Infection ?

[chriss$40]

--- 12 août à 10h50 ---

bonjour à la communauté
je vais analyser mon PC avec combofix car il est devenu très lent, surtout sur internet
malgré le passage de tous les anti...tout (rogkiller, malwarebyte, etc)
pourriez vous m'aider, après le passage de combofix, à érradiquer les éventuels problèmes...
merci d'avance à tous
chriss

--- 12 août à 11h57 ---

re-bonjour,
voici en pièce jointe le rapport combofix
merci aux experts de me dire ce qu'il/s en pensent
bien à vous
chriss

ComboFix 14-08-12.01 - chriss 12/08/2014 11:01:14.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3454.2829 [GMT 2:00]
Lancé depuis: c:\documents and settings\chriss\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ma-config.com
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\activex.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\maconfservice.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\mcdetection.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\mcstubuser.txt
c:\documents and settings\All Users\Application Data\ma-config.com\Logs\websocketpp.log
c:\documents and settings\All Users\Application Data\ma-config.com\mcbase.db
c:\documents and settings\All Users\Application Data\ma-config.com\server.pem
c:\documents and settings\chriss\Application Data\Ivwoen
c:\documents and settings\chriss\Application Data\Ivwoen\ymzym.usu
c:\documents and settings\chriss\WINDOWS
c:\program files\DVDFabHDDecrypter4120.exe
c:\program files\ma-config.com
c:\program files\ma-config.com\config.xml
c:\program files\ma-config.com\CPUID\cpuidsdk.dll
c:\program files\ma-config.com\Drivers\ma-config.inf
c:\program files\ma-config.com\Drivers\ma-config_amd64.cat
c:\program files\ma-config.com\Drivers\ma-config_amd64.sys
c:\program files\ma-config.com\Drivers\ma-config_x86.cat
c:\program files\ma-config.com\Drivers\ma-config_x86.sys
c:\program files\ma-config.com\Langues\LangueMC.ar.resx
c:\program files\ma-config.com\Langues\LangueMC.de.resx
c:\program files\ma-config.com\Langues\LangueMC.en.resx
c:\program files\ma-config.com\Langues\LangueMC.es.resx
c:\program files\ma-config.com\Langues\LangueMC.fr.resx
c:\program files\ma-config.com\Langues\LangueMC.pt.resx
c:\program files\ma-config.com\Langues\LangueMC.ru.resx
c:\program files\ma-config.com\ma-config.html
c:\program files\ma-config.com\MaConfigAgent.exe
c:\program files\ma-config.com\MCBCL.dll
c:\program files\ma-config.com\MCDetection.exe
c:\program files\ma-config.com\MCNoyau.dll
c:\program files\ma-config.com\MCrypt.dll
c:\program files\ma-config.com\MCSettings.exe
c:\program files\ma-config.com\MCStubUser.exe
c:\program files\ma-config.com\sqlite3.dll
c:\program files\mediacoder_0-8-28-5588_fr_19581_32.exe
c:\program files\revouninstaller_1-95_fr_39528.exe
c:\program files\silverlight_5-1-20913-0_fr_41315_32.exe
c:\program files\tuxguitar_tuxguitar_1.2_francais_68592.exe
c:\program files\WindowsXP-KB932823-v3-x86-FRA.exe
c:\program files\WindowsXP-KB936929-SP3-x86-FRA.exe
c:\windows\system32\SET178.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET185.tmp
H:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ma-config_x86
-------\Legacy_MaConfigAgent
-------\Legacy_ma-config_x86
-------\Legacy_MaConfigAgent
-------\Service_ma-config_x86
-------\Service_MaConfigAgent
-------\Service_ma-config_x86
-------\Service_MaConfigAgent
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2014-07-12 au 2014-08-12 ))))))))))))))))))))))))))))))))))))
.
.
2014-08-11 14:45 . 2014-08-11 14:45 7161536 ----a-w- c:\program files\DriverRestore.exe
2014-08-11 13:13 . 2014-08-11 13:19 4474271 ----a-w- c:\program files\it222fra.exe
2014-08-10 09:05 . 2014-08-10 09:05 -------- d-----w- c:\windows\system32\wbem\Repository
2014-08-09 19:39 . 2014-08-09 19:39 -------- d-----w- c:\program files\Fichiers communs\Skype
2014-08-09 17:34 . 2014-08-09 17:34 -------- d-----w- c:\documents and settings\chriss\Application Data\ElevatedDiagnostics
