Votre question

virus 1.reg detecté par avast

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Octobre 2007 11:20:31

Bonjour à tous!

Voilà, j'expose mon petit problème: avast détecte un virus dans les fichiers temporaires : "1.reg" mais il est impossible de le supprimer!
Que faire?

Autres pages sur : virus reg detecte avast

27 Octobre 2007 14:24:47

Re,

Voilà chef!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:37, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rollin\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Update Service] service.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\RunServices: [Update Service] service.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: abc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7828 bytes
Contenus similaires
27 Octobre 2007 23:16:36

Re


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
28 Octobre 2007 11:35:24

reuh!

ComboFix 07-10-26.4 - rollin 2007-10-28 11:29:02.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.510 [GMT 1:00]
Running from: C:\Documents and Settings\rollin\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\rollin\Application Data\macromedia\Flash Player\#SharedObjects\TWBD527J\www.broadcaster.com
C:\Documents and Settings\rollin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\rollin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\rollin\new.txt
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\SysPr.prx
C:\WINDOWS\system32\W007T32W.DLL

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))))))))
.

2007-10-28 11:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-18 08:26 <REP> d-------- C:\Documents and Settings\rollin\Application Data\Nero
2007-10-18 08:23 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-10-18 08:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-02 09:35 <REP> d-------- C:\Documents and Settings\rollin\Application Data\OpenOffice.org2
2007-10-02 09:32 <REP> d-------- C:\Program Files\OpenOffice.org 2.3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 07:23 --------- d-----w C:\Program Files\Nero
2007-10-07 14:09 --------- d-----w C:\Program Files\SlySoft
2007-10-07 14:07 --------- d-----w C:\Program Files\Ahead
2007-09-27 20:31 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-24 07:05 132,904 -c--a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 07:05 11,304 -c--a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-23 10:57 --------- d-----w C:\Program Files\DVD Shrink
2007-09-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-20 11:32 --------- d-----w C:\Program Files\EA SPORTS
2007-09-20 11:01 --------- d--h--r C:\Documents and Settings\rollin\Application Data\SecuROM
2007-09-20 07:59 972,072 -c--a-w C:\WINDOWS\UNRecode.exe
2007-09-20 07:55 972,072 -c--a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-16 16:03 --------- d-----w C:\Program Files\eMule
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-04 21:20 --------- d-----w C:\Program Files\Sound Wheel
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26]
"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 04:41]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 07:33]
"ElbyCheckAnyDVD"="C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" [2003-09-20 20:23]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 19:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"HotKey"="C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe" [2004-01-06 13:02]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 12:26]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-10-21 23:41]
"Update Service"="service.exe" []
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 19:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 17:22]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Update Service"=service.exe

C:\Documents and Settings\rollin\Menu Démarrer\Programmes\Démarrage\
abc.exe [2005-10-03 03:56:04]
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7803e068-9cb6-11db-81bb-0018f3b9e7fa}]
AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89125b06-933d-11db-8196-0018f3b9e7fa}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c305ed8c-045d-11dc-8283-0018f3b9e7fa}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-28 10:00:00 C:\WINDOWS\Tasks\AD61F9C297866A4E.job"
- c:\docume~1\rollin\applic~1\global~1\poll trust heart.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 11:33:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CrystalSysInfo]
"ImagePath"="\??\C:\WINDOWS\system32\SysInfo.sys"
.
Completion time: 2007-10-28 11:34:01 - machine was rebooted
.
--- E O F ---

__________________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\rollin\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Update Service] service.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\RunServices: [Update Service] service.exe
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: abc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7947 bytes
28 Octobre 2007 13:12:14

Bien, du ménage a été fait.

Mais il en reste.

Télécharge Flash Disinfector sur ton Bureau
http://www.techsupportforum.com/sectools/sUBs/Flash_Dis...
Connecte tous les périphériques externes ( DD , USB , ..... )
Double clique sur Flash Disinfector et laisse toi guider.


Télécharge LopxpMH sur ton Bureau.
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2....
Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.
Poste le contenu du rapport qui va s'ouvrir.
28 Octobre 2007 13:22:38

Voilà!

