Mon pc perd le nord

[patass]

Bonjour à tous,

Depuis un certains temps, mon pc est devenu très lent, se bloque seul et reprend quelques 10 secondes plutard.

Quand j'eteint mon pc, il me demande de fermer une application que je n'arrive pas a déterminer.

Comme antivirus, j'ai AVG8; Au contrôle, il n'y a rien a signaler.

J'oubliais, aussi, je vois aléatoirement mon dvd dans le poste de travail et meme quand je le vois et que je mets un cd/dvd, il disparait.

Aidez-moi SVP...

Je vous fait parvenir mon rapport Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:12:53, on 23/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\ZCfgSvc.exe

D:\WINDOWS\Explorer.EXE

D:\PROGRA~1\AVG\AVG8\avgtray.exe

D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\SuperCopier2\SuperCopier2.exe

D:\Program Files\Microsoft ActiveSync\wcescomm.exe

D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Messenger\msmsgs.exe

D:\PROGRA~1\MICROS~3\rapimgr.exe

D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

D:\Program Files\Orbitdownloader\orbitdm.exe

D:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

D:\WINDOWS\system32\crypserv.exe

D:\Program Files\Orbitdownloader\orbitnet.exe

D:\WINDOWS\system32\DVDRAMSV.exe

D:\WINDOWS\system32\IDispChg.exe

D:\WINDOWS\system32\svchost.exe

D:\PROGRA~1\AVG\AVG8\avgrsx.exe

D:\PROGRA~1\AVG\AVG8\avgemc.exe

D:\WINDOWS\system32\wbem\wmiprvse.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\System32\alg.exe

D:\Program Files\Skype\Plugin Manager\skypePM.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\Orbitdownloader\Grab.exe

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - D:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [superCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe

O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - D:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - D:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - D:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - D:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_1.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{04254F72-F0BA-4315-A25F-934D740FDDE9}: NameServer = 213.136.96.2 213.136.96.37

O17 - HKLM\System\CS1\Services\Tcpip\..\{04254F72-F0BA-4315-A25F-934D740FDDE9}: NameServer = 213.136.96.2 213.136.96.37

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - D:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - D:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IDispChg Service (IDispChgService) - Unknown owner - D:\WINDOWS\system32\IDispChg.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MySQL - Unknown owner - D:\Program.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - D:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

 

--

End of file - 11856 bytes

[Apollo]

Bonsoir,

 

Il perd le Nord? T'as pas une boussole pour lui?

 

Trêve de plaisanterie.

 

Relance Hijackthis avec Do a system scan only et coche les cases devant les lignes suivantes: SOUS VISTA: Clic droit sur Hijackthis/exécuter en temps qu'administrateur!

 

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - D:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - D:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - D:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

 

Ferme toutes les applications ouvertes et les navigateurs et clique sur Fix Checked

 

*******************************

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure : dangereux.

 

Connecter les supports amovibles (clé usb et autres) avant de procéder.

 

Tutoriel officiel

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Si la console de récupération n'est pas installée sur un XP, ComboFix va proposer de l'installer: Accepter!
  
• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

 

Si tu perds la connexion après le passage de ComboFix, voici comment la réparer ICI.

 

@++

[patass]

Voila le rapport:

 

ComboFix 08-11-24.01 - PatrX ACMian 2008-11-25 7:41:17.1 - NTFSx86

Lancé depuis: d:\documents and settings\PatrX ACMian\Bureau\ComboFix.exe

Commutateurs utilisés :: d:\documents and settings\PatrX ACMian\Bureau\VIDEO_TS\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

D:\autorun.inf

d:\documents and settings\PatrX ACMian\Application Data\ShoppingReport

d:\documents and settings\PatrX ACMian\Application Data\ShoppingReport\cs\Config.xml

d:\documents and settings\PatrX ACMian\Application Data\ShoppingReport\cs\db\Aliases.dbs

d:\documents and settings\PatrX ACMian\Application Data\ShoppingReport\cs\db\Sites.dbs

d:\documents and settings\PatrX ACMian\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

d:\documents and settings\PatrX ACMian\Application Data\ShoppingReport\cs\report\aggr_storage.xml

d:\documents and settings\PatrX ACMian\Application Data\ShoppingReport\cs\report\send_storage.xml

d:\documents and settings\PatrX ACMian\Application Data\ShoppingReport\cs\res2\WhiteList.dbs

d:\program files\ShoppingReport

d:\program files\ShoppingReport\Uninst.exe

d:\windows\system32\mdm.exe

E:\Autorun.inf

G:\autorun.inf

G:\nideiect.com

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-25 au 2008-11-25 ))))))))))))))))))))))))))))))))))))

.

