Bonjour, je suis nouveau sur le forum.
J'ai un pc qui fonctionne sous windows XP.il y'a quelques jours j'utilisais msn quand tout à coup le pc s'éteind et quand on le redémarre il plante tout le temps.J'ai constaté qu'une barrette RAM DDR PC2700 était H.S. donc j'en ai plus qu'une de 512 Mo. Je ne peux démarrer le pc qu'en mode sans échec pour pouvoir l'utiliser. J'ai fais pas mal de manip comme réinitialiser le bios (en enlevant la pile, puis en déchargeant le condo associé) mais rien à faire. J'ai donc télécharger Hijackthis et combofix et je vous mets les rapports, car j'ai besoin de savoir si c'est un virus ou pas car j'ai des documents hyper importants. Je voudrais savoir si j'ai des virus et comment les enlever, car je ne peux plus rien faire sur mon pc.
Merci
rapport HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:39, on 30/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
F:\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = duxot.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242986744359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242989887562
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service Google Update (gupdate1c9dd19b2641396) (gupdate1c9dd19b2641396) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7379 bytes
ET VOICi le résultat de COMBOFIX :
ComboFix 10-07-30.01 - Administrateur 30/07/2010 22:56:12.1.1 - x86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.294 [GMT 2:00]
Lancé depuis: F:\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
Autres suppressions
.
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\program files\Winsudate
c:\program files\Winsudate\gibidl.dll
c:\windows\GnuHashes.ini
c:\windows\system32\1719538114
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\@u236334335v0
c:\windows\system32\SysWoW32\@u236334335v1
c:\windows\system32\SysWoW32\@u236334335v2
c:\windows\system32\SysWoW32\@u236334335v3
c:\windows\system32\SysWoW32\@u236334335v4
c:\windows\system32\SysWoW32\@u236334335v5
c:\windows\system32\SysWoW32\@u236334335v6
c:\windows\system32\SysWoW32\@u236334335v7
c:\windows\system32\SysWoW32\_u236334335v0
c:\windows\system32\SysWoW32\_u236334335v1
c:\windows\system32\SysWoW32\_u236334335v2
c:\windows\system32\SysWoW32\_u236334335v3
c:\windows\system32\SysWoW32\_u236334335v4
c:\windows\system32\SysWoW32\_u236334335v5
c:\windows\system32\SysWoW32\_u236334335v6
c:\windows\system32\SysWoW32\_u236334335v7
c:\windows\system32\SysWoW32\mu236334335v4
c:\windows\system32\SysWoW32\mu236334335v4.kwd
c:\windows\system32\SysWoW32\mu236334335v5
c:\windows\system32\SysWoW32\mu236334335v5.kwd
c:\windows\system32\SysWoW32\mu236334335v6
c:\windows\system32\SysWoW32\mu236334335v6.kwd
c:\windows\system32\SysWoW32\mu236334335v7
c:\windows\system32\SysWoW32\mu236334335v7.kwd
c:\windows\system32\SysWoW32\wu236334335v0
c:\windows\system32\SysWoW32\wu236334335v0.kwd
c:\windows\system32\SysWoW32\wu236334335v1
c:\windows\system32\SysWoW32\wu236334335v1.kwd
c:\windows\system32\SysWoW32\wu236334335v2
c:\windows\system32\SysWoW32\wu236334335v2.kwd
c:\windows\system32\SysWoW32\wu236334335v3
c:\windows\system32\SysWoW32\wu236334335v3.kwd
c:\windows\system32\unrar.exe
.
(( Fichiers créés du 2010-06-28 au 2010-07-30
.
2010-07-22 09:59 . 2010-07-22 09:59 -------- d-sh--w- c:\documents and settings\Administrateur.SN301546670000.003\IECompatCache
2010-07-22 09:59 . 2010-07-22 09:59 -------- d-sh--w- c:\documents and settings\Administrateur.SN301546670000.003\PrivacIE
2010-07-22 09:57 . 2010-07-22 09:57 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.003\Local Settings\Application Data\Apple Computer
2010-07-22 09:47 . 2010-07-22 09:47 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.003\Local Settings\Application Data\Google
2010-07-22 09:44 . 2010-07-22 09:44 -------- d-sh--w- c:\documents and settings\Administrateur.SN301546670000.003\IETldCache
2010-07-21 12:40 . 2010-07-21 12:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-21 12:31 . 2010-07-21 12:32 -------- d-----w- c:\program files\Windows Live
2010-07-21 12:31 . 2010-07-21 12:31 -------- d-----w- c:\program files\SAGEM
2010-07-21 12:31 . 2010-07-21 12:31 -------- d-----w- c:\program files\LG Electronics
2010-07-21 12:30 . 2010-07-21 12:31 -------- d-----w- c:\program files\LG PC Suite 2
2010-07-21 12:30 . 2010-07-21 12:30 -------- d-----w- c:\program files\Sweet Home 3D
2010-07-21 12:30 . 2010-07-21 12:30 -------- d-----w- c:\program files\Super-Motus
2010-07-21 12:20 . 2010-07-21 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-21 12:19 . 2010-07-21 12:19 -------- d-----w- c:\program files\Games-Attack
2010-07-19 14:20 . 2010-07-19 14:20 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.002\Local Settings\Application Data\Google
2010-07-15 02:43 . 2010-07-15 02:43 35664 ----a-w- c:\documents and settings\Administrateur.SN301546670000.002\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 18:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 17:26 . 2010-07-14 17:26 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.002\IECompatCache
2010-07-14 17:26 . 2010-07-14 17:26 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.002\PrivacIE
2010-07-14 09:47 . 2010-07-14 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2010-07-13 16:24 . 2010-07-13 16:24 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.000\PrivacIE
2010-07-12 09:10 . 2010-07-12 09:10 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.000\IECompatCache
2010-07-12 09:03 . 2010-07-12 09:03 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.000\Local Settings\Application Data\Google
2010-07-11 22:56 . 2010-07-11 22:56 35664 ----a-w- c:\documents and settings\Administrateur.SN301546670000.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-10 17:04 . 2010-07-10 17:04 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000.000\IETldCache
2010-07-10 06:57 . 2010-07-10 06:57 -------- d-----w- c:\documents and settings\Administrateur.SN301546670000\IETldCache
2010-07-08 17:59 . 2010-07-21 12:35 -------- d-s---w- c:\documents and settings\Daniel
2010-07-08 17:59 . 2010-07-08 17:59 -------- d-----w- c:\documents and settings\Daniel\Modèles
2010-07-08 17:53 . 2010-07-08 17:53 -------- d-----w- c:\documents and settings\Administrateur\PrivacIE
2010-07-08 17:52 . 2010-07-08 17:52 35664 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-08 17:50 . 2010-07-08 17:50 -------- d-----w- c:\documents and settings\Administrateur\IETldCache
.
