Rapport ConboFix

[malif]

Bonjour,

Ci-dessous le rapport de ComboFix concernant mon ordinateur plein de virus et, surtout, de malware et spyware.

Quelqu'un pourrait m'aider à m'en débarrasser ?

Bien merci d'avance.

 

 

 

ComboFix 09-03-04.01 - **** 2009-03-07 10:48:51.4 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2036.1382 [GMT 1:00]

Lancé depuis: c:\documents and settings\****\Bureau\ComboFix.exe

AV: avast! antivirus 4.8.1169 [VPS 080329-0] *On-access scanning disabled* (Outdated)

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)

FW: Pare-feu BitDefender *disabled*

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Exécution préalable -------

.

C:\autorun.inf

c:\windows\system32\Cache

D:\Autorun.inf

F:\2u.com

F:\autorun.inf

G:\Autorun.inf

H:\2.bat

H:\2u.com

H:\autorun.inf

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-07 au 2009-03-07 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-07 10:29 . 2009-03-07 10:29 121 --a------ c:\windows\bdagent.INI

2009-03-07 09:55 . 2009-03-07 10:29 81,984 --a------ c:\windows\system32\bdod.bin

2009-03-07 09:45 . 2009-03-07 09:45 850 --a------ c:\windows\system32\ProductTweaks.xml

2009-03-07 09:45 . 2009-03-07 09:45 385 --a------ c:\windows\system32\user_gensett.xml

2009-03-06 23:06 . 2009-03-07 10:29 <REP> d-------- c:\program files\BitDefender

2009-03-06 23:04 . 2009-03-07 10:29 <REP> d-------- c:\program files\Fichiers communs\BitDefender

2009-03-06 22:42 . 2009-03-06 22:42 80 --a------ C:\bootdelete.lst

2009-03-06 22:16 . 2009-03-06 22:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Hitman Pro 3

2009-03-06 22:16 . 2009-03-06 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Hitman Pro

2009-03-06 22:11 . 2009-03-06 22:14 <REP> d-------- c:\program files\SpywareBlaster

2009-03-06 21:35 . 2009-03-06 21:35 <REP> d-------- c:\program files\Spybot - Search & Destroy

2009-03-06 21:35 . 2009-03-06 21:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-03-06 20:17 . 2009-03-06 21:30 <REP> d-------- c:\program files\Spyware Terminator

2009-03-06 20:17 . 2009-03-06 20:17 <REP> d-------- c:\documents and settings\****\Application Data\Spyware Terminator

2009-03-06 20:17 . 2009-03-06 21:30 <REP> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator

2009-03-06 20:17 . 2009-03-06 20:17 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys

2009-03-06 18:52 . 2009-03-06 18:52 <REP> d-------- c:\windows\system32\Kaspersky Lab

2009-03-05 21:54 . 2009-03-05 21:54 <REP> d-------- c:\program files\Alwil Software

2009-03-05 21:19 . 2005-06-03 15:56 53,248 -ra------ c:\windows\UpdtNv28.exe

2009-03-05 21:11 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2009-03-05 21:11 . 2009-03-05 21:11 260 --a------ c:\windows\_delis32.ini

2009-03-05 21:10 . 2009-03-05 21:51 <REP> d-------- c:\program files\Symantec

2009-03-05 21:10 . 2009-03-05 21:51 <REP> d-------- c:\program files\Fichiers communs\Symantec Shared

2009-03-05 21:10 . 2009-03-05 21:10 <REP> d-------- c:\documents and settings\****\Application Data\Symantec

2009-03-05 21:10 . 2009-03-05 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Symantec

2009-03-05 19:36 . 2001-08-17 21:52 18,688 --a------ c:\windows\system32\drivers\cdaudio.sys

2009-03-05 19:36 . 2001-08-17 21:52 18,688 --a--c--- c:\windows\system32\dllcache\cdaudio.sys

