bttcomputer

Bonjour, je suis nouveau sur le forum. J'ai un pc qui fonctionne sous windows XP.il y'a quelques jours j'utilisais msn quand tout à coup le pc s'éteind et quand on le redémarre il plante tout le temps.J'ai constaté qu'une barrette RAM DDR PC2700 était H.S. donc j'en ai plus qu'une de 512 Mo. Je ne peux démarrer le pc qu'en mode sans échec pour pouvoir l'utiliser. J'ai fais pas mal de manip comme réinitialiser le bios (en enlevant la pile, puis en déchargeant le condo associé) mais rien à faire. J'ai donc télécharger Hijackthis et combofix et je vous mets les rapports, car j'ai besoin de savoir si c'est un virus ou pas car j'ai des documents hyper importants. Je voudrais savoir si j'ai des virus et comment les enlever, car je ne peux plus rien faire sur mon pc. Merci rapport HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:08:39, on 30/07/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe F:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = duxot.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242986744359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242989887562 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Service Google Update (gupdate1c9dd19b2641396) (gupdate1c9dd19b2641396) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7379 bytes ET VOICi le résultat de COMBOFIX : ComboFix 10-07-30.01 - Administrateur 30/07/2010 22:56:12.1.1 - x86 MINIMAL Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.294 [GMT 2:00] Lancé depuis: F:\ComboFix.exe AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . Autres suppressions . c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf c:\program files\Winsudate c:\program files\Winsudate\gibidl.dll c:\windows\GnuHashes.ini c:\windows\system32\1719538114 c:\windows\system32\SysWoW32 c:\windows\system32\SysWoW32\@u236334335v0 c:\windows\system32\SysWoW32\@u236334335v1 c:\windows\system32\SysWoW32\@u236334335v2 c:\windows\system32\SysWoW32\@u236334335v3 c:\windows\system32\SysWoW32\@u236334335v4 c:\windows\system32\SysWoW32\@u236334335v5 c:\windows\system32\SysWoW32\@u236334335v6 c:\windows\system32\SysWoW32\@u236334335v7 c:\windows\system32\SysWoW32\_u236334335v0 c:\windows\system32\SysWoW32\_u236334335v1 c:\windows\system32\SysWoW32\_u236334335v2 c:\windows\system32\SysWoW32\_u236334335v3 c:\windows\system32\SysWoW32\_u236334335v4 c:\windows\system32\SysWoW32\_u236334335v5 c:\windows\system32\SysWoW32\_u236334335v6 c:\windows\system32\SysWoW32\_u236334335v7 c:\windows\system32\SysWoW32\mu236334335v4 c:\windows\system32\SysWoW32\mu236334335v4.kwd c:\windows\system32\SysWoW32\mu236334335v5 c:\windows\system32\SysWoW32\mu236334335v5.kwd c:\windows\system32\SysWoW32\mu236334335v6 c:\windows\system32\SysWoW32\mu236334335v6.kwd c:\windows\system32\SysWoW32\mu236334335v7 c:\windows\system32\SysWoW32\mu236334335v7.kwd c:\windows\system32\SysWoW32\wu236334335v0 c:\windows\system32\SysWoW32\wu236334335v0.kwd c:\windows\system32\SysWoW32\wu236334335v1 c:\windows\system32\SysWoW32\wu236334335v1.kwd c:\windows\system32\SysWoW32\wu236334335v2 c:\windows\system32\SysWoW32\wu236334335v2.kwd c:\windows\system32\SysWoW32\wu236334335v3 c:\windows\system32\SysWoW32\wu236334335v3.kwd c:\windows\system32\unrar.exe . (( Fichiers créés du 2010-06-28 au 2010-07-30 . 2010-07-22 09:59 . 2010-07-22 09:59 -------- d-sh--w- c:\documents and settings\Administrateur.SN301546670000.003\IECompatCache 2010-07-22 09:59 . 2010-07-22 09:59 -------- d-sh--w- c:\documents and settings\Administrateur.SN301546670000.003\PrivacIE 2010-07-22 09:57 . 2010-07-22 09:57 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.003\Local Settings\Application Data\Apple Computer 2010-07-22 09:47 . 2010-07-22 09:47 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.003\Local Settings\Application Data\Google 2010-07-22 09:44 . 2010-07-22 09:44 -------- d-sh--w- c:\documents and settings\Administrateur.SN301546670000.003\IETldCache 2010-07-21 12:40 . 2010-07-21 12:40 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-21 12:31 . 2010-07-21 12:32 -------- d-----w- c:\program files\Windows Live 2010-07-21 12:31 . 2010-07-21 12:31 -------- d-----w- c:\program files\SAGEM 2010-07-21 12:31 . 2010-07-21 12:31 -------- d-----w- c:\program files\LG Electronics 2010-07-21 12:30 . 2010-07-21 12:31 -------- d-----w- c:\program files\LG PC Suite 2 2010-07-21 12:30 . 2010-07-21 12:30 -------- d-----w- c:\program files\Sweet Home 3D 2010-07-21 12:30 . 2010-07-21 12:30 -------- d-----w- c:\program files\Super-Motus 2010-07-21 12:20 . 2010-07-21 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2010-07-21 12:19 . 2010-07-21 12:19 -------- d-----w- c:\program files\Games-Attack 2010-07-19 14:20 . 2010-07-19 14:20 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.002\Local Settings\Application Data\Google 2010-07-15 02:43 . 2010-07-15 02:43 35664 ----a-w- c:\documents and settings\Administrateur.SN301546670000.002\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-14 18:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-14 17:26 . 2010-07-14 17:26 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.002\IECompatCache 2010-07-14 17:26 . 2010-07-14 17:26 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.002\PrivacIE 2010-07-14 09:47 . 2010-07-14 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2010-07-13 16:24 . 2010-07-13 16:24 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.000\PrivacIE 2010-07-12 09:10 . 2010-07-12 09:10 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.000\IECompatCache 2010-07-12 09:03 . 2010-07-12 09:03 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.000\Local Settings\Application Data\Google 2010-07-11 22:56 . 2010-07-11 22:56 35664 ----a-w- c:\documents and settings\Administrateur.SN301546670000.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-10 17:04 . 