un fichier bootini.exe et autre chose ^^

sydius1385

27 Octobre 2006 13:09:40

Bonjour,
c'est le bordel sur mon pc. J'ai plein de processus bizarres dont le fichier : C:\WINDOWS\System32\bootini.exe qui revienne tout le temps. De plus je n'arrive pas à accéder a mon dossier spécial "antivirus" avec smigfraud, ccleanear, ... Avast detecte des virus mais ils reviennent tout le temps

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SV4RSFIB\datk[1].exe
Win32:Adloader-FE [Trj]

C:\datk.exe
Win32:Adloader-FE [Trj])

Voici mon rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:52:44, on 27/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\bootini.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\System32\CTXFIHLP.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\winmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Razer\razerofa.exe
C:\Documents and Settings\Nathan\Mes documents\bridge\HijackThis1991.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,bootini.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Man Service (Windows Man Service) - Unknown owner - C:\WINDOWS\winmgr.exe

Voila je ne sais plus quoi faire, j'espère que mon sauveur est parmi les lecteurs de ce message ^^. Aussi non ca va être le formatage. Au fait j'ai le pack sp1 de xp pro (je sais ke certain virus ne passent pas avec le sp2 alors on sait jamais ^^).
Merci d'avance pour votre réponse.

Autres pages sur : fichier bootini exe chose

| Etre averti des réponses
| Alerter

Répondre à sydius1385

Angeldark

27 Octobre 2006 13:11:31

Bonjour,

SDFix devrait faire tout le boulot.

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.

Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

| Alerter

Répondre à Angeldark

sydius1385

27 Octobre 2006 17:25:03

Voici mon raport sdfix
SDFix: Version 1.32
-------------------
Scan run on:
27/10/2006
Time:
19:11
Microsoft Windows XP [version 5.1.2600]

Running from: C:\Documents and Settings\Nathan\Bureau\SDFix
Stage One...

Checking Services...

Name:
-----
Microsoft update Service

Path:
----
"C:\WINDOWS\System32\dllcache\msiupdate32.exe"

Microsoft update Service Deleted...
Repairing Registry...
Killing PID 764 'explorer.exe'
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two...
Checking For Malware:
--------------------
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\GPM78XM7\DRSMAR~1.EXE
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\GPM78XM7\LOADER~1.EXE
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\GPM78XM7\DRSMAR~1.EXE
C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\CONTENT.IE5\GPM78XM7\LOADER~1.EXE
C:\DRSMAR~1.EXE
C:\MC44A39.EXE
C:\WINDOWS\system32\21417_netapi.exe
C:\WINDOWS\system32\33304_netapi.exe
C:\WINDOWS\system32\57373_netapi.exe
C:\WINDOWS\system32\65675_netapi.exe
C:\WINDOWS\system32\86007_netapi.exe
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\Prefetch\DRSMARTLOAD.EXE-113D05CC.pf
C:\WINDOWS\system32\bootini.exe
C:\WINDOWS\system32\dllcache\msiupdate32.exe
C:\WINDOWS\system32\i

Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Files:
------
Any files removed are saved to the SDFix\backups Folder
FINISHED

et mon rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 19:15:52, on 27/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\winmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Documents and Settings\Nathan\Mes documents\antimerde\HijackThis1991.exe

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\nnnopmm.dll
O2 - BHO: (no name) - {7E0A885F-6090-40E8-ABBF-1D0EF4069453} - C:\WINDOWS\System32\gebca.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [Ms configsu] msconfigsu.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebca - C:\WINDOWS\System32\gebca.dll
O20 - Winlogon Notify: nnnopmm - C:\WINDOWS\SYSTEM32\nnnopmm.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Man Service (Windows Man Service) - Unknown owner - C:\WINDOWS\winmgr.exe

Merci de m'avoir repondu aussi vite, meme si je sais pas si il me reste des trucs foireux ca marche deja mieux.

| Alerter

Répondre à sydius1385

Angeldark

27 Octobre 2006 17:31:47

Citation :

Merci de m'avoir repondu aussi vite, meme si je sais pas si il me reste des trucs foireux ca marche deja mieux.

