ComboFix 14-02-16.01 - Killer_VirusFr 16/02/2014  21:36:59.2.1 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.3583.3279 [GMT 1:00]
Lancé depuis: c:\docume~1\KILLER~1\Bureau\ComboFix.exe
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\{$6975-5712-2121-7619$}
c:\{$6975-5712-2121-7619$}\comhost.exe
c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\gpresult.exe
c:\windows\directx.sys
c:\windows\svchost.com
.
c:\windows\system32\drivers\usbehci.sys . . . manque!!
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-01-16 au 2014-02-16  ))))))))))))))))))))))))))))))))))))
.
.
2014-02-16 20:31 . 2014-02-16 20:31	--------	d-----w-	C:\FRST
2014-02-15 14:14 . 2014-02-16 20:27	--------	d-----w-	c:\program files\Accessories
2014-02-15 14:14 . 2008-04-13 16:33	1384479	----a-w-	c:\windows\system32\inobject.dll
2014-02-15 14:14 . 2002-08-25 10:17	109248	----a-w-	c:\windows\system32\MSWINSCK.OCX
2014-02-15 14:14 . 1999-08-18 08:54	180224	---h--w-	c:\windows\ntfsv.dll
2014-02-15 14:14 . 2014-02-16 20:19	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Application Data\imlgs
2014-02-15 14:14 . 2014-02-15 14:14	--------	d-----w-	c:\program files\No-IP
2014-02-15 14:14 . 2014-02-16 20:27	--------	d-----w-	c:\program files\VbNet
2014-02-15 14:14 . 2014-02-15 14:14	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Application Data\VanToM Folder
2014-02-15 14:13 . 2014-02-15 14:14	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\IntelService
2014-02-15 14:13 . 2014-02-15 14:14	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Application Data\Saceza
2014-02-15 14:13 . 2014-02-15 14:14	--------	d-sh--r-	c:\documents and settings\Killer_VirusFr\4gr75b2k2
2014-02-15 14:13 . 2014-02-15 14:13	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Application Data\etranslator
2014-02-08 09:31 . 2014-02-08 09:31	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\Opera Software
2014-02-08 09:31 . 2014-02-08 09:31	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Application Data\Opera Software
2014-02-07 22:28 . 2014-02-07 22:28	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Application Data\Malwarebytes
2014-02-07 21:42 . 2014-02-07 21:42	--------	d-----w-	c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\Identities
2014-02-07 20:55 . 2014-02-07 20:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-07 20:46 . 2014-02-07 20:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 20:41 . 2014-02-16 20:41	41472	------r-	c:\windows\svchost.com
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelService"="c:\documents and settings\Killer_VirusFr\Local Settings\Application Data\IntelService\IntelService.exe" [2014-02-15 1726976]
"VanToM"="c:\documents and settings\Killer_VirusFr\Application Data\VanToM Folder\VanToM.exe" [2014-02-13 199265]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBoxTray"="c:\windows\system32\VBoxTray.exe" [2012-09-07 954712]
.
c:\documents and settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\
start.lnk - c:\documents and settings\Killer_VirusFr\4gr75b2k2\54402.vbs [2014-2-15 194]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^Killer_VirusFr^Menu Démarrer^Programmes^Démarrage^Update.Microsoft.com.url]
path=c:\documents and settings\Killer_VirusFr\Menu Démarrer\Programmes\Démarrage\Update.Microsoft.com.url
backup=c:\windows\pss\Update.Microsoft.com.urlStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8832:UDP"= 8832:UDP:UDP 8832
"3265:TCP"= 3265:TCP:TCP 3265
.
R0 VBoxGuest;VirtualBox Guest Driver;c:\windows\system32\drivers\VBoxGuest.sys [22/09/2012 10:10 108376]
R1 VBoxSF;VirtualBox Shared Folders;c:\windows\system32\drivers\VBoxSF.sys [07/09/2012 17:02 225112]
R2 VBoxService;VirtualBox Guest Additions Service;system32\VBoxService.exe --> system32\VBoxService.exe [?]
R3 VBoxMouse;VirtualBox Guest Mouse Service;c:\windows\system32\drivers\VBoxMouse.sys [07/09/2012 17:02 85848]
R3 VBoxVideo;VBoxVideo;c:\windows\system32\drivers\VBoxVideo.sys [22/09/2012 10:10 104280]
.
.
------- Examen supplémentaire -------
.
TCP: DhcpNameServer = 192.168.1.1
.
.
------- Associations de fichier -------
.
exefile=c:\windows\svchost.com "%1" %*
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-+obJwJzRCDFx+Rn8rUrDaI3m - c:\documents and settings\Killer_VirusFr\Application Data\Microsoft\CryptnetUrlCache\gpresult.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-16 21:41
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(1916)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\VBoxService.exe
c:\docume~1\KILLER~1\LOCALS~1\Temp\3582-490\IntelService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2014-02-16  21:41:27 - La machine a redémarré
ComboFix-quarantined-files.txt  2014-02-16 20:41
ComboFix2.txt  2014-02-16 20:28
.
Avant-CF: 6 650 449 920 octets libres
Après-CF: 6 652 755 968 octets libres
.
- - End Of File - - 712C5DBC15E25818E92408AB62D7CA92
C99C3199CFAA4CBDCD91493F6D113A50