bonjour
j'etais infecté par le virus hello4 je pense que je le suis un peu encore?
j'ai utilisé combofix ça va mieux
je vous envoie le rapport comme il est dis que vous etes des specialistes , formé sur combofix pour analysé le resultat
merci de me tenir au courant que je puisse supprimé les bestioles qui traine sur mon pc
a bientot
ComboFix 11-07-07.06 - jelti 08/07/2011 18:53:39.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.694 [GMT 2:00]
Lancé depuis: c:\documents and settings\nawel\Mes documents\Téléchargements\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\AVerRecord.tmp
c:\documents and settings\All Users.WIND\Application Data\Tarma Installer
c:\documents and settings\All Users.WIND\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\ham\WINDOWS
c:\documents and settings\JEL\AUTORUN.INF
c:\documents and settings\JEL\WINDOWS
c:\documents and settings\jelti.JELTI-992D90535\Application Data\Desktopicon
c:\documents and settings\jelti.JELTI-992D90535\Application Data\Desktopicon\eBay.ico
c:\documents and settings\jelti.JELTI-992D90535\Application Data\Desktopicon\uninst.exe
c:\documents and settings\jelti.JELTI-992D90535\Application Data\FE16A1FB7C848FD69BAFBE84BE4C986E
c:\documents and settings\jelti.JELTI-992D90535\Application Data\FE16A1FB7C848FD69BAFBE84BE4C986E\enemies-names.txt
c:\documents and settings\jelti.JELTI-992D90535\Local Settings\Application Data\etdaqapn.dat
c:\documents and settings\jelti.JELTI-992D90535\Local Settings\Application Data\etdaqapn.exe
c:\documents and settings\jelti.JELTI-992D90535\Local Settings\Application Data\etdaqapn_nav.dat
c:\documents and settings\jelti.JELTI-992D90535\Local Settings\Application Data\etdaqapn_navps.dat
c:\documents and settings\jelti.JELTI-992D90535\WINDOWS
c:\documents and settings\jeltop\slvlcd.MSNFix
c:\documents and settings\jeltop\WINDOWS
c:\documents and settings\Propriétaire.JELTI-5F97E5B8A\WINDOWS
C:\HCT8.tmp
C:\HCT9.tmp
c:\program files\AVAST Software\Avast\avastUI.exe
c:\program files\Fichiers communs\Java\Java Update\jusched.exe
c:\program files\Internet Explorer\fxavx.ini
c:\program files\Malwarebytes' Anti-Malware\mbam.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\program files\Windows Live\Messenger\msnmsgr.exe
C:\reg.reg
c:\wind\setup.exe
c:\wind\system\Color
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_0_1
-------\Service_WinRing0_1_0_1
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-06-08 au 2011-07-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-07-08 09:44 . 2011-07-08 09:44 -------- d-----w- c:\documents and settings\Administrateur.JELTI-992D90535
2011-07-08 07:08 . 2011-07-08 07:08 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT.003\Local Settings\Application Data\Identities
2011-07-08 07:05 . 2011-07-08 07:05 -------- d-----w- c:\documents and settings\jelti.JELTI-992D90535\Application Data\SUPERAntiSpyware.com
2011-07-08 07:05 . 2011-07-08 07:05 -------- d-----w- c:\documents and settings\All Users.WIND\Application Data\SUPERAntiSpyware.com
2011-07-08 07:05 . 2011-07-08 17:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-07 15:49 . 2011-07-07 15:49 -------- d-----w- c:\documents and settings\nawel\Application Data\Malwarebytes
2011-07-07 09:38 . 2011-05-10 11:59 19544 ----a-w- c:\wind\system32\drivers\aswFsBlk.sys
2011-07-07 09:38 . 2011-05-10 12:03 307928 ----a-w- c:\wind\system32\drivers\aswSP.sys
2011-07-07 09:38 . 2011-05-10 11:59 25432 ----a-w- c:\wind\system32\drivers\aswRdr.sys
2011-07-07 09:38 . 2011-05-10 12:03 441176 ----a-w- c:\wind\system32\drivers\aswSnx.sys
2011-07-07 09:38 . 2011-05-10 12:02 49240 ----a-w- c:\wind\system32\drivers\aswTdi.sys
2011-07-07 09:38 . 2011-05-10 12:02 102616 ----a-w- c:\wind\system32\drivers\aswmon2.sys
2011-07-07 09:38 . 2011-05-10 12:02 96344 ----a-w- c:\wind\system32\drivers\aswmon.sys