Rapport lopxpMH2 version 2.0 fait à 13:22:24,39 le 28/10/2007
C:\Documents and Settings\rollin\Bureau\lopxpMH2

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\Administrateur\Application Data

27/01/2007 12:59 <REP> .
27/01/2007 12:59 <REP> ..
27/01/2007 12:59 <REP> Microsoft
27/01/2007 12:59 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 23 846 211 584 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

27/01/2007 12:59 <REP> .
27/01/2007 12:59 <REP> ..
27/01/2007 12:59 <REP> Microsoft
27/01/2007 13:02 3 712 656 IconCache.db
1 fichier(s) 3 712 656 octets
3 Rép(s) 23 846 207 488 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\All Users\Application Data

22/12/2006 04:42 <REP> .
22/12/2006 04:42 <REP> ..
22/12/2006 16:05 <REP> Adobe
20/02/2007 20:26 <REP> Adobe Systems
11/01/2007 19:38 <REP> Apple Computer
22/12/2006 15:18 <REP> CyberLink
25/02/2007 16:23 <REP> DVD Shrink
22/12/2006 15:27 <REP> InstallShield
11/01/2007 18:32 <REP> Macromedia
22/12/2006 04:42 <REP> Microsoft
18/10/2007 08:23 <REP> Nero
22/12/2006 15:05 <REP> NVIDIA
04/07/2007 21:33 <REP> PC Drivers Headquarters
25/12/2006 22:11 <REP> pixelStorm
06/03/2007 15:02 <REP> Recisio
30/01/2007 19:04 <REP> Spybot - Search & Destroy
22/12/2006 12:44 <REP> Symantec
10/01/2007 17:18 <REP> TEMP
28/01/2007 13:26 <REP> Windows Genuine Advantage
22/12/2006 04:44 62 desktop.ini
11/01/2007 22:20 1 751 QTSBandwidthCache
2 fichier(s) 1 813 octets
19 Rép(s) 23 846 207 488 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\Default User\Application Data

22/12/2006 04:42 <REP> .
22/12/2006 04:42 <REP> ..
22/12/2006 04:42 <REP> Microsoft
22/12/2006 04:44 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 23 846 207 488 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

22/12/2006 04:44 <REP> .
22/12/2006 04:44 <REP> ..
22/12/2006 03:51 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 23 846 207 488 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\LocalService\Application Data

22/12/2006 03:56 <REP> .
22/12/2006 03:56 <REP> ..
22/12/2006 03:56 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 23 846 207 488 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

22/12/2006 03:56 <REP> .
22/12/2006 03:56 <REP> ..
22/12/2006 03:56 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 23 846 207 488 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\NetworkService\Application Data

22/12/2006 03:55 <REP> .
22/12/2006 03:55 <REP> ..
22/12/2006 03:55 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 23 846 203 392 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

22/12/2006 03:55 <REP> .
22/12/2006 03:55 <REP> ..
22/12/2006 03:55 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 23 846 203 392 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\rollin\Application Data

22/12/2006 03:57 <REP> .
22/12/2006 03:57 <REP> ..
22/12/2006 16:00 <REP> .ABC
22/12/2006 16:21 <REP> Adobe
01/05/2007 17:25 <REP> AdobeUM
24/01/2007 06:40 <REP> Ahead
11/01/2007 22:21 <REP> Apple Computer
22/12/2006 17:42 <REP> CyberLink
22/12/2006 15:25 <REP> foobar2000
26/12/2006 20:52 <REP> Google
26/01/2007 18:40 <REP> Help
22/12/2006 03:57 <REP> Identities
25/05/2007 17:15 <REP> InstallShield
30/04/2007 16:35 <REP> InterTrust
22/12/2006 12:45 <REP> IsolatedStorage
22/12/2006 15:27 <REP> Jasc Software Inc
30/01/2007 19:25 <REP> Lavasoft
24/05/2007 13:53 <REP> Leadertech
22/12/2006 15:45 <REP> Macromedia
22/12/2006 03:57 <REP> Microsoft
22/12/2006 15:15 <REP> Mozilla
18/10/2007 08:26 <REP> Nero
26/01/2007 18:28 <REP> NetPumper
02/10/2007 09:35 <REP> OpenOffice.org2
20/02/2007 20:35 <REP> Opera
01/07/2007 12:00 <REP> Pro Cycling Manager 2007
11/02/2007 20:06 <REP> Real
10/03/2007 16:29 <REP> Screenshot Sender
20/09/2007 12:01 <REP> SecuROM
13/01/2007 23:30 <REP> Sports Interactive
26/01/2007 12:35 <REP> Sun
22/12/2006 16:36 <REP> vlc
22/12/2006 03:57 62 desktop.ini
1 fichier(s) 62 octets
32 Rép(s) 23 846 203 392 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Documents and Settings\rollin\Local Settings\Application Data