2014-08-07 08:54 . 2014-08-07 08:54 -------- d-----w- C:\HP Universal Print Driver
2014-08-07 08:22 . 2014-08-07 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2014-08-07 08:12 . 2014-08-07 08:39 19158336 ----a-w- c:\program files\PRO2K3XP_32.exe
2014-08-07 08:07 . 2014-08-07 08:07 -------- d-----w- C:\ATI
2014-08-07 08:07 . 2014-08-07 08:08 18525752 ----a-w- c:\program files\11-2_xp32-64_hdmiaudio.exe
2014-08-07 08:05 . 2012-05-14 06:12 103040 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys
2014-08-07 08:02 . 2014-01-07 11:10 938368 ----a-w- c:\windows\system32\ativvamv.dll
2014-08-07 08:02 . 2014-01-07 10:51 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2014-08-07 07:57 . 2014-08-07 07:58 193732800 ----a-w- c:\program files\14-4-xp32-64-dd-ccc-pack1.exe
2014-08-04 12:02 . 2014-08-04 12:02 -------- d-----w- c:\program files\CrystalDiskInfo
2014-08-03 17:07 . 2014-08-03 17:07 -------- d-----w- c:\program files\Fichiers communs\xing shared
2014-08-03 17:06 . 2014-08-03 17:07 -------- d-----w- c:\program files\Real
2014-08-03 14:04 . 2014-08-03 16:31 -------- d-----w- c:\documents and settings\chriss\Application Data\KastorAllVideoDownloader
2014-07-28 18:03 . 2014-07-28 18:03 -------- d-----w- c:\program files\PDF Password Remover v3.5
2014-07-16 19:25 . 2014-07-17 12:27 -------- d-----w- c:\program files\Pixia 4.3a FR
2014-07-16 17:15 . 2014-07-17 12:27 -------- d-----w- c:\program files\Slowin Killer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-11 16:12 . 2014-06-05 09:07 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-11 15:30 . 2014-06-26 14:49 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-08 18:40 . 2012-06-09 13:36 6958304 ----a-w- c:\program files\Silverlight.exe
2014-08-03 17:06 . 2003-03-18 21:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2014-08-03 17:06 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2014-07-14 11:54 . 2013-11-21 07:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-14 11:54 . 2013-11-21 07:44 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-16 17:05 . 2014-01-19 12:24 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-16 17:05 . 2014-01-19 12:24 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-05-16 17:05 . 2014-01-19 12:24 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-15 19:46 . 2012-02-16 15:22 1880856 ----a-w- c:\windows\system32\AutoPartNt.exe
2014-02-13 10:20 . 2014-02-13 10:20 6861723 ----a-w- c:\program files\ZHPDiag2.exe
2014-01-19 12:23 . 2014-01-19 12:23 91412976 ----a-w- c:\program files\avast_free_antivirus_setup.exe
2014-01-19 01:53 . 2013-03-29 22:18 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2013-12-27 19:40 . 2013-12-27 19:40 819144 ----a-w- c:\program files\GoogleEarthSetup.exe
2013-09-07 12:37 . 2013-09-07 12:37 18590304 ----a-w- c:\program files\PDFCreator-1_2_3_setup.exe
2013-04-11 11:52 . 2013-04-11 11:51 8672032 ----a-w- c:\program files\Windows7UpgradeAdvisorSetup.exe
2013-03-30 19:10 . 2013-02-07 12:50 11120080 ----a-w- c:\program files\mseinstall.exe
2013-03-29 23:25 . 2013-03-29 23:25 760320 ----a-w- c:\program files\MicrosoftFixit50389.msi
2013-03-29 22:10 . 2013-03-29 22:10 830 ----a-w- c:\program files\Reset.cmd
2013-03-29 22:07 . 2013-03-29 22:07 379392 ----a-w- c:\program files\subinacl.msi
2013-02-25 15:02 . 2013-02-25 15:01 2602128 ----a-w- c:\program files\AudioPitchShift_Installer.exe
2012-11-13 19:15 . 2012-11-13 19:14 10674688 ----a-w- c:\program files\FreeSoundRecorder.exe
2012-09-01 15:48 . 2012-09-01 15:48 8837488 ----a-w- c:\program files\light_image_resizer4_setup_4.3.2.2_linkular.exe
2012-07-10 08:06 . 2012-07-10 08:06 18691416 ----a-w- c:\program files\PDFCreator-1_4_1_setup.exe
2012-05-25 20:13 . 2012-05-25 20:12 4278210 ----a-w- c:\program files\eq32.exe
2012-05-22 16:18 . 2012-05-22 16:18 22259528 ----a-w- c:\program files\vlc-2.0.1-win32.exe
2012-04-17 13:50 . 2012-04-17 13:50 20320648 ----a-w- c:\program files\jre-7u3-windows-i586.exe