Effectivement du Vundo.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

| Alerter

Répondre à Angeldark

sydius1385

27 Octobre 2006 19:06:46

Voila mes deux rapports:

Logfile of HijackThis v1.99.1
Scan saved at 21:04:04, on 27/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\razerhid.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\winmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Documents and Settings\Nathan\Mes documents\antimerde\HijackThis1991.exe

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0E7C1CC5-A45A-4D81-88FD-343111470ACE} - C:\WINDOWS\System32\gebca.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\nnnopmm.dll (file missing)
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [Ms configsu] msconfigsu.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Man Service (Windows Man Service) - Unknown owner - C:\WINDOWS\winmgr.exe

VundoFix V6.2.6

Checking Java version...

Sun Java not detected
Scan started at 20:52:55 27/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\mljhhih.dll
C:\WINDOWS\system32\mljjiig.dll
C:\WINDOWS\system32\nnnopmm.dll
C:\WINDOWS\system32\pmnkhhh.dll
C:\WINDOWS\System32\gebca.dll
C:\WINDOWS\System32\acbeg.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljhhih.dll
C:\WINDOWS\system32\mljhhih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjiig.dll
C:\WINDOWS\system32\mljjiig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnopmm.dll
C:\WINDOWS\system32\nnnopmm.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\pmnkhhh.dll
C:\WINDOWS\system32\pmnkhhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\gebca.dll
C:\WINDOWS\System32\gebca.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\acbeg.ini
C:\WINDOWS\System32\acbeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\nnnopmm.dll
C:\WINDOWS\system32\nnnopmm.dll Has been deleted!

Performing Repairs to the registry.
Done!

merci encore pour l'aide contre ce virus :wahoo:

| Alerter

Répondre à sydius1385

Angeldark

27 Octobre 2006 19:47:17

On continue :

Télécharge combofix.exe (par sUBs) sur ton Bureau

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

| Alerter

Répondre à Angeldark

sydius1385

27 Octobre 2006 20:45:03

Voila mes deux rapports:

Nathan - 06-10-27 22:37:06,50 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Nathan\Bureau"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\drsmartload2.dat
C:\dfndrff_e40.exe
C:\kybrdff_e40.exe
C:\nwnmff_e40.exe
C:\Program Files\Deskbar

((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))