2009-03-05 19:31 . 2009-03-05 20:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-03-05 19:23 . 2009-03-05 19:30 <REP> d-------- C:\kav

2009-03-05 09:44 . 2009-03-05 09:44 <REP> d-------- c:\documents and settings\****\Application Data\pdf995

2009-03-05 09:44 . 2009-03-05 09:44 28 --a------ c:\windows\pdf995.ini

2009-03-05 09:25 . 2002-05-14 13:08 94,208 --a--c--- c:\windows\system32\dllcache\fpencode.dll

2009-03-05 09:24 . 2009-03-05 09:24 <REP> d-------- c:\documents and settings\****\Application Data\Microsoft Web Folders

2009-03-04 20:26 . 2009-03-04 20:26 <REP> d-------- c:\program files\Fichiers communs\xing shared

2009-03-04 20:25 . 2009-03-04 20:25 <REP> d-------- c:\program files\Real

2009-03-04 20:25 . 2009-03-04 20:26 <REP> d-------- c:\program files\Fichiers communs\Real

2009-03-04 17:37 . 2009-03-04 17:37 <REP> d-------- c:\documents and settings\****\Application Data\Thunderbird

2009-03-04 17:37 . 2009-03-04 17:37 <REP> d-------- c:\documents and settings\****\Application Data\Talkback

2009-03-03 19:05 . 2009-03-03 19:05 <REP> d-------- c:\documents and settings\****\Application Data\Subversion

2009-03-03 14:12 . 2009-03-03 14:12 <REP> d-------- C:\spoolerlogs

2009-03-03 13:58 . 2009-03-03 13:58 <REP> d-------- c:\documents and settings\****.******\Application Data\CyberLink

2009-03-03 13:52 . 2009-03-03 13:52 <REP> d-------- c:\program files\TortoiseSVN

2009-03-03 13:52 . 2009-03-03 13:52 <REP> d-------- c:\program files\Fichiers communs\TortoiseOverlays

2009-03-03 13:07 . 2009-03-06 19:51 <REP> d-------- c:\program files\Mozilla Thunderbird

2009-03-03 10:58 . 2009-03-05 17:29 <REP> d-------- C:\ocs-ng

2009-03-03 10:58 . 2009-03-03 10:58 <REP> d-------- c:\documents and settings\****.******\Application Data\Wave Systems Corp

2009-03-03 10:58 . 2009-03-03 10:58 <REP> d-------- c:\documents and settings\****.******\Application Data\Broadcom

2009-03-03 10:57 . 2008-12-17 14:44 <REP> d-------- c:\documents and settings\****.******\Voisinage réseau

2009-03-03 10:57 . 2008-04-21 23:44 <REP> d-------- c:\documents and settings\****.******\Voisinage d'impression

2009-03-03 10:57 . 2008-04-21 22:02 <REP> d-------- c:\documents and settings\****.******\Modèles

2009-03-03 10:57 . 2009-02-25 14:24 <REP> d-------- c:\documents and settings\****.******\Mes documents

2009-03-03 10:57 . 2008-04-21 23:44 <REP> d-------- c:\documents and settings\****.******\Menu Démarrer

2009-03-03 10:57 . 2008-12-09 15:34 <REP> d-------- c:\documents and settings\****.******\iWizz

2009-03-03 10:57 . 2008-12-08 17:36 <REP> d-------- c:\documents and settings\****.******\InstallAnywhere

2009-03-03 10:57 . 2008-10-06 11:15 <REP> d-------- c:\documents and settings\****.******\Favoris

2009-03-03 10:57 . 2009-03-03 11:39 <REP> d-------- c:\documents and settings\****.******\Bureau

2009-03-03 10:57 . 2008-10-24 09:40 <REP> d-------- c:\documents and settings\****.******\Application Data\Winamp

2009-03-03 10:57 . 2009-03-03 12:24 <REP> d-------- c:\documents and settings\****.******\Application Data\VMware

2009-03-03 10:57 . 2008-12-16 15:48 <REP> d-------- c:\documents and settings\****.******\Application Data\Visio