2012-01-26 21:43 . 2012-01-26 21:43 883328 ----a-w- c:\program files\EasyOutlookExpressRepair.exe
2012-01-22 15:21 . 2012-01-22 15:21 1108016 ----a-w- c:\program files\gifsetup.exe
2012-01-21 18:46 . 2012-01-21 18:46 2479376 ----a-w- c:\program files\Installation_Messenger.exe
2012-01-21 01:42 . 2012-01-21 01:42 1043434 ----a-w- c:\program files\areslite.exe
2012-01-21 01:38 . 2012-01-21 01:38 2266624 ----a-w- c:\program files\conjugaison.msi
2012-01-21 01:30 . 2012-01-21 01:30 42786251 ----a-w- c:\program files\FFSetup280.exe
2012-01-21 01:27 . 2012-01-21 01:27 1156042 ----a-w- c:\program files\IEPrivacyKeeperSetup.exe
2012-01-21 01:25 . 2012-01-21 01:25 21073936 ----a-w- c:\program files\vlc-1.1.11-win32.exe
2012-01-20 20:59 . 2012-01-20 20:59 22606384 ----a-w- c:\program files\AdbeRdr70_fra_full.exe
2011-03-13 22:46 . 2012-05-22 13:21 2649016 ----a-w- c:\program files\revosetup.exe
2010-11-24 08:53 . 2012-01-20 20:53 17492496 ----a-w- c:\program files\PDFCreator-1_1_0_setup.exe
2008-10-01 21:49 . 2012-01-20 20:45 38910568 ----a-w- c:\program files\acdseepro-2-5-335-fr.exe
2008-08-01 19:32 . 2012-02-01 13:34 983040 ----a-r- c:\program files\AsusSetup.exe
2007-09-29 07:56 . 2012-01-20 20:31 4179293 ----a-w- c:\program files\everesthome220.exe
2007-09-29 07:53 . 2012-01-20 20:31 2226922 ----a-r- c:\program files\jv16pt_setup1.3.0.195.exe
2005-11-27 02:58 . 2013-07-26 10:41 174838062 ----a-w- c:\program files\GP5FULLBK.exe
2002-01-04 01:30 . 2002-01-04 01:30 180871536 ----a-w- c:\program files\vga_driver_ati_xp_8.66.exe
2002-01-04 01:16 . 2002-01-04 01:16 2720874 ----a-w- c:\program files\infinst_autol.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-30 06:12 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-12-03 1015808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-05 491520]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-08 3890208]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2014-01-07 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^chriss^Menu Démarrer^Programmes^Démarrage^Logitech . Enregistrement du produit.lnk]
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KSS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-10-07 16:08 140568 ----a-w- c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-10-07 16:36 904880 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-04 09:39 149040 -c--a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 07:38 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-12-05 14:41 49152 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-04 14:21 176128 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2004-05-05 05:18 491520 ----a-w- c:\windows\system32\hphmon05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2004-04-01 10:33 49152 -c--a-w- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
2004-05-24 16:50 1894912 -c--a-w- c:\program files\ASUS\Ai Booster\OverClk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGMobileSyncLauncher]
2009-01-22 14:43 4333568 -c--a-w- c:\program files\LG PC Suite II\LG_MobileSync_Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 12:26 484904 -c--a-w- c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 18:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-05-04 09:59 161328 -c--a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 09:42 69632 -c--a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-07-24 16:26 21650016 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2014-08-03 17:06 202256 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-10-07 16:01 2620336 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NetSvc"=3 (0x3)
"maconfservice"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"TryAndDecideService"=2 (0x2)
"LightScribeService"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"NMIndexingService"=3 (0x3)
"KSS"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"RaMediaServer"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Program Files\\Ralink\\Common\\RaMediaServer.exe"=