22/12/2006 03:57 <REP> .
22/12/2006 03:57 <REP> ..
22/12/2006 16:05 <REP> Adobe
22/12/2006 17:38 <REP> Ahead
11/01/2007 22:19 <REP> Apple Computer
22/12/2006 12:45 <REP> ApplicationHistory
04/07/2007 21:32 <REP> Downloaded Installations
26/12/2006 20:52 <REP> Google
26/01/2007 18:40 <REP> Help
22/01/2007 12:23 <REP> Identities
14/01/2007 13:12 <REP> Logiciel Photo Orange
11/01/2007 18:43 <REP> Macromedia
22/12/2006 03:57 <REP> Microsoft
22/12/2006 15:15 <REP> Mozilla
02/01/2007 18:31 <REP> Paint.NET
04/07/2007 21:33 <REP> PC_Drivers_Headquarters
23/12/2006 14:04 <REP> WMTools Downloaded Files
22/12/2006 16:36 60 416 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
22/12/2006 12:45 129 fusioncache.dat
22/12/2006 19:33 80 000 GDIPFONTCACHEV1.DAT
22/12/2006 05:29 2 635 866 IconCache.db
4 fichier(s) 2 776 411 octets
17 Rép(s) 23 846 203 392 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

22/12/2006 03:53 <REP> .
22/12/2006 03:53 <REP> ..
22/12/2006 03:53 <REP> Microsoft
22/12/2006 03:53 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 23 846 199 296 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

22/12/2006 03:53 <REP> .
22/12/2006 03:53 <REP> ..
22/12/2006 03:53 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 23 846 199 296 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\AD61F9C297866A4E.job
¼l#<*E‹þoù,°Ž¸F Þ <
s "ˆ!× : c : \ d o c u m e ~ 1 \ r o l l i n \ a p p l i c ~ 1 \ g l o b a l ~ 1 \ p o l l t r u s t h e a r t . e x e r o l l i n € 0 Í <
******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est A491-D7AC

