Voilà :
ComboFix 08-08-26.01 - PC 2008-08-26 23:41:56.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.667 [GMT 2:00]
Endroit: C:\Documents and Settings\PC\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\PC\ravmonlog
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-26 to 2008-08-26 ))))))))))))))))))))))))))))))))))))
.
2008-08-26 23:12 . 2008-08-26 23:14 <REP> d-------- C:\WINDOWS\LastGood
2008-08-26 23:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-26 23:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-26 23:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-26 23:04 . 2008-08-26 23:11 <REP> d-------- C:\MSNFix
2008-08-26 22:35 . 2008-08-26 22:35 <REP> d-------- C:\Program Files\CCleaner
2008-08-26 22:20 . 2008-08-26 22:29 3,108 --a------ C:\Documents and Settings\Orph.egd
2008-08-26 22:19 . 2008-08-26 22:29 <REP> d-------- C:\ToolBar SD
2008-08-26 21:36 . 2008-08-26 23:04 <REP> d-------- C:\SDFix
2008-08-26 21:02 . 2008-08-26 21:27 <REP> d-------- C:\Program Files\Navilog1
2008-08-26 15:55 . 2008-08-26 15:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 15:55 . 2008-08-26 15:55 <REP> d-------- C:\Documents and Settings\PC\Application Data\Malwarebytes
2008-08-26 15:55 . 2008-08-26 15:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 15:55 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 15:55 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 15:32 . 2008-08-26 15:32 <REP> d-------- C:\Program Files\Avira
2008-08-26 15:32 . 2008-08-26 15:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-26 15:09 . 2008-08-26 15:09 <REP> d-------- C:\Program Files\Trend Micro
2008-08-24 09:55 . 2008-08-24 09:55 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-10 00:31 . 2008-08-10 00:32 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-08-08 22:44 . 2008-08-26 14:09 <REP> d-------- C:\Program Files\Everest Poker
2008-08-05 12:21 . 2008-08-05 12:21 <REP> d-------- C:\Program Files\USB Disk Win98 Driver
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 21:11 --------- d-----w C:\Program Files\Steam
2008-08-26 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 12:28 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-08-26 11:47 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-25 22:21 --------- d-----w C:\Program Files\Free FLV Converter
2008-08-24 21:15 --------- d-----w C:\Documents and Settings\PC\Application Data\mIRC
2008-08-24 20:08 --------- d-----w C:\Program Files\mIRC
2008-08-13 19:17 --------- d-----w C:\Program Files\SopCast
2008-08-11 16:35 --------- d-----w C:\Program Files\Java
2008-07-13 11:34 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.MSNFix
2008-07-12 13:32 --------- d-----w C:\Program Files\Real
2008-07-12 13:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-07-12 13:32 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-07-12 13:32 --------- d-----w C:\Documents and Settings\PC\Application Data\Talkback
2008-07-12 13:31 --------- d-----w C:\Program Files\Google
2008-07-12 07:59 --------- d-----w C:\Documents and Settings\PC\Application Data\La Bataille pour la Terre du Milieu ™ II
2008-07-11 15:21 --------- d-----w C:\Program Files\Electronic Arts
2008-07-04 14:40 --------- d-----w C:\Program Files\World of Warcraft
2008-04-18 16:38 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-07-23 20:34 1271032]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-08-22 19:26 1234160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-12 15:32 185896]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"Ptipbmf"="ptipbmf.dll" [2007-04-12 15:08 118784 C:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13590:TCP"= 13590:TCP:NortonAV
"17059:TCP"= 17059:TCP:NortonAV
"15946:TCP"= 15946:TCP:NortonAV
"13059:TCP"= 13059:TCP:NortonAV
"18045:TCP"= 18045:TCP:NortonAV
"13521:TCP"= 13521:TCP:NortonAV
"12898:TCP"= 12898:TCP:NortonAV
"18034:TCP"= 18034:TCP:NortonAV
"14379:TCP"= 14379:TCP:NortonAV
"13379:TCP"= 13379:TCP:NortonAV
"12227:TCP"= 12227:TCP:NortonAV