 

2008-11-23 20:10 . 2008-11-23 20:10 <REP> d-------- d:\program files\Trend Micro

2008-11-13 00:57 . 2008-10-24 11:21 455,296 -----c--- d:\windows\system32\dllcache\mrxsmb.sys

2008-11-13 00:56 . 2008-09-04 17:16 1,106,944 -----c--- d:\windows\system32\dllcache\msxml3.dll

2008-11-07 09:42 . 2008-11-07 09:42 <REP> d-------- d:\program files\EasyPHP

2008-10-25 12:03 . 2008-10-26 06:48 <REP> d-------- d:\program files\EasyPHP1-8

2008-10-25 05:06 . 2008-10-25 05:05 501 --a------ d:\windows\Copy of AkwabaMainA.ini

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-25 07:31 --------- d-----w d:\documents and settings\PatrX ACMian\Application Data\Skype

2008-11-25 05:16 --------- d-----w d:\documents and settings\PatrX ACMian\Application Data\skypePM

2008-11-25 05:15 --------- d-----w d:\documents and settings\PatrX ACMian\Application Data\Orbit

2008-10-24 11:21 455,296 ----a-w d:\windows\system32\drivers\mrxsmb.sys

2008-10-17 00:10 --------- d-----w d:\program files\Orbitdownloader

2008-10-16 14:13 202,776 ----a-w d:\windows\system32\wuweb.dll

2008-10-16 14:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll

2008-10-16 14:12 561,688 ----a-w d:\windows\system32\wuapi.dll

2008-10-16 14:12 323,608 ----a-w d:\windows\system32\wucltui.dll

2008-10-16 14:09 92,696 ----a-w d:\windows\system32\cdm.dll

2008-10-16 14:09 51,224 ----a-w d:\windows\system32\wuauclt.exe

2008-10-16 14:09 43,544 ----a-w d:\windows\system32\wups2.dll

2008-10-16 14:08 34,328 ----a-w d:\windows\system32\wups.dll

2008-10-15 17:23 --------- d-----w d:\documents and settings\All Users\Application Data\Yahoo! Companion

2008-10-15 14:54 --------- d-----w d:\program files\Yahoo!

2008-10-15 14:51 --------- d-----w d:\documents and settings\All Users\Application Data\Yahoo!

2008-10-12 18:49 --------- d-----w d:\program files\ma-config.com

2008-10-12 18:49 --------- d-----w d:\documents and settings\All Users\Application Data\ma-config.com

2008-10-10 07:23 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP

2008-09-30 16:43 1,286,152 ----a-w d:\windows\system32\msxml4.dll

2008-09-27 12:41 --------- d-----w d:\program files\Fichiers communs\SourceTec

2008-09-27 12:40 --------- d-----w d:\program files\SourceTec

2008-09-19 05:43 7,277,568 ----a-w d:\windows\system32\3gpcore.dll

2008-09-15 15:26 1,846,528 ----a-w d:\windows\system32\win32k.sys

2008-09-10 01:15 1,307,648 ------w d:\windows\system32\msxml6.dll

2008-09-04 17:16 1,106,944 ----a-w d:\windows\system32\msxml3.dll

2008-08-26 08:11 826,368 ----a-w d:\windows\system32\wininet.dll

2004-10-01 15:00 40,960 ----a-w d:\program files\Uninstall_CDS.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="d:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]

"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"Messenger (Yahoo!)"="d:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]

"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-04 1234712]

"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]

2006-08-03 03:20 188482 d:\windows\system32\LgNotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2008-04-14 02:33 15360 d:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

--a------ 2006-06-26 21:45 1211176 d:\program files\Microsoft ActiveSync\wcescomm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]

--a------ 2005-03-13 23:37 1057280 d:\program files\SuperCopier2\SuperCopier2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2008-06-19 11:12 68856 d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"d:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"d:\\Program Files\\Adobe\\Flex Builder 3\\jre\\bin\\javaw.exe"=

"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"d:\\WINDOWS\\system32\\dpvsetup.exe"=

"d:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\SecondLife\\SLVoice.exe"=

"d:\\Program Files\\EasyPHP1-8\\apache\\Apache.exe"=

"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d8f7de-16c6-11dc-b4b5-0011675c3d43}]

\Shell\Auto\command - wscript "Sex City.jpg.wsf"

\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d866da0-e3de-11dc-b7a3-0011675c3d43}]

