Voici le 1er rapport ComboFix :
ComboFix 10-05-17.03 - Propriétaire 19/05/2010 11:03:35.5.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.682 [GMT 2:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Propriétaire\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100518-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Un nouveau point de restauration a été créé
FILE ::
"c:\\Documents and Settings\Propriétaire\Application Data\fbknso.dat"
"c:\\Documents and Settings\Propriétaire\Bureau\Security essentials 2010.lnk"
"c:\\WINDOWS\system32\drivers\OLD62.tmp"
"c:\\WINDOWS\system32\drivers\OLD66.tmp"
"c:\documents and settings\Propriétaire\Application Data\fbknso.dat"
"c:\documents and settings\Propriétaire\Bureau\Security essentials 2010.lnk"
"c:\windows\system32\drivers\OLD62.tmp"
"c:\windows\system32\drivers\OLD66.tmp"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\\Documents and Settings\Propriétaire\Application Data\fbknso.dat
c:\\Documents and Settings\Propriétaire\Bureau\Security essentials 2010.lnk
c:\\WINDOWS\system32\drivers\OLD62.tmp
c:\\WINDOWS\system32\drivers\OLD66.tmp
c:\documents and settings\Propriétaire\Application Data\fbknso.dat
c:\documents and settings\Propriétaire\Bureau\Security essentials 2010.lnk
c:\windows\SW_Win3112X32.DLL
c:\windows\system32\drivers\OLD62.tmp
c:\windows\system32\drivers\OLD66.tmp
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-04-19 au 2010-05-19 ))))))))))))))))))))))))))))))))))))
.
2010-05-09 15:30 . 2010-05-09 15:30 -------- d-----w- c:\program files\Freeware PDF Unlocker
2010-05-08 19:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-08 19:34 . 2010-05-08 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-08 19:34 . 2010-05-09 06:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 19:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-08 19:25 . 2010-05-10 06:43 -------- d-----w- c:\program files\ZHPDiag
2010-05-08 12:29 . 2005-02-16 10:06 218112 ----a-w- C:\Rahan78.exe
2010-05-07 04:06 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-05-07 04:06 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 08:58 . 2009-04-17 11:41 -------- d-----w- c:\program files\CCleaner
2010-05-18 20:22 . 2009-09-08 11:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-13 05:26 . 2004-08-05 12:00 80748 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-13 05:26 . 2004-08-05 12:00 500900 ----a-w- c:\windows\system32\perfh00C.dat
2010-05-12 08:58 . 2009-04-17 13:25 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-05-12 08:51 . 2009-04-17 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-12 08:50 . 2009-04-17 15:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-12 08:49 . 2009-04-17 11:40 -------- d-----w- c:\program files\SpywareBlaster
2010-05-09 16:15 . 2010-05-09 16:15 -------- d-----w- c:\program files\Softinterface, Inc
2010-04-28 21:15 . 2009-04-17 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-25 09:14 . 2010-05-09 16:15 1802240 ----a-w- c:\windows\system32\beconvlib.dll
2010-03-27 08:39 . 2009-04-17 15:47 -------- d-----w- c:\program files\Microsoft Works
2010-03-26 05:32 . 2009-12-22 17:39 -------- d-----w- c:\program files\Sweet Home 3D
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-03-10 06:16 . 2004-08-05 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:17 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-05 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-11 12:16 . 2009-06-11 12:09 12 ----a-w- c:\program files\deudora.ini
2009-06-11 12:16 . 2009-06-11 12:16 11779 ----a-w- c:\program files\Eudora61Stats.xml
2009-06-11 12:16 . 2009-06-11 12:14 2336 ----a-w- c:\program files\Audit.log
2009-06-11 12:16 . 2009-06-11 12:14 1056 ----a-w- c:\program files\eudora.log
2009-06-11 12:16 . 2009-06-11 12:13 9355 ----a-w- c:\program files\eudora.ini
2009-06-11 12:15 . 2009-06-11 12:15 0 ----a-w- c:\program files\PoubMél.mbx
2009-06-11 12:15 . 2009-06-11 12:14 91 ----a-w- c:\program files\descmap.pce
2009-06-11 12:14 . 2009-06-11 12:14 104 ----a-w- c:\program files\Out.toc
2009-06-11 12:14 . 2009-06-11 12:14 0 ----a-w- c:\program files\lmos.dat
2009-06-11 12:14 . 2009-06-11 12:14 0 ----a-w- c:\program files\Trash.mbx
2009-06-11 12:14 . 2009-06-11 12:14 0 ----a-w- c:\program files\Out.mbx
2009-06-11 12:14 . 2009-06-11 12:14 0 ----a-w- c:\program files\In.mbx
2009-04-17 08:34 . 2009-04-17 08:34 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2009-04-26 10:43 . 2009-04-26 10:35 12208 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"ULiRaid"="c:\program files\ULiRaid\ULiRaid.exe" [2006-05-12 630784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-01 1629744]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-01 1057328]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-4-17 131584]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-19 809488]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "d:\qualcomm\Eudora\EuShlExt.dll" [2002-09-30 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\eMule\\emule.exe"=
"d:\\eMule_048a\\emule.exe"=
R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [08/07/2005 16:55 52480]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [17/04/2009 09:34 45056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/09/2009 09:57 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/09/2009 09:57 20560]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [17/04/2009 09:19 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
.