2009-03-03 10:57 . 2008-12-16 11:29 <REP> d-------- c:\documents and settings\****.******\Application Data\U3

2009-03-03 10:57 . 2008-12-11 19:24 <REP> d-------- c:\documents and settings\****.******\Application Data\TortoiseSVN

2009-03-03 10:57 . 2008-10-20 10:00 <REP> d-------- c:\documents and settings\****.******\Application Data\Thunderbird

2009-03-03 10:57 . 2008-10-06 11:19 <REP> d-------- c:\documents and settings\****.******\Application Data\Subversion

2009-03-03 10:57 . 2008-12-09 15:34 <REP> d-------- c:\documents and settings\****.******\Application Data\PSpad

2009-03-03 10:57 . 2008-10-06 15:00 <REP> d-------- c:\documents and settings\****.******\Application Data\pdf995

2009-03-03 10:57 . 2009-03-02 10:22 <REP> d-------- c:\documents and settings\****.******\Application Data\OpenOffice.org2

2009-03-03 10:57 . 2009-01-06 15:04 <REP> d-------- c:\documents and settings\****.******\Application Data\******

2009-03-03 10:57 . 2008-12-03 10:54 <REP> d-------- c:\documents and settings\****.******\Application Data\Microsoft Web Folders

2009-03-03 10:57 . 2008-11-18 17:16 <REP> d-------- c:\documents and settings\****.******\Application Data\IsolatedStorage

2009-03-03 10:57 . 2008-10-06 12:26 <REP> d-------- c:\documents and settings\****.******\Application Data\FMZilla

2009-03-03 10:57 . 2008-12-02 11:22 <REP> d-------- c:\documents and settings\****.******\Application Data\CA

2009-03-03 10:57 . 2008-11-18 17:33 <REP> d-------- c:\documents and settings\****.******\Application Data\Apple Computer

2009-03-03 10:57 . 2008-12-08 17:26 <REP> d--h----- c:\documents and settings\****.******\.netbeans-registration

2009-03-03 10:57 . 2008-12-08 17:26 <REP> d--h----- c:\documents and settings\****.******\.netbeans-derby

2009-03-03 10:57 . 2008-12-08 17:25 <REP> d--h----- c:\documents and settings\****.******\.netbeans

2009-03-03 10:57 . 2009-03-03 12:29 <REP> d-------- c:\documents and settings\****.******

2009-03-03 10:41 . 2009-03-03 10:41 <REP> d-------- c:\windows\SHELLNEW

2009-03-01 23:03 . 2009-03-01 23:03 <REP> d-------- c:\program files\MSXML 4.0

2009-03-01 22:08 . 2009-03-01 22:08 <REP> d-------- c:\program files\Fichiers communs\Skype

2009-03-01 21:49 . 2009-03-05 17:25 <REP> d-------- C:\QUARANTINE

2009-03-01 21:21 . 2009-03-01 21:21 <REP> d-------- c:\program files\Securitoo

2009-03-01 21:20 . 2006-03-01 18:53 94,208 --a------ c:\windows\system32\w32n50.dll

2009-03-01 21:20 . 2007-12-11 20:22 65,536 --a------ c:\windows\system32\Autodial2000.dll

2009-03-01 21:20 . 2003-09-23 10:38 34,688 --a------ c:\windows\system32\pcampr5.sys

2009-03-01 21:20 . 2006-03-01 18:53 32,128 --a------ c:\windows\system32\pcandis5.sys

2009-03-01 19:22 . 2009-03-07 10:52 <REP> d-------- c:\documents and settings\NetworkService\Application Data\VMware

2009-03-01 18:44 . 2009-03-01 18:44 <REP> d-------- c:\documents and settings\LocalService\Application Data\VMware

2009-03-01 18:44 . 2007-09-05 20:18 391,728 --a------ c:\windows\system32\vnetlib.dll