Répertoire de C:\Program Files

02/10/2007 09:32 <REP> .
02/10/2007 09:32 <REP> ..
30/04/2007 18:38 <REP> ABBYY FineReader 5.0 Sprint
01/07/2007 13:36 <REP> ABC
28/12/2006 17:26 <REP> ABC Amber ICL Converter
20/08/2007 07:54 <REP> Adobe
30/12/2006 12:30 <REP> Agfa
07/10/2007 15:07 <REP> Ahead
01/07/2007 11:23 <REP> Alcohol Soft
01/07/2007 11:23 <REP> Alcohol Toolbar
22/12/2006 15:15 <REP> Alwil Software
22/12/2006 16:19 <REP> AMD
22/12/2006 19:31 <REP> Analog Devices
26/08/2007 21:18 <REP> Anuman Interactive
17/05/2007 11:40 <REP> AviSynth 2.5
01/07/2007 13:36 <REP> CaTrain
22/12/2006 15:22 <REP> Common Files
22/12/2006 03:49 <REP> ComPlus Applications
07/07/2007 09:48 <REP> Cyanide
22/12/2006 15:17 <REP> CyberLink
01/07/2007 11:59 <REP> DAEMON Tools
01/07/2007 12:00 <REP> DaemonTools_WhenUSave_Installer
06/03/2007 22:58 <REP> DART Karaoke Studio CDG
22/12/2006 19:35 <REP> DIFX
16/04/2007 13:10 <REP> DivX
23/09/2007 11:57 <REP> DVD Shrink
26/08/2007 09:13 <REP> EA GAMES
20/09/2007 12:32 <REP> EA SPORTS
22/12/2006 15:23 <REP> Elaborate Bytes
16/09/2007 17:03 <REP> eMule
24/12/2006 12:03 <REP> EPSON
18/10/2007 08:23 <REP> Fichiers communs
22/12/2006 15:25 <REP> foobar2000
24/04/2007 12:21 <REP> Free Audio Pack
26/01/2007 18:38 <REP> globalhide
25/02/2007 16:18 <REP> Google
30/01/2007 19:43 <REP> Grisoft
04/07/2007 21:11 <REP> Guitar Pro 4
04/07/2007 21:08 <REP> Guitar Pro 5
02/01/2007 18:24 <REP> Internet Explorer
22/12/2006 15:27 <REP> Jasc Software Inc
13/08/2007 09:12 <REP> Java
06/03/2007 15:03 <REP> KaraFun
24/01/2007 21:55 <REP> Logiciel Photo Orange
15/04/2007 21:49 <REP> Macromedia
22/12/2006 15:29 <REP> Matroska Pack
22/12/2006 15:29 <REP> Media Player Classic
01/07/2007 13:36 <REP> Messenger
29/12/2006 10:00 <REP> Micro Application
22/12/2006 03:52 <REP> microsoft frontpage
15/01/2007 12:57 <REP> Microsoft Money
22/12/2006 14:57 <REP> Microsoft Office
22/12/2006 14:57 <REP> Microsoft Visual Studio
22/12/2006 14:57 <REP> Microsoft Works
22/12/2006 14:57 <REP> Microsoft.NET
16/04/2007 13:10 <REP> Morgan
22/12/2006 03:49 <REP> Movie Maker
28/10/2007 12:34 <REP> Mozilla Firefox
16/04/2007 13:26 <REP> MP3 WAV Converter
30/04/2007 18:44 <REP> MSECACHE
22/12/2006 03:48 <REP> MSN
22/12/2006 03:48 <REP> MSN Gaming Zone
17/03/2007 11:40 <REP> MSN Messenger
13/01/2007 23:23 <REP> myphotobook
18/10/2007 08:23 <REP> Nero
22/12/2006 03:50 <REP> NetMeeting
02/10/2007 09:33 <REP> OpenOffice.org 2.3
22/12/2006 03:49 <REP> Outlook Express
28/10/2007 13:18 <REP> Paint.NET
04/07/2007 21:32 <REP> PC Drivers HeadQuarters
30/04/2007 18:21 <REP> Pinnacle
20/03/2007 23:05 <REP> Polaroid PDC 100
11/01/2007 21:54 <REP> QuickTime
22/12/2006 16:52 <REP> Real
01/07/2007 13:36 <REP> Real Alternative
22/12/2006 16:18 <REP> RegCleaner
22/12/2006 03:50 <REP> Services en ligne
07/10/2007 15:09 <REP> SlySoft
04/09/2007 22:20 <REP> Sound Wheel
12/08/2007 09:39 <REP> Space Invaders OpenGL
30/01/2007 20:24 <REP> Spybot - Search & Destroy
01/07/2007 11:43 <REP> StarFucker Revolution
20/03/2007 22:47 <REP> STMicroelectronics
22/12/2006 12:44 <REP> Symantec
22/12/2006 17:17 <REP> THQ
01/07/2007 13:36 <REP> TrackMania Nations ESWC
30/04/2007 18:36 <REP> Ulead Systems
22/12/2006 15:25 <REP> VideoLAN
30/04/2007 18:44 <REP> Windows Installer Clean Up
27/09/2007 21:31 <REP> Windows Media Connect 2
08/02/2007 21:42 <REP> Windows Media Player
28/01/2007 11:41 <REP> Windows NT
26/01/2007 18:40 <REP> WinRAR
22/12/2006 03:52 <REP> xerox
0 fichier(s) 0 octets
94 Rép(s) 23 846 195 200 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
PopupMgr REG_SZ yes

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\ROLLIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\KCK6PFZN.DEFAULT\HOSTPERM.1
host popup 1 webmessenger.msn.com

******************************************
## Registre

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************
28 Octobre 2007 22:22:48

Re


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\Tasks\AD61F9C297866A4E.job
G:\AdobeR.exe

Folder::
c:\docume~1\rollin\applic~1\global~1

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Service"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Update Service"=-


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
28 Octobre 2007 23:54:05

Bonjoir!