2011-07-07 09:38 . 2011-05-10 11:59 30808 ----a-w- c:\wind\system32\drivers\aavmker4.sys
2011-07-07 09:37 . 2011-05-10 12:10 40112 ----a-w- c:\wind\avastSS.scr
2011-07-07 09:37 . 2011-05-10 12:10 199304 ----a-w- c:\wind\system32\aswBoot.exe
2011-07-07 09:37 . 2011-07-07 09:37 -------- d-----w- c:\program files\AVAST Software
2011-07-07 09:37 . 2011-07-07 09:37 -------- d-----w- c:\documents and settings\All Users.WIND\Application Data\AVAST Software
2011-07-07 08:04 . 2011-07-07 08:04 -------- d-----w- c:\documents and settings\jelti.JELTI-992D90535\Application Data\Malwarebytes
2011-07-07 08:04 . 2011-05-29 07:11 39984 ----a-w- c:\wind\system32\drivers\mbamswissarmy.sys
2011-07-07 08:04 . 2011-07-07 08:04 -------- d-----w- c:\documents and settings\All Users.WIND\Application Data\Malwarebytes
2011-07-07 08:03 . 2011-07-08 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-07 08:03 . 2011-05-29 07:11 22712 ----a-w- c:\wind\system32\drivers\mbam.sys
2011-07-07 06:41 . 2011-07-07 06:41 -------- d-----w- c:\documents and settings\jelti.JELTI-992D90535\Application Data\QuickScan
2011-07-06 21:25 . 2011-07-06 21:25 -------- d-----w- c:\documents and settings\NetworkService.AUTORITE NT.003\Local Settings\Application Data\Adobe
2011-07-05 20:26 . 2011-07-05 20:59 -------- d-----w- c:\documents and settings\LocalService.AUTORITE NT.003\UserData
2011-07-05 19:33 . 2011-07-06 19:51 -------- d-s---w- c:\documents and settings\NetworkService.AUTORITE NT.003\UserData
2011-07-05 16:15 . 2011-07-05 16:15 -------- d-----w- c:\documents and settings\All Users.WIND\Application Data\4D
2011-07-03 17:25 . 2011-07-03 17:14 762112 ----a-w- c:\wind\system32\drivers\adatadrv.sys
2011-07-03 17:18 . 2011-07-03 17:18 -------- d-----w- C:\ADCDTEMP
2011-07-03 17:18 . 2011-07-03 17:18 -------- d-----w- C:\ADSecurity
2011-07-03 17:18 . 2011-07-03 17:16 926624 ----a-w- c:\wind\system32\ChilkatCrypt2.dll
2011-07-03 17:18 . 2011-07-03 17:16 856992 ----a-w- c:\wind\system32\ChilkatCert.dll
2011-07-03 17:18 . 2011-07-03 17:16 660384 ----a-w- c:\wind\system32\ChilkatUtil.dll
2011-07-03 17:18 . 2011-07-03 17:16 436736 ----a-w- c:\wind\system32\Autoserv.exe
2011-07-03 17:18 . 2008-07-11 05:05 37088 ----a-w- c:\wind\system32\drivers\SNTNLUSB.SYS
2011-07-03 17:18 . 2011-07-03 17:18 -------- d-----w- c:\program files\SafeNet Sentinel
2011-07-03 17:18 . 2011-07-03 17:18 -------- d-----w- c:\program files\Fichiers communs\SafeNet Sentinel
2011-07-03 12:05 . 2011-06-16 04:38 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-07-03 12:05 . 2011-06-16 04:38 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-07-03 12:05 . 2011-06-16 04:38 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-07-03 12:05 . 2011-06-16 04:38 269272 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
2011-07-03 12:05 . 2011-06-16 04:38 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2011-07-03 12:05 . 2010-01-01 08:00 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-07-03 12:05 . 2010-01-01 08:00 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-10 19:52 . 2011-06-10 19:53 84621672 ----a-w- c:\program files\Fichiers communs\Windows Live\.cache\wlc72.tmp
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-06-10 08:27 . 2006-06-10 08:22 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-06-16 04:38 . 2011-07-03 12:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\AVAST Software\Avast\avastUI .exe
c:\program files\Fichiers communs\Java\Java Update\jusched .exe
</pre>
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 3D3C316BD1E112F3B9C532D8B9939BDC . 93184 . . [6.00.2900.5512] . . c:\wind\ServicePackFiles\i386\iexplore.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr .exe" [N/A]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck xmnt2002 /bat=c:\wind\TEMP\PQ_BATCH.PQB /win=c:\wind /dbg=c:\WIND\TEMP\PQ_DEBUG.TXT /ver=262144 /prd=PartitionMagic\0pdboot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WIND^Menu Démarrer^Programmes^Démarrage^802.11g Wireless Adatper.lnk]