"c:\\Program Files\\Ralink\\Common\\RaUI.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1853:TCP"= 1853:TCP:messenger
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [19/01/2014 14:24 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [19/01/2014 14:24 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [19/01/2014 14:24 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [19/01/2014 14:24 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [30/04/2014 08:12 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [19/01/2014 14:24 67824]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [11/07/2014 23:26 19072]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [11/07/2014 13:57 5037888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [07/08/2014 10:05 103040]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [02/06/2010 03:24 11520]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/11/2012 18:26 691696]
S1 avbmumyy;avbmumyy; [x]
S1 bmufirsr;bmufirsr; [x]
S1 cqrgyzui;cqrgyzui; [x]
S1 cqshzhjw;cqshzhjw; [x]
S1 dbzhbkbh;dbzhbkbh; [x]
S1 empvokts;empvokts; [x]
S1 ggdpwrlp;ggdpwrlp; [x]
S1 hbkonlme;hbkonlme; [x]
S1 iyzqdsxu;iyzqdsxu; [x]
S1 jahqplkw;jahqplkw; [x]
S1 kjwevgnr;kjwevgnr; [x]
S1 krffdrfl;krffdrfl; [x]
S1 kvowhvvn;kvowhvvn; [x]
S1 kyysysuu;kyysysuu; [x]
S1 tffeossq;tffeossq; [x]
S1 toxxcicp;toxxcicp; [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [29/05/2013 11:13 26080]
S3 BEHRINGER_2902;BEHRINGER_2902;c:\windows\system32\drivers\BUSB2902.sys [28/01/2014 14:59 110272]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336]
S3 RSUSBCCID;Realtek Smartcard Reader Driver;c:\windows\system32\drivers\RtsUCcid.sys [06/05/2012 22:02 44032]
S3 RtsUIr;Realtek IR Driver;c:\windows\system32\drivers\RtsUIr.sys [06/05/2012 22:02 17536]
S4 RaMediaServer;Ralink UPnP Media Server;c:\program files\Ralink\Common\RaMediaServer.exe [11/07/2014 23:26 1863680]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 09:15 172192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 12:23 452136 ----a-w- c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 22:10 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2014-08-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-30 06:12]
.
2014-08-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-1897051121-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
2014-08-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-1897051121-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
2014-08-12 c:\windows\Tasks\User_Feed_Synchronization-{0472CCD7-3708-4E57-8FD9-698694C64703}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.


TCP: DhcpNameServer = 192.168.1.1 192.168.1.1



.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
AddRemove-DriverRestore - c:\documents and settings\chriss\Bureau\DriverRestore\uninst.exe
AddRemove-Guitar Leads - c:\program files\Guitar-Leads.com\uninst.exe
AddRemove-{1A1FA721-8EC9-4B53-8313-1B886911FDE4} - c:\documents and settings\chriss\Local Settings\Application Data\{C800B840-79A7-481D-BDCC-960687612F5A}\JamManagerInstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-12 11:12
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000001
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Heure de fin: 2014-08-12 11:19:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2014-08-12 09:19
.
Avant-CF: 409 757 896 704 octets libres
Après-CF: 408 969 162 752 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - C6F5C8180125D701275EBFC39B700327
C99C3199CFAA4CBDCD91493F6D113A50

-édit- Dans cette section, il ne faut pas multiplier les messages dans ton sujet avant d'avoir été pris en charge : au vu de la présence d'une « réponse », les helpers ne s'y intéresseront pas, croyant le problème pris en mains par l'un des leurs. Utilise plutôt la touche « Modifier » située en bas à droite de ton premier message…

Modifié le 12 août 2014 par Dylav
Fusion des messages initiaux... ;o)