2009-03-01 18:44 . 2007-09-05 20:18 141,872 --a------ c:\windows\system32\vmnat.exe

2009-03-01 18:44 . 2007-09-05 20:18 113,200 --a------ c:\windows\system32\vmnetdhcp.exe

2009-03-01 18:44 . 2007-09-05 20:18 22,320 --a------ c:\windows\system32\drivers\vmnetuserif.sys

2009-03-01 15:10 . 1998-10-07 13:08 327,168 --a------ c:\windows\IsUn040c.exe

2009-03-01 15:06 . 2009-03-01 15:06 0 --a------ c:\windows\WinPM.INI

2009-03-01 15:03 . 2009-03-01 15:03 <REP> d-------- c:\program files\Paragon Software

2009-03-01 15:03 . 2004-09-03 10:53 3,870,720 --a------ c:\windows\system32\qt-mt323.dll

2009-03-01 15:03 . 2003-10-07 18:08 6,656 --a------ c:\windows\system32\WnASPI32.dll

2009-03-01 14:59 . 2009-03-01 14:59 <REP> d-------- C:\314f26b8237b6426defc

2009-03-01 11:13 . 2009-03-01 11:13 <REP> d-------- c:\program files\Paragon Software(2)

2009-02-28 10:42 . 2009-03-07 10:23 <REP> d-------- c:\documents and settings\****\Application Data\skypePM

2009-02-28 10:42 . 2009-02-28 10:42 56 --ah----- c:\windows\system32\ezsidmv.dat

2009-02-28 10:29 . 2009-03-01 22:08 <REP> dr------- c:\program files\Skype

2009-02-28 10:29 . 2009-03-07 10:13 <REP> d-------- c:\documents and settings\****\Application Data\Skype

2009-02-28 10:29 . 2009-03-01 21:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Skype

2009-02-27 23:18 . 2009-03-06 17:01 <REP> d-------- c:\documents and settings\****\Application Data\VMware

2009-02-27 23:16 . 2009-03-07 10:52 <REP> d-------- c:\documents and settings\All Users\Application Data\VMware

2009-02-27 23:15 . 2009-02-27 23:15 <REP> d-------- c:\program files\VMware

2009-02-27 23:15 . 2009-03-01 18:43 <REP> d-------- c:\program files\Fichiers communs\VMware

2009-02-27 22:54 . 2009-03-01 22:04 <REP> d-------- c:\program files\SQLXML 4.0

2009-02-27 22:42 . 2009-02-27 22:42 <REP> d-------- c:\program files\Microsoft Analysis Services

2009-02-27 21:42 . 2009-03-01 21:24 <REP> d-------- c:\program files\OrangeHSS

2009-02-27 21:41 . 2009-02-27 21:41 <REP> d-------- c:\program files\Fichiers communs\France Telecom

2009-02-27 19:02 . 2009-02-27 19:02 212 --a------ c:\windows\ildasmfnt.bin

2009-02-27 18:58 . 2009-02-27 18:58 <REP> d-------- c:\documents and settings\****\Application Data\Roxio

2009-02-27 12:14 . 2009-02-27 12:14 0 --a------ c:\windows\nsreg.dat

2009-02-27 12:09 . 2009-03-01 14:59 <REP> d-------- c:\program files\Mozilla Firefox(2)

2009-02-27 11:37 . 2009-02-27 11:37 <REP> d-------- c:\windows\IIS Temporary Compressed Files

2009-02-27 11:35 . 2009-02-27 11:35 <REP> d-------- c:\windows\system32\msmq

2009-02-27 11:35 . 2009-02-27 11:35 <REP> d-------- c:\windows\system32\Logfiles

2009-02-27 11:35 . 2009-02-27 11:36 <REP> d-------- C:\Inetpub

2009-02-27 11:31 . 2009-02-27 11:31 <REP> d-------- c:\program files\StarUML

2009-02-27 11:31 . 2009-02-27 11:31 <REP> d-------- c:\program files\Astase

2009-02-27 11:27 . 2009-03-02 21:42 <REP> d-------- c:\program files\Microsoft SQL Server