path=c:\documents and settings\All Users.WIND\Menu Démarrer\Programmes\Démarrage\802.11g Wireless Adatper.lnk
backup=c:\wind\pss\802.11g Wireless Adatper.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WIND^Menu Démarrer^Programmes^Démarrage^BDARemote.lnk]
path=c:\documents and settings\All Users.WIND\Menu Démarrer\Programmes\Démarrage\BDARemote.lnk
backup=c:\wind\pss\BDARemote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WIND^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users.WIND\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan.lnk
backup=c:\wind\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WIND^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
path=c:\documents and settings\All Users.WIND\Menu Démarrer\Programmes\Démarrage\PalTalk.lnk
backup=c:\wind\pss\PalTalk.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WIND^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=c:\documents and settings\All Users.WIND\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=c:\wind\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jelti.JELTI-992D90535^Menu Démarrer^Programmes^Démarrage^802.11g Wireless Adatper.lnk]
path=c:\documents and settings\jelti.JELTI-992D90535\Menu Démarrer\Programmes\Démarrage\802.11g Wireless Adatper.lnk
backup=c:\wind\pss\802.11g Wireless Adatper.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jelti.JELTI-992D90535^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\jelti.JELTI-992D90535\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk
backup=c:\wind\pss\OpenOffice.org 3.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jelti.JELTI-992D90535^Menu Démarrer^Programmes^Démarrage^PalNetaware.lnk]
path=c:\documents and settings\jelti.JELTI-992D90535\Menu Démarrer\Programmes\Démarrage\PalNetaware.lnk
backup=c:\wind\pss\PalNetaware.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\wind\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 22:47 905208 -c--a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 06:58 40368 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 -c--a-w- c:\wind\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-02-23 16:32 203928 -c--a-w- c:\program files\Alcohol Soft\Alcohol 52\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
c:\program files\ATI Technologies\ATI.ACE\cli.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
c:\program files\AVAST Software\Avast\avastUI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bipro]
c:\wind\$XNTUninstall643$\cmsve.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
cmicnfg.cpl [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 22:43 1349392 -c--a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNHelper32]
2005-10-20 14:50 45056 ----a-w- c:\wind\system32\DNHlp32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
c:\program files\DAP\DAP.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etdaqapn]
c:\documents and settings\jelti.jelti-992d90535\local settings\application data\etdaqapn.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods]
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:07 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jtlog.exe]
c:\program files\game\configu.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KM Status]
2006-10-20 10:01 192512 -c--a-w- c:\program files\KONICA MINOLTA\Status Monitor\KMSM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA magicolor2300WStatusDisplay]
2003-12-22 00:37 176128 ----a-w- c:\wind\system32\MSTMON_P.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
c:\program files\Malwarebytes' Anti-Malware\mbam.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 -c--a-w- c:\wind\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
c:\program files\Windows Live\Messenger\msnmsgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\wind\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-01-22 03:12 13666408 ----a-w- c:\wind\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-22 03:12 110696 ----a-w- c:\wind\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qbenebodam]
c:\wind\kbicpok.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-28 20:29 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-01-16 20:17 306088 -c--a-w- c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-27 13:20 16844800 -c--a-w- c:\wind\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SchedulingAgent]
2008-04-13 18:34 12288 ----a-w- c:\wind\system32\mstinit.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2009-11-02 17:52 136544 -c--a-w- c:\program files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-08-03 12:22 1826816 -c--a-w- c:\wind\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
c:\program files\Analog Devices\SoundMAX\SMTray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
c:\program files\Analog Devices\SoundMAX\Smax4.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35 90112 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Fichiers communs\Java\Java Update\jusched.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-17 11:58 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-03-18 00:03 251240 -c--a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tplsub700jk.exe]
c:\documents and settings\jelti.JELTI-992D90535\Application Data\FE16A1FB7C848FD69BAFBE84BE4C986E\tplsub700jk.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updtr.exe]
c:\wind\system32\updtr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows]
d:\windows\System32\windows.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SoundMAX Agent Service (default)"=2 (0x2)
"NVSvc"=2 (0x2)
"ose"=3 (0x3)
"gusvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ServiceLayer"=3 (0x3)
"gupdate1c9f696b3a7a7ea"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"SgtSch2Svc"=2 (0x2)
"PDEngine"=3 (0x3)
"PDAgent"=3 (0x3)
"STI Simulator"=2 (0x2)
"maconfservice"=3 (0x3)
"KM PageScope Net Care Service"=2 (0x2)
"IDriverT"=3 (0x3)
"SandraAgentSrv"=3 (0x3)
"SentinelProtectionServer"=2 (0x2)
"SentinelKeysServer"=2 (0x2)
"MBAMService"=2 (0x2)
"gupdatem"=3 (0x3)
"avast! Antivirus"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WIND\\system32\\java.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\sandra.0C.mui"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Fichiers communs\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\wind\system32\drivers\sptd.sys [15/03/2009 12:16 717296]
R1 aswSnx;aswSnx;c:\wind\system32\drivers\aswSnx.sys [07/07/2011 11:38 441176]
R1 aswSP;aswSP;c:\wind\system32\drivers\aswSP.sys [07/07/2011 11:38 307928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 20:41 67656]
R2 aswFsBlk;aswFsBlk;c:\wind\system32\drivers\aswFsBlk.sys [07/07/2011 11:38 19544]
R2 dk2drv;DK2 WindowsNT Driver;c:\wind\system32\drivers\dk2drv.sys [20/01/2010 21:13 42624]
R2 MLPTDR_P;MLPTDR_P;c:\wind\system32\MLPTDR_P.SYS [09/07/2003 02:52 20032]
R2 PStrip;PStrip;c:\wind\system32\drivers\pstrip.sys [15/07/2007 04:37 27992]
R3 adatadrv;Autodata Protection Service;c:\wind\system32\drivers\adatadrv.sys [03/07/2011 19:25 762112]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\wind\system32\drivers\l151x86.sys [05/11/2010 21:25 37888]
S2 CoachCap;FUJIFILM EX-10/EX-20 PC V1.00;c:\wind\system32\drivers\coachcap.sys [03/03/2002 13:26 93068]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\JELTI~1.JEL\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\JELTI~1.JEL\LOCALS~1\Temp\ALSysIO.sys [?]
S3 cpuz;cpuz;\??\c:\documents and settings\jelti.JELTI-992D90535\Bureau\A64Tweaker\cpuz.sys --> c:\documents and settings\jelti.JELTI-992D90535\Bureau\A64Tweaker\cpuz.sys [?]