ComboFix 07-10-26.4 - rollin 2007-10-28 23:50:47.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.514 [GMT 1:00]
Running from: C:\Documents and Settings\rollin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\rollin\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\Tasks\AD61F9C297866A4E.job
G:\AdobeR.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Tasks\AD61F9C297866A4E.job

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))))))))
.

2007-10-28 15:53 <REP> d-------- C:\Program Files\Lauyan
2007-10-28 15:23 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-28 15:23 <REP> d-------- C:\WINDOWS\LastGood
2007-10-28 15:23 <REP> d-------- C:\temp\ext48948
2007-10-28 15:23 <REP> d-------- C:\temp
2007-10-28 15:23 <REP> d-------- C:\Program Files\Microsoft FrontPage Express
2007-10-28 13:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-18 08:26 <REP> d-------- C:\Documents and Settings\rollin\Application Data\Nero
2007-10-18 08:23 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-10-18 08:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-02 09:35 <REP> d-------- C:\Documents and Settings\rollin\Application Data\OpenOffice.org2
2007-10-02 09:32 <REP> d-------- C:\Program Files\OpenOffice.org 2.3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 12:18 --------- d-----w C:\Program Files\Paint.NET
2007-10-18 07:23 --------- d-----w C:\Program Files\Nero
2007-10-07 14:09 --------- d-----w C:\Program Files\SlySoft
2007-10-07 14:07 --------- d-----w C:\Program Files\Ahead
2007-09-27 20:31 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-24 07:05 132,904 -c--a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 07:05 11,304 -c--a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-23 10:57 --------- d-----w C:\Program Files\DVD Shrink
2007-09-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-20 11:32 --------- d-----w C:\Program Files\EA SPORTS
2007-09-20 11:01 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-20 11:01 --------- d--h--r C:\Documents and Settings\rollin\Application Data\SecuROM
2007-09-20 07:59 972,072 -c--a-w C:\WINDOWS\UNRecode.exe
2007-09-20 07:55 972,072 -c--a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 07:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-09-16 16:03 --------- d-----w C:\Program Files\eMule
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-04 21:20 --------- d-----w C:\Program Files\Sound Wheel
1999-08-18 14:36 135,168 -c--a-w C:\WINDOWS\inf\AGFA\message.exe
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-28_11.33.34.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-28 12:19:10 102,400 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DdsFileType\0892612fc17f174c837adb5750fe73cf\DdsFileType.ni.dll
+ 2007-10-28 12:19:11 499,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\56f026ca77a63d4b941e75444875b55f\ICSharpCode.SharpZipLib.ni.dll
+ 2007-10-28 12:19:06 114,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WIA\ab7866e684743649816495f0704f91fa\Interop.WIA.ni.dll
+ 2007-10-28 12:19:04 102,400 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\944c568a81b9164784fb6352a9d4e9dc\PaintDotNet.Base.ni.dll
+ 2007-10-28 12:19:08 1,413,120 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\ed54985c0f4cdc49b8544fb9a67914b7\PaintDotNet.Core.ni.dll
+ 2007-10-28 12:19:10 667,648 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\f3cc1b901f45d94aba7a72b0317ad33a\PaintDotNet.Data.ni.dll
+ 2007-10-28 12:19:14 606,208 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\4ef0257b1a9e9746b18adf0417342163\PaintDotNet.Effects.ni.dll
+ 2007-10-28 12:19:06 544,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\a14453240cdb4943bccefbeb039a71eb\PaintDotNet.Resources.ni.dll
+ 2007-10-28 12:19:05 22,016 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\06a17b2fc3a7c84eb3f89e0658e103f7\PaintDotNet.StylusReader.ni.dll
+ 2007-10-28 12:19:05 544,768 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\0a517c169fdc3b47a070e1fb404cc71e\PaintDotNet.SystemLayer.ni.dll
+ 2007-10-28 12:19:19 2,043,904 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet\796c28bf785b9b40908335eb17120d92\PaintDotNet.ni.exe
+ 2007-10-28 12:19:21 29,696 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WiaProxy32\bd7dbc5bf9de7a40a841ef00ca15a5af\WiaProxy32.ni.exe
+ 2007-10-28 12:18:58 290,182 ----a-r C:\WINDOWS\Installer\{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}\_6FEFF9B68218417F98F549.exe
- 2006-12-22 14:27:38 25,214 -c--a-r C:\WINDOWS\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe
+ 2007-10-28 15:08:34 25,214 ----a-r C:\WINDOWS\Installer\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}\ARPPRODUCTICON.exe
+ 2001-08-24 12:00:00 45,568 ----a-w C:\WINDOWS\LastGood\system32\MFC40LOC.dll
+ 1999-03-04 18:53:16 27,136 ----a-w C:\WINDOWS\LastGood\system32\setdefed.exe
- 2007-10-28 07:26:57 63,188 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-28 17:02:26 63,188 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 07:26:57 76,144 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2007-10-28 17:02:26 76,144 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-10-28 07:26:57 403,968 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-28 17:02:26 403,968 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-10-28 07:26:57 470,828 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2007-10-28 17:02:26 470,828 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 1999-03-04 18:53:16 27,136 ----a-w C:\WINDOWS\system32\setdefed.exe
- 2004-06-18 20:43:16 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll
+ 2004-06-18 21:43:16 323,624 ----a-w C:\WINDOWS\system32\wiaaut.dll
+ 2006-12-01 22:20:46 87,552 ----a-w C:\WINDOWS\WinSxS\amd64_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9e223a7a\vcomp.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26]
"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 04:41]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 07:33]
"ElbyCheckAnyDVD"="C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" [2003-09-20 20:23]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 19:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"HotKey"="C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe" [2004-01-06 13:02]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 12:26]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-10-21 23:41]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 19:00]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-24 17:22]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"GrpConv"=grpconv.exe -o