2006-10-27 22:20 688,180 ---hs---- C:\WINDOWS\system32\ssqrp.dll
2006-10-27 22:20 442,973 ---hs---- C:\WINDOWS\system32\prqss.bak1
2006-10-27 21:23 61,440 --a------ C:\drsmartload.exe
2006-10-27 21:23 40,973 ---hs---- C:\WINDOWS\system32\hggdaww.dll
2006-10-27 21:23 24,576 --a------ C:\mc44a39.exe
2006-10-27 21:23 175,900 --a------ C:\pro3_install.exe
2006-10-27 19:23 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-27 19:23 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-27 19:23 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-27 19:23 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-27 19:23 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-27 17:23 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-27 17:23 42,496 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-27 17:23 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-27 17:23 287,170 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-27 15:00 71,548 --a------ C:\WINDOWS\system32\msconfigsu.exe
2006-10-26 23:10 94,720 -r-hs---- C:\WINDOWS\winmgr.exe
2006-10-26 22:00 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-10-26 22:00 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-10-26 21:47 23,168 -ra------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2006-10-26 21:46 49,536 -ra------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2006-10-26 21:46 22,048 -ra------ C:\WINDOWS\system32\cocpyinf.dll
2006-10-18 21:46 90,112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-10-18 21:46 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-18 21:46 619,156 --a------ C:\WINDOWS\system32\divx.dll
2006-10-18 21:46 568,850 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-10-18 21:46 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-10-18 21:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-10-18 21:46 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2006-10-18 21:46 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-10-18 21:46 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-10-18 21:46 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-10-18 21:46 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-10-18 21:46 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-10-18 21:46 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2006-10-12 23:30 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-10-04 16:31 88,365 --------- C:\WINDOWS\AGRSMMSG.exe
2006-10-04 16:31 68,096 -ra------ C:\WINDOWS\agrsmdel.exe
2006-10-04 16:31 68,096 --------- C:\WINDOWS\system32\agrsmdel.exe
2006-10-04 16:31 2,410,076 -ra------ C:\WINDOWS\system32\drivers\AGRSM.sys
2006-10-02 19:55 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2006-10-02 19:55 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2006-10-02 19:55 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2006-10-01 09:05 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-10-01 09:05 139,264 --a------ C:\WINDOWS\War3Unin.exe
2006-09-27 16:23 8,704 --a------ C:\WINDOWS\system32\vidccleaner.exe
2006-09-27 16:23 217,088 --a------ C:\WINDOWS\system32\skjpeg40.dll
2006-09-27 16:22 83,968 --a------ C:\WINDOWS\system32\Skbase40.dll
2006-09-27 16:20 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-09-27 16:20 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-09-27 16:20 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-09-27 16:20 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-09-27 16:20 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-09-27 16:20 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-09-27 16:20 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-09-27 16:20 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-09-27 16:20 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-09-27 16:20 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-09-27 16:20 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-09-27 16:20 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-09-27 16:20 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-09-27 16:20 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-09-27 16:20 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-09-27 16:20 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-09-27 16:20 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-09-27 16:20 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-09-27 16:20 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-09-27 16:20 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-09-27 16:20 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-09-27 16:20 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-09-27 16:20 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-09-27 16:20 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-09-27 16:20 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-09-27 16:20 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-09-27 16:20 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-27 22:35 -------- d-------- C:\Documents and Settings\Nathan\Application Data\AVG7
2006-10-27 20:57 -------- d-------- C:\Program Files\Microsoft IntelliType Pro
2006-10-27 19:23 -------- d---s---- C:\Documents and Settings\Nathan\Application Data\Microsoft
2006-10-27 19:23 -------- d-------- C:\Program Files\Grisoft
2006-10-27 19:00 1222 --a------ C:\Documents and Settings\Nathan\Application Data\QuickZip45.ini
2006-10-27 18:42 -------- d-------- C:\Program Files\ewido anti-malware
2006-10-27 18:41 -------- d-------- C:\Program Files\Yahoo!
2006-10-27 17:31 -------- d-------- C:\Documents and Settings\Nathan\Application Data\PC Tools
2006-10-27 17:10 -------- d-------- C:\Program Files\XoftSpy
2006-10-27 09:33 -------- d-------- C:\Program Files\CCleaner
2006-10-26 22:20 -------- d-------- C:\Program Files\MSN Messenger
2006-10-26 22:20 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-26 22:10 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Macromedia
2006-10-26 21:52 -------- d-------- C:\Program Files\BitComet
2006-10-26 21:46 -------- d-------- C:\Program Files\Conexant