( Compte-rendu de Find3M
.
2010-07-21 12:20 . 2010-03-23 10:50 -------- d-----w- c:\program files\Yahoo!
2010-07-21 12:20 . 2004-05-12 18:13 -------- d-----w- c:\program files\Micro Application
2010-07-21 09:14 . 2004-03-15 15:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 09:44 . 2009-12-05 09:58 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-25 09:52 . 2010-06-25 09:52 -------- d-----w- c:\program files\VirginMega
2010-06-23 13:50 . 2010-06-23 13:50 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb10.tmp.exe
2010-06-16 17:38 . 2009-07-31 09:52 -------- d-----w- c:\program files\Pvm
2010-06-14 14:31 . 2002-09-30 12:02 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-06 07:48 . 2009-05-30 16:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-06 10:33 . 2002-09-30 11:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:08 . 2002-09-30 11:49 1851392 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 10:06 . 2009-06-15 08:29 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-06-15 08:29 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-06-15 08:29 216064 --sh--r- c:\windows\system32\nbDX.dll
.
Points de chargement Reg
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprecovr \SystemRoot\sprecovr.txt
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-04 14:24 28672 ----a-w- c:\windows\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-10-28 20:10 335872 -c--a-w- c:\ati technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
2010-03-09 11:24 2769336 ----a-w- c:\progra~1\ALWILS~1\Avast5\AvastUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]
2007-08-10 12:38 81920 ----a-w- c:\program files\Hercules\Deluxe Optical Glass\CamService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2008-12-04 12:24 665424 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-05-30 18:00 68592 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
2000-04-27 01:05 359424 ----a-w- c:\program files\iWare\iWare Mouse\3.2\LwbWheel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2003-08-14 22:34 57344 ----a-w- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Fichiers communs\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-03-15 15:34 151597 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 00:01 110592 ----a-w- c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]
2003-08-13 09:33 299008 ----a-w- c:\program files\Virtual CD v4 SDK\System\vcsplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2003-05-07 15:32 36864 ----a-w- c:\windows\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hercules\\Deluxe Optical Glass\\Station2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\DVICO\\TViXNetShare\\TViXNetShare.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [15/03/2004 17:34 11264]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/05/2009 12:34 162640]
S1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [15/03/2004 17:38 49024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/12/2009 17:31 19024]
S2 gupdate1c9dd19b2641396;Service Google Update (gupdate1c9dd19b2641396);c:\program files\Google\Update\GoogleUpdate.exe [25/05/2009 11:17 133104]
S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [15/03/2004 17:38 139264]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/05/2009 13:30 94720]
.
Contenu du dossier 'Tâches planifiées'
2004-05-02 c:\windows\Tasks\Rappel d'enregistrement 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2002-09-30 02:34]
2010-07-30 c:\windows\Tasks\User_Feed_Synchronization-{02FB7C41-7C42-4973-A1CE-39AC6439675C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://www.duxot.com/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-{66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\COTET\Application Data\SystemProc\lsass.exe
Notify-d44c76a5839 - c:\windows\System32\eswiaud32.dll
MSConfigStartUp-CleanEasyImg - c:\apps\easydvd\cleanall.exe
MSConfigStartUp-EmailChecker - c:\apps\EmailChecker\ech.exe
MSConfigStartUp-Helper - c:\documents and settings\COTET\Application Data\Agence Exclusive\Update\UpdateHP.exe
AddRemove-daanlbf - c:\documents and settings\cotet\local settings\application data\daanlbf.exe
AddRemove-New DJ - c:\apps\Audioneer\NewDJ\DeIsL1.isu
AddRemove-Update_is1 - c:\documents and settings\COTET\Application Data\Agence Exclusive\Update\unins000.exe
AddRemove-XviD - c:\program files\XviD\UninstXviD.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-30 23:02
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\COTET\Application Data\SystemProc\lsass.exe???????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-3321715879-840904052-429618299-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,85,af,d9,9a,13,c9,4b,a8,3a,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,85,af,d9,9a,13,c9,4b,a8,3a,fd,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Heure de fin: 2010-07-30 23:05:04
ComboFix-quarantined-files.txt 2010-07-30 21:04
Avant-CF: 26 821 378 048 octets libres
Après-CF: 26 985 426 944 octets libres
- - End Of File - - 5F7514D66485A1B53D715F667A278B75