C:\Documents and Settings\rollin\Menu Démarrer\Programmes\Démarrage\
abc.exe [2005-10-03 03:56:04]
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7803e068-9cb6-11db-81bb-0018f3b9e7fa}]
AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89125b06-933d-11db-8196-0018f3b9e7fa}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c305ed8c-045d-11dc-8283-0018f3b9e7fa}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 23:52:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-28 23:53:15
C:\ComboFix2.txt ... 2007-10-28 11:34
.
--- E O F ---
a b 8 Sécurité
29 Octobre 2007 10:49:00

Je prends la suite.
Reposte un rapport Hijackthis.
29 Octobre 2007 10:58:07

bonjour!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rollin\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: abc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7688 bytes
29 Octobre 2007 12:58:57

Voilà!



AntiVir PersonalEdition Classic
Report file date: lundi 29 octobre 2007 11:58

Scanning for 906115 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: RORO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:51:57
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 10:51:58
ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 10:51:58
ANTIVIR3.VDF : 7.0.0.146 30208 Bytes 29/10/2007 10:51:58
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 29/10/2007 10:51:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 29 octobre 2007 11:58

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'E_S4I0T1.EXE' - '1' Module(s) have been scanned
Scan process 'CloneCDTray.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'HotKey.Exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'GhostTray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'PQV2iSvc.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'gearsec.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'


End of the scan: lundi 29 octobre 2007 12:55
Used time: 57:07 min

The scan has been done completely.

11084 Scanning directories
459455 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
459455 Files not concerned
3240 Archives were scanned
2 Warnings
165 Notes

a b 8 Sécurité
29 Octobre 2007 13:05:34

Reposte un rapport Hijackthis.
29 Octobre 2007 13:09:49

voilà!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rollin\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /M "Stylus C46" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - Startup: abc.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 7670 bytes
a b 8 Sécurité
29 Octobre 2007 13:57:18

C'est mieux ?
29 Octobre 2007 14:11:07

Ça m'a l'air beaucoup mieux oui!
Déjà avast me détecte pu rien! (ah c'est parce que je l'ai désinstallé? :p )
Et ça rame moins également!

Merci bicoup!
a b 8 Sécurité
29 Octobre 2007 14:18:04

D'autres questions ? :) 
29 Octobre 2007 16:07:34

Pourquoi l'herbe est verte?
Pourquoi le ciel est bleu?

Euh non non, pas d'autres questions!!! Marchi beaucoup!
a b 8 Sécurité
29 Octobre 2007 16:28:48

Ok, bon surf :) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS