Analyse rapport Hijackthis

bgchris26 · le 8 juillet 2007

Salut à tous! Je solicite votre aide pour analyser mon rapport et m'aider à le nettoyer... J'ai effectué avantde faire mon rapport différents antispy.

Voici mon rapport:

Logfile of HijackThis v1.99.1

Scan saved at 19:56:21, on 08/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Apps\EZHome\EZStatus.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\WINDOWS\system32\ebyyjkvr.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Bad Gone\Mes documents\Mes fichiers reçus\Logiciels\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe

O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\jdboqaqr.dll",realset

O4 - HKCU\..\Run: [EzStatus] C:\Apps\EZHome\EZStatus.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165411083484

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: DomainService - - C:\WINDOWS\system32\ebyyjkvr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Merci beaucoup!

Thanos · le 8 juillet 2007

salut

1) Télécharge combofix.exe de sUBs

Assure toi que tous les programmes sont fermés avant de lancer le fix!
Fait un double clique sur combofix.exe.
Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
Tape sur la touche 1 pour démarrer le scan.
Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
Si le rapport est trop long, poste le en deux fois.

2) Télécharge et lance DiagHelp comme montré dans ce tutoriel> http://www.malekal.com/DiagHelp/DiagHelp.php

Ne lance que l'option 1 et poste le rapport stp.Attention: n'oublie pas d'appuyer sur une touche lorsque cela te sera demandé à la fin du rapport Catchme.

bgchris26 · le 8 juillet 2007

Avant tout merci de m'accorder un peu de ton temps!

Alors voici mon nouveau rapport

"Bad Gone" - 2007-07-08 20:22:51 - ComboFix 07-07-07.3 - Service Pack 2

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\jdboqaqr.dll

C:\WINDOWS\system32\tuvuvuu.dll

C:\WINDOWS\system32\tncbhwbc.exe

C:\WINDOWS\system32\rqaqobdj.ini

C:\WINDOWS\system32\stutv.bak1

C:\WINDOWS\system32\stutv.ini

C:\WINDOWS\system32\stutv.bak1

C:\WINDOWS\system32\stutv.ini

C:\WINDOWS\system32\opnkjgh.dll

C:\WINDOWS\system32\vtuts.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE

-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))

2007-07-08 20:22 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-08 20:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-07-08 20:18 <REP> d-------- C:\WINDOWS\LastGood.Tmp

2007-07-08 16:06 50,708 --a------ C:\WINDOWS\system32\ebyyjkvr.exe

2007-07-08 15:30 <REP> d-------- C:\Program Files\SEGA

2007-07-05 15:10 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-07-05 14:45 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-05 14:45 208,248 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-05 08:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

2007-07-05 08:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller

2007-06-22 17:15 <REP> d-------- C:\Program Files\SC4Tool

2007-06-20 10:14 <REP> d-------- C:\Program Files\Maxis

2007-06-18 08:03 <REP> d-------- C:\Program Files\Windows Defender

2007-06-13 15:34 30,765 --a------ C:\WINDOWS\dr.exe

2007-06-13 15:34 30,765 --a------ C:\my.exe

2007-06-13 15:34 30,765 --a------ C:\documents.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-08 17:50:40 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-07-08 17:46:45 -------- d-----w C:\Program Files\eMule

2007-07-05 06:16:11 -------- d-----w C:\Program Files\MSN Messenger

2007-07-05 06:15:18 -------- d-----w C:\Program Files\Windows Live

2007-06-30 14:10:09 1,238 -c--a-w C:\WINDOWS\eReg.dat

2007-06-07 05:11:00 -------- d-----w C:\Program Files\Messenger Plus! Live

2007-06-01 06:20:30 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-05-20 20:43:25 -------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe

2007-05-20 19:31:36 -------- d-----w C:\Program Files\Ashampoo

2007-05-20 07:25:45 -------- d-----w C:\Program Files\Winamp

2007-05-17 03:41:38 -------- d-----w C:\DOCUME~1\BADGON~1\APPLIC~1\Microsoft Games

2007-05-17 03:36:32 -------- d-----w C:\Program Files\Microsoft Games

2007-05-17 03:31:39 75,266 ----a-w C:\WINDOWS\system32\perfc00C.dat

2007-05-17 03:31:39 468,072 ----a-w C:\WINDOWS\system32\perfh00C.dat

2007-05-16 15:39:46 -------- d-----w C:\Program Files\PhotoFiltre

2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-16 12:14:44 -------- d-----w C:\Program Files\Paradox Interactive

2007-05-15 17:02:55 -------- d-----w C:\Program Files\Ubisoft

2007-05-15 05:27:44 -------- d-----w C:\DOCUME~1\BADGON~1\APPLIC~1\dvdcss

2007-05-13 07:48:52 110,592 ----a-w C:\WINDOWS\system32\avgfwafu.dll

2007-05-13 06:21:17 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-05-12 16:32:25 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys

2007-05-12 16:11:30 -------- d-----w C:\Program Files\SmartPCTools

2007-05-11 05:47:58 -------- d-----w C:\Program Files\Google

2007-05-09 18:16:19 -------- d-----w C:\Program Files\EA Games

2007-05-09 16:52:19 -------- d-----w C:\Program Files\Alcohol Soft

2007-05-08 15:25:47 -------- d-----w C:\Program Files\Fichiers communs\Stardock

2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2006-12-07 21:14:53 5 -csha-w C:\WINDOWS\system32\eafcce1_s.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C69F137-5BBC-40EF-A9F2-25F3D4039D70}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2006-10-12 04:25 434279 --a------ C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 C:\WINDOWS\ALCWZRD.EXE]

"Alcmtr"="ALCMTR.EXE" [2004-07-20 10:22 C:\WINDOWS\ALCMTR.EXE]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-04-26 19:12]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-13 09:48]

"012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678"="C:\Program Files\user32.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 21:03]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-06-01 08:21]

"TClockEx"="C:\Program Files\TClockEx\TCLOCKEX.EXE" [2000-03-09 01:15]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 07:47]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"EzStatus"=C:\Apps\EZHome\EZStatus.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk

backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bad Gone^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]

path=C:\Documents and Settings\Bad Gone\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

"C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay]

"C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

"C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaBtSh]

C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Repair Wizard Scheduler]

"C:\Program Files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

"C:\Program Files\Windows Defender\MSASCui.exe" -masquer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7eee122-011a-11dc-811d-00038a000015}]

AutoRun\command- L:\CDCheck.exe

Contents of the 'Scheduled Tasks' folder

2006-12-06 12:29:21 C:\WINDOWS\tasks\HDReg.job

2007-07-08 17:57:29 C:\WINDOWS\tasks\MP Scheduled Scan.job

2006-12-06 12:29:48 C:\WINDOWS\tasks\Rappel d'enregistrement 2.job

2006-12-06 12:29:48 C:\WINDOWS\tasks\Rappel d'enregistrement 3.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-08 20:27:39

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-08 20:29:23 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-07-08 20:29

--- E O F ---

bgchris26 · le 8 juillet 2007

Voici également mon rapport diaghelp