2010-07-10 17:04 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.000\IETldCache 2010-07-10 06:57 . 2010-07-10 06:57 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000\IETldCache 2010-07-08 17:59 . 2010-07-21 12:35 -------- d-s---w- c:\documents and settings\Daniel 2010-07-08 17:59 . 2010-07-08 17:59 -------- d-----w- c:\documents and settings\Daniel\Modèles 2010-07-08 17:53 . 2010-07-08 17:53 -------- d-----w- c:\documents and settings\Administrateur\PrivacIE 2010-07-08 17:52 . 2010-07-08 17:52 35664 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-08 17:50 . 2010-07-08 17:50 -------- d-----w- c:\documents and settings\Administrateur\IETldCache . ( Compte-rendu de Find3M . 2010-07-21 12:20 . 2010-03-23 10:50 -------- d-----w- c:\program files\Yahoo! 2010-07-21 12:20 . 2004-05-12 18:13 -------- d-----w- c:\program files\Micro Application 2010-07-21 09:14 . 2004-03-15 15:24 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-14 09:44 . 2009-12-05 09:58 -------- d-----w- c:\program files\Windows Media Connect 2 2010-06-25 09:52 . 2010-06-25 09:52 -------- d-----w- c:\program files\VirginMega 2010-06-23 13:50 . 2010-06-23 13:50 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb10.tmp.exe 2010-06-16 17:38 . 2009-07-31 09:52 -------- d-----w- c:\program files\Pvm 2010-06-14 14:31 . 2002-09-30 12:02 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-06 07:48 . 2009-05-30 16:45 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-06 10:33 . 2002-09-30 11:49 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:08 . 2002-09-30 11:49 1851392 ----a-w- c:\windows\system32\win32k.sys 2006-05-03 10:06 . 2009-06-15 08:29 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2009-06-15 08:29 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 13:30 . 2009-06-15 08:29 216064 --sh--r- c:\windows\system32\nbDX.dll . Points de chargement Reg . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] 2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] 2001-09-04 14:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2003-10-28 20:10 335872 -c--a-w- c:\ati technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5] 2010-03-09 11:24 2769336 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2] 2007-08-10 12:38 81920 ----a-w- c:\program files\Hercules\Deluxe Optical Glass\CamService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager] 2008-12-04 12:24 665424 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2009-05-30 18:00 68592 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE] 2000-04-27 01:05 359424 ----a-w- c:\program files\iWare\iWare Mouse\3.2\LwbWheel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2003-08-14 22:34 57344 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2004-03-15 15:34 151597 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] 2003-08-19 00:01 110592 ----a-w- c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer] 2003-08-13 09:33 299008 ----a-w- c:\program files\Virtual CD v4 SDK\System\vcsplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] 2003-05-07 15:32 36864 ----a-w- c:\windows\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Hercules\\Deluxe Optical Glass\\Station2.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\DVICO\\TViXNetShare\\TViXNetShare.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [15/03/2004 17:34 11264] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/05/2009 12:34 162640] S1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [15/03/2004 17:38 49024] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/12/2009 17:31 19024] S2 gupdate1c9dd19b2641396;Service Google Update (gupdate1c9dd19b2641396);c:\program files\Google\Update\GoogleUpdate.exe [25/05/2009 11:17 133104] S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [15/03/2004 17:38 139264] S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/05/2009 13:30 94720] . Contenu du dossier 'Tâches planifiées' 2004-05-02 c:\windows\Tasks\Rappel d'enregistrement 1.job - c:\windows\System32\OOBE\oobebaln.exe [2002-09-30 02:34] 2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{02FB7C41-7C42-4973-A1CE-39AC6439675C}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Examen supplémentaire ------- . mStart Page = hxxp://www.duxot.com/ DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-{66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file) HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\COTET\Application Data\SystemProc\lsass.exe Notify-d44c76a5839 - c:\windows\System32\eswiaud32.dll MSConfigStartUp-CleanEasyImg - c:\apps\easydvd\cleanall.exe MSConfigStartUp-EmailChecker - c:\apps\EmailChecker\ech.exe MSConfigStartUp-Helper - c:\documents and settings\COTET\Application Data\Agence Exclusive\Update\UpdateHP.exe AddRemove-daanlbf - c:\documents and settings\cotet\local settings\application data\daanlbf.exe AddRemove-New DJ - c:\apps\Audioneer\NewDJ\DeIsL1.isu AddRemove-Update_is1 - c:\documents and settings\COTET\Application Data\Agence Exclusive\Update\unins000.exe AddRemove-XviD - c:\program files\XviD\UninstXviD.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-30 23:02 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run RTHDBPL = c:\documents and settings\COTET\Application Data\SystemProc\lsass.exe??????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-3321715879-840904052-429618299-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,85,af,d9,9a,13,c9,4b,a8,3a,fd,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,85,af,d9,9a,13,c9,4b,a8,3a,fd,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Heure de fin: 2010-07-30 23:05:04 ComboFix-quarantined-files.txt 2010-07-30 21:04 Avant-CF: 26 821 378 048 octets libres Après-CF: 26 985 426 944 octets libres - - End Of File - - 5F7514D66485A1B53D715F667A278B75