ComboFix 13-09-16.01 - marie 16/09/2013  22:55:22.2.1 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.1015.633 [GMT 2:00]
Lancé depuis: c:\documents and settings\marie\Bureau\ComboFix.exe
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-08-16 au 2013-09-16  ))))))))))))))))))))))))))))))))))))
.
.
2013-09-14 23:08 . 2013-09-14 23:23	--------	d-----w-	C:\1f5868b4e295bf73ae3961ee3c2b80b6
2013-09-14 22:52 . 2013-09-14 22:52	--------	d-----w-	C:\Intel
2013-09-14 22:43 . 2013-09-15 20:41	--------	d-----r-	C:\Program Files
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-16 21:05 . 2013-09-16 21:05	30976	----a-w-	c:\windows\system32\drivers\hitmanpro37.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-08-02 . 98ABC27257B3C3BEFD501469A856F1ED . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2013-09-15 20145368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-08-02 123904]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
WiFi Station.lnk - c:\program files\Hercules\WiFiStation\WiFiN.exe -s [2013-9-15 122880]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Common\\HPDeviceDetection3.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [15/09/2013 22:41 106280]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [15/09/2013 01:55 14336]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [15/09/2013 21:10 572800]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15/09/2013 02:09 1691480]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18/08/2005 7168]
.
Contenu du dossier 'Tâches planifiées'
.
2013-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-15 16:09]
.
2013-09-16 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-09-14 07:00]
.
.
------- Examen supplémentaire -------
.
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - c:\documents and settings\marie\Application Data\Mozilla\Firefox\Profiles\lyc77h2n.default\
FF - ExtSQL: 2013-09-15 18:05; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\marie\Application Data\Mozilla\Firefox\Profiles\lyc77h2n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-09-15 21:17; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\documents and settings\marie\Application Data\Mozilla\Firefox\Profiles\lyc77h2n.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-16 23:04
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3736)
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Hercules\WiFiStation\WiFiN.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Heure de fin: 2013-09-16  23:08:17 - La machine a redémarré
ComboFix-quarantined-files.txt  2013-09-16 21:08
ComboFix2.txt  2013-09-15 21:13
.
Avant-CF: 139 195 604 992 octets libres
Après-CF: 139 167 092 736 octets libres
.
- - End Of File - - 531058C86A6194243A6563438933D0F9
C99C3199CFAA4CBDCD91493F6D113A50