------- Examen supplémentaire -------
.
uStart Page =
hxxp://www.europowersearch.com/Search.html?SelectedSearchLang=FRmStart Page =
hxxp://www.europowersearch.com/Search.html?SelectedSearchLang=FRuInternet Settings,ProxyOverride = local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {62AD068C-692E-4478-AF9D-D2C28A2D7DD1} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\geatk2ls.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.ffba.org/FF - component: c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\geatk2ls.default\extensions\{d9a7302c-c18f-48ff-bb40-1daf44bcf0d8}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\geatk2ls.default\extensions\{d9a7302c-c18f-48ff-bb40-1daf44bcf0d8}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\geatk2ls.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-19 11:07
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-05-19 11:11:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-05-19 09:11
Avant-CF: 12 351 217 664 octets libres
Après-CF: 12 312 862 720 octets libres
- - End Of File - - 42D48228AFCA8C872CB643E3322680F9
Ainsi que le rapport Ad-Remover :
.
======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 07/05/10 à 16:50
Contact:
AdRemover.contact@gmail.comSite web:
http://pagesperso-orange.fr/NosTools/ad_remover.html.
Lancé à: 22:31:31 le 19/05/2010 | Mode normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 3 - X86
Nom du PC: PC-D9F02FD8B779
Utilisateur actuel: Propriétaire
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
(!) -- Fichiers temporaires supprimés.
.
.
(Orpheline) BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} (CLSID manquant)
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.6.3 (fr) *
.
C:\Documents and Settings\Propriétaire\..\geatk2ls.default\prefs.js - browser.download.dir: D:\\Téléchargements Internet\\Logiciels\\Fichiers Sources
C:\Documents and Settings\Propriétaire\..\geatk2ls.default\prefs.js - browser.download.lastDir: F:\\Marc\\Badminton\\CODEP75\\National Jeunes
C:\Documents and Settings\Propriétaire\..\geatk2ls.default\prefs.js - browser.startup.homepage:
hxxp://www.ffba.org/C:\Documents and Settings\Propriétaire\..\geatk2ls.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\Elodie\..\qb91rh6p.default\prefs.js - browser.search.selectedEngine: Yahoo
C:\Documents and Settings\Elodie\..\qb91rh6p.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3
C:\Documents and Settings\Marc\..\w7sx6grn.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.0.11
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL:
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeDefault_Search_URL:
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchDo404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar:
hxxp://go.microsoft.com/fwlink/?linkid=54896Show_ToolBar: yes
Start Page:
hxxp://fr.msn.com/.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL:
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeDefault_Search_URL:
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchDelete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar:
hxxp://search.msn.com/spbasic.htmSearch Page:
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStart Page:
hxxp://fr.msn.com/.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs:
res://ieframe.dll/tabswelcome.htmBlank:
res://mshtml.dll/blank.htm.
========================================
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 14 Fichier(s)
.
C:\Ad-Report-CLEAN[1].txt - 3020 Octet(s)
C:\Ad-Report-CLEAN[2].txt - 3044 Octet(s)
C:\Ad-Report-CLEAN[3].txt - 2877 Octet(s)
C:\Ad-Report-SCAN[1].txt - 2733 Octet(s)
C:\Ad-Report-SCAN[2].txt - 2879 Octet(s)
C:\Ad-Report-SCAN[3].txt - 2964 Octet(s)
.
Fin à: 22:33:27, 19/05/2010
.
============== E.O.F - CLEAN[3] ==============
Bonne lecture ;-)
Rahan78