2006-10-25 21:55 16368 --a------ C:\Documents and Settings\Nathan\Application Data\GDIPFONTCACHEV1.DAT
2006-10-25 20:59 -------- d-------- C:\Program Files\FUJIFILM
2006-10-18 21:48 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Ahead
2006-10-18 21:46 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-08 20:54 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-08 20:54 -------- d-------- C:\Documents and Settings\Nathan\Application Data\AdobeUM
2006-10-04 16:31 -------- d-------- C:\Program Files\OLITEC
2006-10-03 19:28 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Creative
2006-10-02 19:56 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 19:56 -------- d-------- C:\Program Files\Canon
2006-10-02 19:56 -------- d-------- C:\Documents and Settings\Nathan\Application Data\ArcSoft
2006-10-02 19:55 -------- d-------- C:\Program Files\Fichiers communs
2006-10-02 19:55 -------- d-------- C:\Program Files\ArcSoft
2006-10-02 19:55 -------- d-------- C:\Program Files\Adobe
2006-10-02 19:55 -------- d-------- C:\Documents and Settings\Nathan\Application Data\InterTrust
2006-10-02 19:55 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Adobe
2006-09-27 16:22 -------- d-------- C:\Program Files\Samsung
2006-09-26 18:25 -------- d-------- C:\Program Files\Sierra On-Line
2006-09-26 15:40 -------- d-------- C:\Program Files\Microsoft Office
2006-09-26 15:40 -------- d-------- C:\Program Files\Fichiers communs\Designer
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 17:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 17:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 17:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-24 23:32 -------- d-------- C:\Program Files\Ahead
2006-09-24 23:30 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-09-24 23:11 -------- d-------- C:\Program Files\EPSON
2006-09-21 06:35 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Media Player Classic
2006-09-21 06:27 -------- d-------- C:\Program Files\Razer
2006-09-20 22:20 -------- d-------- C:\Program Files\Fichiers communs\ODBC
2006-09-20 22:19 62 --ahs---- C:\Documents and Settings\Nathan\Application Data\desktop.ini
2006-09-20 22:19 -------- d-------- C:\Program Files\Fichiers communs\SpeechEngines
2006-09-20 22:14 -------- d-------- C:\Program Files\Alwil Software
2006-09-20 22:09 -------- d-------- C:\Program Files\Microsoft IntelliType Pro 5.5
2006-09-20 22:07 -------- d-------- C:\Program Files\QuickZip4
2006-09-20 22:04 -------- d-------- C:\Program Files\Creative
2006-09-20 21:56 81920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-09-20 21:56 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-09-20 21:51 -------- d-------- C:\Program Files\Windows Media Player
2006-09-20 21:50 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-09-20 21:40 -------- d-------- C:\Program Files\Intel
2006-09-20 21:39 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-20 21:39 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Identities
2006-09-20 21:35 0 -rahs---- C:\MSDOS.SYS
2006-09-20 21:35 0 -rahs---- C:\IO.SYS
2006-09-20 21:35 0 --a------ C:\CONFIG.SYS
2006-09-20 21:35 0 --a------ C:\AUTOEXEC.BAT
2006-09-20 21:35 -------- d-------- C:\Program Files\xerox
2006-09-20 21:35 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-20 21:34 -------- d-------- C:\Program Files\Internet Explorer
2006-09-20 21:33 -------- d-------- C:\Program Files\Outlook Express
2006-09-20 21:33 -------- d-------- C:\Program Files\NetMeeting
2006-09-20 21:33 -------- d-------- C:\Program Files\Movie Maker
2006-09-20 21:33 -------- d-------- C:\Program Files\Fichiers communs\System
2006-09-20 21:33 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-09-20 21:33 -------- d-------- C:\Program Files\Fichiers communs\MSSoap
2006-09-20 21:32 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-20 21:31 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-20 21:31 -------- d-------- C:\Program Files\Windows NT
2006-09-20 21:31 -------- d-------- C:\Program Files\Services en ligne
2006-09-20 21:31 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-20 21:31 -------- d-------- C:\Program Files\MSN
2006-09-20 21:31 -------- d-------- C:\Program Files\Messenger
2006-09-01 07:48 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-08-11 21:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-08-11 21:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-08-11 21:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-08-11 21:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-08-11 21:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-08-11 21:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-08-11 21:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-08-11 21:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-08-11 21:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Steam"="\"E:\\jeux\\Half-Life\\Steam.exe\" -silent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Ms configsu"="msconfigsu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\""
"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"razer"="C:\\Program Files\\Razer\\razerhid.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Ms configsu"="msconfigsu.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Ms configsu"="msconfigsu.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Ms configsu"="msconfigsu.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Ms configsu"="msconfigsu.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"Ms configsu"="msconfigsu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nathan^Menu Démarrer^Programmes^Démarrage^MOH.lnk]
"path"="C:\\Documents and Settings\\Nathan\\Menu Démarrer\\Programmes\\Démarrage\\MOH.lnk"
"backup"="C:\\WINDOWS\\pss\\MOH.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OLITEC\\MOH\\LtMoh.exe "
"item"="MOH"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I0H2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0H2.EXE /P30 \"EPSON Stylus Photo R200 Series\" /O6 \"USB001\" /M \"Stylus Photo R200\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrp

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-27 22:39:20.54
C:\ComboFix.txt ... 06-10-27 22:39

Logfile of HijackThis v1.99.1
Scan saved at 22:42:15, on 27/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\winmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
E:\jeux\Half-Life\Steam.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Nathan\Mes documents\antimerde\HijackThis1991.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0E7C1CC5-A45A-4D81-88FD-343111470ACE} - C:\WINDOWS\System32\gebca.dll (file missing)
O2 - BHO: (no name) - {9197CD9B-F2C3-45B1-AFD5-A8D1A8BAEFFF} - C:\WINDOWS\System32\ssqrp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "E:\jeux\Half-Life\Steam.exe" -silent
O4 - HKCU\..\RunServices: [Ms configsu] msconfigsu.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\System32\ssqrp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Microsoft Windows Man Service (Windows Man Service) - Unknown owner - C:\WINDOWS\winmgr.exe

| Alerter

Répondre à sydius1385

Angeldark

27 Octobre 2006 20:50:11

Re,

Télécharge ce fichier Combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs !

Clic sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v ssqrp
puis clic sur OK.

Suis les invites.

Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

| Alerter

Répondre à Angeldark

sydius1385

28 Octobre 2006 03:22:44

voila le rapport
Nathan - 06-10-28 5:18:00,79 Service Pack 1
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Nathan\Bureau"
Command switches used :: /v ssqrp

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\prqss.bak1
C:\WINDOWS\system32\prqss.ini

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((( Files Created from 2006-09-28 to 2006-10-28 ))))))))))))))))))))))))))))))))))