"12756:TCP"= 12756:TCP:NortonAV
"16455:TCP"= 16455:TCP:NortonAV
"12478:TCP"= 12478:TCP:NortonAV
"16839:TCP"= 16839:TCP:NortonAV
"13176:TCP"= 13176:TCP:NortonAV
"15501:TCP"= 15501:TCP:NortonAV
"12565:TCP"= 12565:TCP:NortonAV
"15597:TCP"= 15597:TCP:NortonAV
"17032:TCP"= 17032:TCP:NortonAV
"18441:TCP"= 18441:TCP:NortonAV
"18695:TCP"= 18695:TCP:NortonAV
"14969:TCP"= 14969:TCP:NortonAV
"15810:TCP"= 15810:TCP:NortonAV
"16193:TCP"= 16193:TCP:NortonAV
"18642:TCP"= 18642:TCP:NortonAV
"14328:TCP"= 14328:TCP:NortonAV
"18810:TCP"= 18810:TCP:NortonAV
"14878:TCP"= 14878:TCP:NortonAV
"16768:TCP"= 16768:TCP:NortonAV
"13506:TCP"= 13506:TCP:NortonAV
"12177:TCP"= 12177:TCP:NortonAV
"12557:TCP"= 12557:TCP:NortonAV
"14293:TCP"= 14293:TCP:NortonAV
"18389:TCP"= 18389:TCP:NortonAV
"13776:TCP"= 13776:TCP:NortonAV
"13955:TCP"= 13955:TCP:NortonAV
"17667:TCP"= 17667:TCP:NortonAV
"17078:TCP"= 17078:TCP:NortonAV
"16847:TCP"= 16847:TCP:NortonAV
"18827:TCP"= 18827:TCP:NortonAV
"16932:TCP"= 16932:TCP:NortonAV
"14765:TCP"= 14765:TCP:NortonAV
"17531:TCP"= 17531:TCP:NortonAV
"14439:TCP"= 14439:TCP:NortonAV
"12824:TCP"= 12824:TCP:NortonAV
"16516:TCP"= 16516:TCP:NortonAV
"15405:TCP"= 15405:TCP:NortonAV
"18048:TCP"= 18048:TCP:NortonAV
"17642:TCP"= 17642:TCP:NortonAV
"14000:TCP"= 14000:TCP:NortonAV
"18697:TCP"= 18697:TCP:NortonAV
"14456:TCP"= 14456:TCP:NortonAV
"15618:TCP"= 15618:TCP:NortonAV
"14391:TCP"= 14391:TCP:NortonAV
"18693:TCP"= 18693:TCP:NortonAV
"12054:TCP"= 12054:TCP:NortonAV
"18121:TCP"= 18121:TCP:NortonAV
"18745:TCP"= 18745:TCP:NortonAV
"16756:TCP"= 16756:TCP:NortonAV
"12251:TCP"= 12251:TCP:NortonAV
"17023:TCP"= 17023:TCP:NortonAV
"18174:TCP"= 18174:TCP:NortonAV
"14859:TCP"= 14859:TCP:NortonAV
"13231:TCP"= 13231:TCP:NortonAV
"13063:TCP"= 13063:TCP:NortonAV
"17477:TCP"= 17477:TCP:NortonAV
"17299:TCP"= 17299:TCP:NortonAV
"14691:TCP"= 14691:TCP:NortonAV
"18614:TCP"= 18614:TCP:NortonAV
"18694:TCP"= 18694:TCP:NortonAV
"18832:TCP"= 18832:TCP:NortonAV
"18031:TCP"= 18031:TCP:NortonAV
"13292:TCP"= 13292:TCP:NortonAV
"15865:TCP"= 15865:TCP:NortonAV
"15181:TCP"= 15181:TCP:NortonAV
"13989:TCP"= 13989:TCP:NortonAV
"12000:TCP"= 12000:TCP:NortonAV
"12155:TCP"= 12155:TCP:NortonAV
"17428:TCP"= 17428:TCP:NortonAV
"18383:TCP"= 18383:TCP:NortonAV
"14146:TCP"= 14146:TCP:NortonAV
"13644:TCP"= 13644:TCP:NortonAV
"18530:TCP"= 18530:TCP:NortonAV
"17115:TCP"= 17115:TCP:NortonAV
"13589:TCP"= 13589:TCP:NortonAV
"17961:TCP"= 17961:TCP:NortonAV
"13728:TCP"= 13728:TCP:NortonAV
"15638:TCP"= 15638:TCP:NortonAV
"15218:TCP"= 15218:TCP:NortonAV
"12937:TCP"= 12937:TCP:NortonAV
"14864:TCP"= 14864:TCP:NortonAV
"15270:TCP"= 15270:TCP:NortonAV
"16628:TCP"= 16628:TCP:NortonAV
"16646:TCP"= 16646:TCP:NortonAV
"13010:TCP"= 13010:TCP:NortonAV
"13946:TCP"= 13946:TCP:NortonAV
"15951:TCP"= 15951:TCP:NortonAV
"17385:TCP"= 17385:TCP:NortonAV
"14530:TCP"= 14530:TCP:NortonAV
"18084:TCP"= 18084:TCP:NortonAV
"16586:TCP"= 16586:TCP:NortonAV
"12396:TCP"= 12396:TCP:NortonAV
"15953:TCP"= 15953:TCP:NortonAV
"17123:TCP"= 17123:TCP:NortonAV
"12253:TCP"= 12253:TCP:NortonAV
"13076:TCP"= 13076:TCP:NortonAV
"14949:TCP"= 14949:TCP:NortonAV
"16750:TCP"= 16750:TCP:NortonAV
"13791:TCP"= 13791:TCP:NortonAV
"15092:TCP"= 15092:TCP:NortonAV
"17546:TCP"= 17546:TCP:NortonAV
"16345:TCP"= 16345:TCP:NortonAV
"12470:TCP"= 12470:TCP:NortonAV
"18704:TCP"= 18704:TCP:NortonAV
"13744:TCP"= 13744:TCP:NortonAV
"16124:TCP"= 16124:TCP:NortonAV
"13178:TCP"= 13178:TCP:NortonAV
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S3 KLSIENET;Pilote de carte Ethernet USB;C:\WINDOWS\system32\DRIVERS\usb101et.sys [2004-08-04 00:43]
S3 PAC207;Trust Webcam Live;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-04-12 16:50]
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\nwhl34sn.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 23:43:13
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-26 23:44:01
ComboFix-quarantined-files.txt 2008-08-26 21:43:48
Pre-Run: 42,511,306,752 octets libres
Post-Run: 42,506,371,072 octets libres
242
5.50 gen a erreur 80020148
