Bonsoir nardino,
J'avais mal compris
Je te poste ci dessous le rapport:
ComboFix 10-12-26.01 - JEAN CHRISTIAN 27/12/2010 19:28:25.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1279.758 [GMT 1:00]
Lancé depuis: c:\documents and settings\JEAN CHRISTIAN\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\hpeA3.dll
c:\documents and settings\JEAN CHRISTIAN\Favoris\siw-setup.exe
c:\windows\system32\Oeminfo.ini
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-11-27 au 2010-12-27 ))))))))))))))))))))))))))))))))))))
.
2010-12-19 23:52 . 2010-12-19 23:52 -------- d-----w- c:\program files\Fichiers communs\Java
2010-12-19 23:51 . 2010-12-19 23:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-19 11:46 . 2010-12-20 10:48 -------- d-----w- c:\program files\ZHPDiag
2010-12-15 13:26 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-15 13:24 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-11-29 22:48 . 2010-11-29 22:48 -------- d-----w- c:\documents and settings\JEAN CHRISTIAN\Application Data\Avira
2010-11-29 22:36 . 2010-12-13 16:02 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-29 22:36 . 2010-12-13 16:02 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-29 22:36 . 2010-06-17 14:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-29 22:36 . 2010-06-17 14:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-29 22:36 . 2010-11-29 22:36 -------- d-----w- c:\program files\Avira
2010-11-29 22:36 . 2010-11-29 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-28 06:30 . 2010-11-28 06:30 -------- d-----w- c:\documents and settings\All Users\Application Data\open-config
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2009-06-22 05:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2009-06-22 05:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 23:50 . 2010-04-29 20:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12 . 2003-10-10 07:36 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:21 . 2005-02-18 15:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2003-10-10 16:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2003-10-10 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26 . 2004-08-19 22:56 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-10-10 16:25 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-31 22:49 . 2010-10-31 22:49 385502 ----a-w- c:\program files\WinSnap_1.1.10.exe
2010-10-28 22:54 . 2010-10-28 22:33 67576708 ----a-w- c:\program files\HomePlayer-1.5.9c-full.exe
2010-10-28 13:14 . 2003-10-10 16:24 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:07 . 2003-10-10 16:25 1853440 ----a-w- c:\windows\system32\win32k.sys
2010-08-03 21:36 . 2010-08-03 21:36 17874088 ----a-w- c:\program files\PDFCreator-1_0_1_setup.exe
2010-07-26 17:32 . 2010-07-26 17:32 7042523 ----a-w- c:\program files\fdminst.exe
2010-05-27 23:15 . 2010-05-27 23:15 1870589 ----a-w- c:\program files\dixmlsetup.exe
2010-05-21 22:02 . 2010-05-21 22:02 791393 ----a-w- c:\program files\erunt-setup.exe
2010-05-05 14:01 . 2010-05-05 14:01 536145 ----a-w- c:\program files\setup_USB-set.exe
2009-12-27 21:59 . 2009-12-27 21:59 939956 ----a-w- c:\program files\7z465.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2003-05-23 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"TFNF5"="TFNF5.exe" [2003-07-18 73728]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 614400]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 122880]
"TPSMain"="TPSMain.exe" [2003-10-02 266240]
"TFncKy"="c:\program files\Toshiba\Commandes TOSHIBA\TFncKy.exe" [2003-09-18 102400]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]
backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Norton AntiVirus.LNK]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Norton AntiVirus.LNK
backup=c:\windows\pss\Norton AntiVirus.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Menu Démarrer^Programmes^Démarrage^Secunia PSI.lnk]
path=c:\documents and settings\Menu Démarrer\Programmes\Démarrage\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-10-23 21:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-03-01 05:10 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HomePlayer"=c:\program files\HomePlayer\HomePlayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [08/12/2004 15:41 9344]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/06/2007 23:21 639224]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29/11/2010 23:36 135336]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [19/11/2009 00:44 27632]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [26/04/2010 23:31 13192]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [10/05/2010 14:38 122504]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [26/04/2010 23:31 8456]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [09/02/2008 23:40 13224]
S3 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [19/11/2009 00:42 90112]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 13:20 12648]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [21/01/2009 01:45 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [21/01/2009 01:45 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [21/01/2009 01:45 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [21/01/2009 01:45 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [21/01/2009 01:45 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [21/01/2009 01:45 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [21/01/2009 01:45 110120]
.
Contenu du dossier 'Tâches planifiées'
2010-12-27 c:\windows\Tasks\User_Feed_Synchronization-{D93BD681-311B-46D3-9362-51DA70343E1D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\JEAN CHRISTIAN\Application Data\Mozilla\Firefox\Profiles\en1yoccw.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-vdlDeamon - c:\program files\VIDAL\Communs\VIDAL.exe
AddRemove-Recuva - f:\recuva\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-27 19:37
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"
.
Heure de fin: 2010-12-27 19:41:46
ComboFix-quarantined-files.txt 2010-12-27 18:41
Avant-CF: 25 920 917 504 octets libres
Après-CF: 26 129 096 704 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
- - End Of File - - 52ED86592663B49025C25560CCD422F3
A te lire