2006-10-28 01:18 61,440 --a------ C:\drsmartload.exe
2006-10-28 01:18 40,973 ---hs---- C:\WINDOWS\system32\khfedaw.dll
2006-10-27 22:53 40,973 ---hs---- C:\WINDOWS\system32\xxyxwur.dll
2006-10-27 21:23 40,973 ---hs---- C:\WINDOWS\system32\hggdaww.dll
2006-10-27 21:23 24,576 --a------ C:\mc44a39.exe
2006-10-27 21:23 175,900 --a------ C:\pro3_install.exe
2006-10-27 19:23 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-27 19:23 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-27 19:23 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-27 19:23 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-27 19:23 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-27 17:23 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-27 17:23 42,496 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-27 17:23 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-27 17:23 287,170 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-27 15:00 71,548 --a------ C:\WINDOWS\system32\msconfigsu.exe
2006-10-26 23:10 94,720 -r-hs---- C:\WINDOWS\winmgr.exe
2006-10-26 22:00 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-10-26 22:00 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-10-26 21:47 23,168 -ra------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2006-10-26 21:46 49,536 -ra------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2006-10-26 21:46 22,048 -ra------ C:\WINDOWS\system32\cocpyinf.dll
2006-10-18 21:46 90,112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-10-18 21:46 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-18 21:46 619,156 --a------ C:\WINDOWS\system32\divx.dll
2006-10-18 21:46 568,850 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-10-18 21:46 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-10-18 21:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-10-18 21:46 286,720 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2006-10-18 21:46 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-10-18 21:46 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-10-18 21:46 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-10-18 21:46 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-10-18 21:46 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-10-18 21:46 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2006-10-12 23:30 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-10-04 16:31 88,365 --------- C:\WINDOWS\AGRSMMSG.exe
2006-10-04 16:31 68,096 -ra------ C:\WINDOWS\agrsmdel.exe
2006-10-04 16:31 68,096 --------- C:\WINDOWS\system32\agrsmdel.exe
2006-10-04 16:31 2,410,076 -ra------ C:\WINDOWS\system32\drivers\AGRSM.sys
2006-10-02 19:55 77,312 --a------ C:\WINDOWS\system32\TWAIN_32.DLL
2006-10-02 19:55 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2006-10-02 19:55 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2006-10-01 09:05 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-10-01 09:05 139,264 --a------ C:\WINDOWS\War3Unin.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-27 22:35 -------- d-------- C:\Documents and Settings\Nathan\Application Data\AVG7
2006-10-27 20:57 -------- d-------- C:\Program Files\Microsoft IntelliType Pro
2006-10-27 19:23 -------- d---s---- C:\Documents and Settings\Nathan\Application Data\Microsoft
2006-10-27 19:23 -------- d-------- C:\Program Files\Grisoft
2006-10-27 19:00 1222 --a------ C:\Documents and Settings\Nathan\Application Data\QuickZip45.ini
2006-10-27 18:42 -------- d-------- C:\Program Files\ewido anti-malware
2006-10-27 18:41 -------- d-------- C:\Program Files\Yahoo!
2006-10-27 17:31 -------- d-------- C:\Documents and Settings\Nathan\Application Data\PC Tools
2006-10-27 17:10 -------- d-------- C:\Program Files\XoftSpy
2006-10-27 09:33 -------- d-------- C:\Program Files\CCleaner
2006-10-26 22:20 -------- d-------- C:\Program Files\MSN Messenger
2006-10-26 22:20 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-26 22:10 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Macromedia
2006-10-26 21:52 -------- d-------- C:\Program Files\BitComet
2006-10-26 21:46 -------- d-------- C:\Program Files\Conexant
2006-10-25 21:55 16368 --a------ C:\Documents and Settings\Nathan\Application Data\GDIPFONTCACHEV1.DAT
2006-10-25 20:59 -------- d-------- C:\Program Files\FUJIFILM
2006-10-18 21:48 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Ahead
2006-10-18 21:46 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-08 20:54 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-08 20:54 -------- d-------- C:\Documents and Settings\Nathan\Application Data\AdobeUM
2006-10-04 16:31 -------- d-------- C:\Program Files\OLITEC
2006-10-03 19:28 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Creative
2006-10-02 19:56 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-02 19:56 -------- d-------- C:\Program Files\Canon
2006-10-02 19:56 -------- d-------- C:\Documents and Settings\Nathan\Application Data\ArcSoft
2006-10-02 19:55 -------- d-------- C:\Program Files\Fichiers communs
2006-10-02 19:55 -------- d-------- C:\Program Files\ArcSoft
2006-10-02 19:55 -------- d-------- C:\Program Files\Adobe
2006-10-02 19:55 -------- d-------- C:\Documents and Settings\Nathan\Application Data\InterTrust
2006-10-02 19:55 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Adobe
2006-09-27 16:22 -------- d-------- C:\Program Files\Samsung
2006-09-26 18:25 -------- d-------- C:\Program Files\Sierra On-Line
2006-09-26 15:40 -------- d-------- C:\Program Files\Microsoft Office
2006-09-26 15:40 -------- d-------- C:\Program Files\Fichiers communs\Designer
2006-09-25 17:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 17:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 17:40 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 17:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 17:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-24 23:32 -------- d-------- C:\Program Files\Ahead
2006-09-24 23:30 -------- d-------- C:\Program Files\Fichiers communs\Ahead
2006-09-24 23:11 -------- d-------- C:\Program Files\EPSON
2006-09-21 06:35 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Media Player Classic
2006-09-21 06:27 -------- d-------- C:\Program Files\Razer
2006-09-20 22:20 -------- d-------- C:\Program Files\Fichiers communs\ODBC
2006-09-20 22:19 62 --ahs---- C:\Documents and Settings\Nathan\Application Data\desktop.ini
2006-09-20 22:19 -------- d-------- C:\Program Files\Fichiers communs\SpeechEngines
2006-09-20 22:14 -------- d-------- C:\Program Files\Alwil Software
2006-09-20 22:09 -------- d-------- C:\Program Files\Microsoft IntelliType Pro 5.5
2006-09-20 22:07 -------- d-------- C:\Program Files\QuickZip4
2006-09-20 22:04 -------- d-------- C:\Program Files\Creative
2006-09-20 21:56 81920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-09-20 21:56 233472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-09-20 21:51 -------- d-------- C:\Program Files\Windows Media Player
2006-09-20 21:50 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-09-20 21:40 -------- d-------- C:\Program Files\Intel
2006-09-20 21:39 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-20 21:39 -------- d-------- C:\Documents and Settings\Nathan\Application Data\Identities
2006-09-20 21:35 0 -rahs---- C:\MSDOS.SYS
2006-09-20 21:35 0 -rahs---- C:\IO.SYS
2006-09-20 21:35 0 --a------ C:\CONFIG.SYS
2006-09-20 21:35 0 --a------ C:\AUTOEXEC.BAT
2006-09-20 21:35 -------- d-------- C:\Program Files\xerox
2006-09-20 21:35 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-20 21:34 -------- d-------- C:\Program Files\Internet Explorer
2006-09-20 21:33 -------- d-------- C:\Program Files\Outlook Express
2006-09-20 21:33 -------- d-------- C:\Program Files\NetMeeting
2006-09-20 21:33 -------- d-------- C:\Program Files\Movie Maker
2006-09-20 21:33 -------- d-------- C:\Program Files\Fichiers communs\System
2006-09-20 21:33 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-09-20 21:33 -------- d-------- C:\Program Files\Fichiers communs\MSSoap
2006-09-20 21:32 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-20 21:31 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-20 21:31 -------- d-------- C:\Program Files\Windows NT
2006-09-20 21:31 -------- d-------- C:\Program Files\Services en ligne
2006-09-20 21:31 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-20 21:31 -------- d-------- C:\Program Files\MSN
2006-09-20 21:31 -------- d-------- C:\Program Files\Messenger
2006-09-01 07:48 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-08-16 17:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-08-11 21:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-08-11 21:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-08-11 21:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-08-11 21:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-08-11 21:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-08-11 21:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-08-11 21:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-08-11 21:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-08-11 21:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Steam"="\"E:\\jeux\\Half-Life\\Steam.exe\" -silent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Ms configsu"="msconfigsu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTDVDDET"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\""
"RCSystem"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"razer"="C:\\Program Files\\Razer\\razerhid.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Ms configsu"="msconfigsu.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Ms configsu"="msconfigsu.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Ms configsu"="msconfigsu.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Ms configsu"="msconfigsu.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices]
"Ms configsu"="msconfigsu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Nathan^Menu Démarrer^Programmes^Démarrage^MOH.lnk]
"path"="C:\\Documents and Settings\\Nathan\\Menu Démarrer\\Programmes\\Démarrage\\MOH.lnk"
"backup"="C:\\WINDOWS\\pss\\MOH.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OLITEC\\MOH\\LtMoh.exe "
"item"="MOH"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTDetect"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTHELPER"
"hkey"="HKLM"
"command"="CTHELPER.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="E_S4I0H2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0H2.EXE /P30 \"EPSON Stylus Photo R200 Series\" /O6 \"USB001\" /M \"Stylus Photo R200\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyxwur

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-28 5:20:22.85
C:\ComboFix.txt ... 06-10-28 05:20
C:\ComboFix2.txt ... 06-10-27 22:39

| Alerter

Répondre à sydius1385

Angeldark

28 Octobre 2006 11:22:57

Re,

Ensuite :

Télécharge SpySweeper (de Webroot, version d'essai de 14 jours) :

-Clique sur "Télécharger la version test".
-Installe le programme en choississant "installation standard".
-Accepte le redémarrage
-L'option de le mettre à jour s'affichera, acceptes la mise à jour
-Lorsque les mises à jour seront installées, dans colonne de gauche clique sur l'onglet Options puis analyse.
-Sous Eléments à analyser et Autres options coche toutes les cases.
-Ferme SpySweeper

La suite étant faite en mode sans échec, imprime ou copie/colle dans un fichier texte les instructions suivantes

Redémarre en mode sans échec : au redémarrage, tapotes immédiatement la touche F8, tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

Démarre SpySweeper
-Clique Analyser sur la gauche puis sur Démarrer l'analyse.
-Quand le scan est terminé, clique sur Suivant.
-Assure-toi que tous les éléments trouvés sont tous cochés, puis clic sur Suivant.
-Tous les éléments cochés seront alors mis en quarantaine.
-Dans "Récapitulatif", sélectionne en bas Afficher le journal de session puis Enregistrer dans un fichier afin de sauvegarder le rapport.

Redémarre normalement

Désinstalle SpySweeper à partir de ajout/suppression de programme sauf si tu veux continuer l'évaluation pendant 15 jours.

Copie/colle le rapport de SpySweeper ici

| Alerter

Répondre à Angeldark

Tom's guide dans le monde