S3 cpuz129;cpuz129;\??\c:\docume~1\JELTI~1.JEL\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\JELTI~1.JEL\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 MBAMProtector;MBAMProtector;c:\wind\system32\drivers\mbam.sys [07/07/2011 10:03 22712]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\wind\system32\drivers\nmwcdnsu.sys [23/01/2010 20:09 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\wind\system32\drivers\nmwcdnsuc.sys [23/01/2010 20:09 8320]
S3 nssusb;%nssusb.SvcDesc%;c:\wind\system32\drivers\nssusb.sys [27/09/2006 17:59 34575]
S3 PAC207;SoC PC-Camera;c:\wind\system32\drivers\PFC027.SYS [05/12/2006 12:34 507136]
S3 PRODIGY;PRODIGY;c:\wind\system32\drivers\prodigy.sys [21/10/2009 15:08 32377]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\wind\system32\drivers\WlanBZXP.sys [13/11/2010 18:25 402432]
S3 USB_RNDIS_51;USB Remote Ndis Cable Modem Network Device Driver;c:\wind\system32\drivers\usb8023.sys [13/01/2009 21:32 12800]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\wind\system32\wlanndi5.sys [21/04/2004 18:51 16384]
S3 WN6201;Wireless Network Adapter Service;c:\wind\system32\drivers\WN6201.sys [28/01/2009 23:30 457472]
S4 gupdate1c9f696b3a7a7ea;Service Google Update (gupdate1c9f696b3a7a7ea);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2009 21:45 133104]
S4 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2009 21:45 133104]
S4 KM PageScope Net Care Service;KONICA MINOLTA PageScope Net Care;c:\program files\KONICA MINOLTA\PageScope Net Care\JavaService.exe -ms4m -mx32m --> c:\program files\KONICA MINOLTA\PageScope Net Care\JavaService.exe -ms4m -mx32m [?]
S4 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [12/09/2010 16:30 251248]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/07/2011 10:04 366640]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [26/03/2010 11:59 93336]
S4 SentinelKeysServer;Sentinel Keys Server;c:\program files\Fichiers communs\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11/07/2008 01:02 328992]
S4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Fichiers communs\Seagate\Schedule2\schedul2.exe [02/11/2009 19:52 431456]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [18/03/2009 02:03 92008]
.
Contenu du dossier 'Tâches planifiées'
.
2011-07-08 c:\wind\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 19:45]
.
2011-07-08 c:\wind\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-26 19:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\wind\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\wind\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\jelti.JELTI-992D90535\Application Data\Mozilla\Firefox\Profiles\vp6f73e1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\PageRage\YontooIEClient.dll
Notify-WgaLogon - (no file)
AddRemove-Cannon Smash - c:\program files\Cannon Smash\Uninstall Cannon Smash.exe
AddRemove-Dream Match Tennis Pro_is1 - c:\program files\Dream Match Tennis Pro\unins000.exe
AddRemove-eBay Icon - c:\documents and settings\jelti.JELTI-992D90535\Application Data\Desktopicon\uninst.exe
AddRemove-prime - c:\microgaming\Casino\PrimeCasino\install.exe
AddRemove-rubyfortune - c:\microgaming\Casino\RubyFortune\install.exe
AddRemove-Street Fighter IV_is1 - e:\program files\Street Fighter IV\Uninstall\unins000.exe
AddRemove-TmNationsForever_is1 - c:\program files\TmNationsForever\unins000.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\documents and settings\All Users.WIND\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-08 19:34
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: ST380011A rev.8.01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-9
.
device: opened successfully
user: MBR read successfully
error: Read Un périphérique attaché au système ne fonctionne pas correctement.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8706D31B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-1123561945-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:df,18,e8,ec,f3,ea,ed,c7,6a,56,55,77,f2,52,41,58,d1,0b,f2,66,62,
33,26,49,db,13,24,8c,ac,8c,e3,87,d4,3c,30,a8,8b,b3,8d,e8,0a,b2,6f,b2,ec,d4,\
"rkeysecu"=hex:c8,d1,0a,d0,da,98,f9,7b,bb,97,5c,6e,c5,09,94,5e
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\wind\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2288)
c:\wind\system32\WPDShServiceObj.dll
c:\wind\system32\PortableDeviceTypes.dll
c:\wind\system32\PortableDeviceApi.dll
c:\wind\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\wind\System32\wdfmgr.exe
c:\wind\system32\wscntfy.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Heure de fin: 2011-07-08 19:43:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-07-08 17:43
.
Avant-CF: 3 455 950 848 octets libres
Après-CF: 3 545 108 480 octets libres
.
- - End Of File - - 029CAA3DE46044FCFEFD9547A9B85B93