\Shell\Auto\command - wscript "Sex City.jpg.wsf"

\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ae5b4c0-3618-11dd-b8ce-000e7ba6b229}]

\Shell\AutoRun\command - vva0hc0p.cmd

\Shell\explore\Command - vva0hc0p.cmd

\Shell\open\Command - vva0hc0p.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34738d3b-cc8a-11db-a92a-0011675c3d43}]

\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cac38d0-c127-11dc-b703-0011675c3d43}]

\Shell\Auto\command - wscript "Sex City.jpg.wsf"

\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cac38d6-c127-11dc-b703-0011675c3d43}]

\Shell\Auto\command - wscript "Sex City.jpg.wsf"

\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "Sex City.jpg.wsf"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409094b0-121d-11dd-b853-000e7ba6b229}]

\Shell\AutoRun\command - G:\2.bat

\Shell\explore\Command - G:\2.bat

\Shell\open\Command - G:\2.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5232e08b-45ae-11dc-b54c-0011675c3d43}]

\Shell\Auto\command - sky.exe

\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sky.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63e3d7b0-ef3e-11dc-b7d5-000e7ba6b229}]

\Shell\AutoRun\command - H:\uisvkqr.exe

\Shell\explore\Command - H:\uisvkqr.exe

\Shell\open\Command - H:\uisvkqr.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{643f860a-fe0e-11db-935c-0011675c3d43}]

\Shell\AutoRun\command - G:\EXPLORER.EXE

\Shell\explore\Command - G:\EXPLORER.EXE

\Shell\open\Command - G:\EXPLORER.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65e0d8d1-d446-11db-a945-0011675c3d43}]

\Shell\AutoRun\command - v.cmd

\Shell\explore\Command - v.cmd

\Shell\open\Command - v.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89c17b37-b91a-11db-a8db-0011675c3d43}]

\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9be90050-ea18-11db-a989-0011675c3d43}]

\Shell\AutoRun\command - RavMon.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f9ded35-c596-11dc-b71c-0011675c3d43}]

\Shell\AutoRun\command - G:\m1t8ta.com

\Shell\explore\Command - G:\m1t8ta.com

\Shell\open\Command - G:\m1t8ta.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f9ded36-c596-11dc-b71c-0011675c3d43}]

\Shell\AutoRun\command - H:\nideiect.com

\Shell\explore\Command - H:\nideiect.com

\Shell\open\Command - H:\nideiect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7bdfcba-8b7f-11dc-b64a-0011675c3d43}]

\Shell\AutoRun\command - G:\xn1i9x.com

\Shell\explore\Command - G:\xn1i9x.com

\Shell\open\Command - G:\xn1i9x.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbe9ca0e-807f-11dc-b626-0011675c3d43}]

\Shell\AutoRun\command - G:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1881450-b1f3-11dc-b6c6-0011675c3d43}]

\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf89480-feff-11db-b468-806d6172696f}]

\Shell\AutoRun\command - RavMon.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1341c45-650a-11dc-b5c2-0011675c3d43}]

\Shell\AutoRun\command - G:\xn1i9x.com

\Shell\explore\Command - G:\xn1i9x.com

\Shell\open\Command - G:\xn1i9x.com

 

*Newly Created Service* - PROCEXP90

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Notify-NavLogon - (no file)

MSConfigStartUp-AVG7_CC - d:\progra~1\Grisoft\AVGFRE~1\avgcc.exe

 

 

.

------- Examen supplémentaire -------

.

FireFox -: Profile - d:\documents and settings\PatrX ACMian\Application Data\Mozilla\Firefox\Profiles\9t9dcy2k.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ci

FF -: plugin - d:\program files\ma-config.com\nphardwaredetection.dll

FF -: plugin - d:\program files\Yahoo!\Shared\npYState.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-25 07:46:49

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\d:\docume~1\PATRXA~1\LOCALS~1\Temp\mc21.tmp"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]

"ImagePath"="\"d:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"d:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(956)

d:\windows\system32\avgrsstx.dll

d:\windows\system32\LgNotify.dll

 

- - - - - - - > 'lsass.exe'(1020)

d:\windows\system32\avgrsstx.dll

.

Heure de fin: 2008-11-25 7:51:26

ComboFix-quarantined-files.txt 2008-11-25 07:51:22

 

Avant-CF: 10 850 402 304 octets libres

Après-CF: 10,841,628,672 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

 

216 --- E O F --- 2008-11-13 05:26:59

[patass]

Ne m'oubliez pas SVP, je ne veux pas perdre mon pc.

A l'aide