2009-02-27 10:47 . 2009-02-27 10:47 <REP> d-------- c:\program files\Microsoft SQL Server 2005 Mobile Edition

2009-02-27 10:47 . 2009-02-27 10:47 <REP> d-------- c:\program files\Microsoft Device Emulator

2009-02-27 10:33 . 2009-02-27 10:33 <REP> d-------- c:\windows\Symbols

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-02 09:25 3,353 ----a-w c:\windows\system32\drivers\sthdae.log

2009-02-18 13:52 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2009-02-18 13:52 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2009-02-18 09:45 5,293 ----a-w c:\windows\system32\drivers\1028_Dell_WOR_M4400.mrk

2009-01-07 22:06 328,728 ----a-w c:\windows\system32\drivers\iaStor.sys

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 17:52 80384 --a------ c:\program files\Fichiers communs\TortoiseOverlays\TortoiseOverlays.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]

2008-11-09 19:10 40960 --a------ c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]

2008-11-09 19:10 40960 --a------ c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-28 200704]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-01 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-01 471040]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13537280]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 86016]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-09-24 184320]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-09-26 145408]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-11-10 656696]

"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-11-10 91448]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-08-18 598016]

"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2008-11-10 24576]

"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-04 198160]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]

"nwiz"="nwiz.exe" [2008-08-07 c:\windows\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2008-08-07 c:\windows\system32\nvhotkey.dll]

"MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 950048]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-05 75856]

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-05 20560]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-09-04 406808]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-11-11 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-11-11 20840]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2008-11-11 451872]

R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]

R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2008-10-01 90112]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-02-18 112128]

R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-02-18 12840]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-02-18 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-02-18 244368]

S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2005-10-14 14552]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-04-19 42832]

S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2009-03-05 18688]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8af172c6-08a0-11de-a3e7-005056c00008}]

\Shell\AutoRun\command - F:\gi2ky.exe

\Shell\open\Command - F:\gi2ky.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-03-07 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-19 19:03]

.

.

------- Examen supplémentaire -------

.

IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\****\Application Data\Mozilla\Firefox\Profiles\spbvczc9.default\

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-07 10:52:40

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]

"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'lsass.exe'(1136)

c:\windows\system32\wvauth.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\drivers\audio\R205445\stacsv.exe

c:\windows\system32\scardsvr.exe

c:\windows\system32\msdtc.exe

c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft SQL Server\MSSQL.1\OLAP\bin\msmdsrv.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Spyware Terminator\sp_rsser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\program files\VMware\VMware Workstation\vmware-authd.exe

c:\program files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\vmnat.exe

c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe

c:\program files\DellTPad\hidfind.exe

c:\program files\DellTPad\ApntEx.exe

c:\windows\system32\mqsvc.exe

c:\windows\system32\vmnetdhcp.exe

c:\windows\system32\mqtgsvc.exe

c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\1\AlertModule.exe

c:\program files\OrangeHSS\Systray\SystrayApp.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Heure de fin: 2009-03-07 10:56:15 - La machine a redémarré [****]

ComboFix-quarantined-files.txt 2009-03-07 09:56:12

 

Avant-CF: 31,132,172,288 octets libres

Après-CF: 31,118,716,928 octets libres

 

345 --- E O F --- 2009-03-01 22:04:46

[pear]

Bonjour,

 

Pour quelles raisons et sur quels conseils avez vous lancé Combofix svp.

C'est important.

Combofix ne doit être utilisé que sous le contrôle de conseillers formés à son utilisation.

Si vous vous faites aider ailleurs, il faut qu'on le sache car les méthodes peuvent différer.

Pourquoi n'avez vous pas installé la console ?

Qu'est ce que Combofix a trouvé lors des précédentes exécutions.?

 

Ce n'est qu'avec des réponses à ces questions que je pourrai continuer.