\progra~1\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-06 23:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(620)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(6632)
c:\windows\system32\webcheck.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\eappprxy.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\windows\Twain_32\QuickCam\lvWIAext.dll
c:\apps\Powercinema\Kernel\Video\CLMedia.dll
c:\windows\system32\ACSHLEXT.DLL
c:\apps\Powercinema\Kernel\TV\PCMRM2Splter.ax
c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll
c:\program files\K-Lite Codec Pack\Filters\FLVSplitter.ax
c:\program files\K-Lite Codec Pack\Filters\MP4Splitter.ax
c:\windows\system32\wmpasf.dll
c:\windows\system32\DRMClien.DLL
c:\program files\K-Lite Codec Pack\Filters\WavPackDSSplitter.ax
c:\program files\K-Lite Codec Pack\Real\RealMediaSplitter.ax
c:\program files\K-Lite Codec Pack\Filters\mmamr.ax
c:\program files\K-Lite Codec Pack\Filters\mmmpcdmx.ax
c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulspmp4.ax
c:\program files\Fichiers communs\Ulead Systems\MPEG\ulspmpeg.ax
c:\program files\Fichiers communs\Ulead Systems\MPEG\mcmpgdec.dll
c:\program files\Fichiers communs\Ulead Systems\MPEG\mpegin.dll
c:\program files\K-Lite Codec Pack\Filters\MpegSplitter.ax
c:\apps\Powercinema\Kernel\TV\PCMRDemuxer.ax
c:\program files\K-Lite Codec Pack\Filters\Haali\splitter.ax
c:\program files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
c:\program files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Fichiers communs\Ulead Systems\MPEG\uldsmpeg.ax
c:\apps\Powercinema\Kernel\Movie\isomsplt.ax
c:\program files\Fichiers communs\Ulead Systems\MPEG\ulac32.ax
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
c:\program files\Fichiers communs\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2013-06-06  23:11:25 - La machine a redémarré
ComboFix-quarantined-files.txt  2013-06-06 21:11
.
Avant-CF: 11 637 706 752 octets libres
Après-CF: 11 609 632 768 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP �dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 51F706C9DE729A07BD0202B9C03B7E60
671B81004FDD1588FA9ED1331C9CECA9