Mon PC est infecté besoin d'aide pour raport HijackThis
Forum Sécurité - Virus : Mon PC est infecté besoin d'aide pour raport HijackThis
Bonjour
Depuit quelque jours j'ai remarqué que mon PC ne se comporté plus normalement je vous explique
- Je ne peut plus lancer de jeu via steam
- De temps en temps l'occupation de mon cpu monte a 30% alors que je ne fait rien de particulier et aucun procesus dans le gestionaire de taches windows n'utilise 30 % du cpu
- Mon pc tourne au ralenti et de temps en temps un message de windows me disant que windows explorer ne repond plus est qu'il faut le redemaré
- Je ne peut plus allé sur internet avec firefox ou internet exploreur car il sont d'une lenteur terrible je suis oblige d'utilisé safari
J'ai fait :
- Scan kaspersky il ma trouver des trojan et me l'ai a effacé (notament Monder.gen )
- scan Spybot qui me trouve vundo/virtumon et qui me l'efface mé quand je refait un scan il y est toujour
- Et maintenant j'ai fait un scan HijackThis mé je ne comprent pas tout et j'ai besoin de votre aide pour le dechifré ( si dessous )
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:24, on 18/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Fraps\fraps.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\explorer.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.atcomet.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {04D3CAF1-9165-4019-BE1E-FAE9827C4812} - C:\Windows\system32\oPiJARKa.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\Windows\system32\jkkhgFWO.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {1d78d7c4-4a1e-90fb-7d34-9fcaa50068d6} - {6d86005a-acf9-43d7-bf09-e1a44c7d87d1} - C:\Windows\system32\jxhkgpxy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /T
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkhgFWO.dll,#1
O4 - HKLM\..\Run: [BMdbc1b824] Rundll32.exe "C:\Windows\system32\gvgkcooj.dll",s
O4 - HKLM\..\Run: [d8f28bb8] rundll32.exe "C:\Windows\system32\khrkmmyy.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - C
rogram... Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - Crogram... Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - Crogram... Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - Crogram... Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com...
O18 - Protocol: bw+0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 22302 bytes
Merci d'avance pour les ames charitable qui voudrais bien m'aider
ComboFix 08-05-15.3 - Guillaume 2008-05-18 16:41:04.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1165 [GMT 2:00]
Endroit: C:\Users\Guillaume\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\aKRAJiPo.ini
C:\Windows\System32\aKRAJiPo.ini2
C:\Windows\system32\erwseosn.exe
C:\Windows\system32\hesbagdd.exe
C:\Windows\System32\jebwdvys.ini
C:\Windows\system32\mtxakhve.exe
C:\Windows\system32\onpayhbq.ini
C:\Windows\system32\ousgvkvp.ini
C:\Windows\system32\qnapvmmw.exe
C:\Windows\system32\rpwkdlkl.exe
C:\Windows\system32\ukrylnky.ini
C:\Windows\system32\uxwthxlq.exe
C:\Windows\system32\yymmkrhk.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.
2008-05-18 17:06 . 2008-05-18 17:06 345 --ahs---- C:\Windows\System32\aKRAJiPo.ini2
2008-05-18 17:06 . 2008-05-18 17:06 345 --ahs---- C:\Windows\System32\aKRAJiPo.ini
2008-05-18 17:05 . 2008-05-12 14:00 57,344 --a------ C:\Windows\System32\cbXOHWOe.dll
2008-05-18 17:05 . 2008-05-18 17:05 294 ---hs---- C:\Windows\System32\yymmkrhk.ini
2008-05-17 19:56 . 2008-05-17 19:56 116,224 --------- C:\Windows\System32\khrkmmyy.dll
2008-05-17 18:49 . 2008-05-17 18:49 125,952 --a------ C:\Windows\System32\gvgkcooj.dll
2008-05-17 13:43 . 2008-05-17 13:43 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-17 13:43 . 2008-05-17 13:43 1,409 --a------ C:\Windows\QTFont.for
2008-05-16 18:47 . 2008-05-16 18:47 125,952 --a------ C:\Windows\System32\bhxsrxps.dll
2008-05-16 18:44 . 2008-05-16 18:45 125,952 --a------ C:\Windows\System32\dsftbkao.dll
2008-05-15 18:59 . 2008-05-15 18:59 133,120 --a------ C:\Windows\System32\jxhkgpxy.dll
2008-05-15 18:45 . 2008-05-15 18:45 133,120 --a------ C:\Windows\System32\plmkqybs.dll
2008-05-15 15:19 . 2008-05-15 15:19 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 14:22 . 2008-05-15 14:22 134,144 --a------ C:\Windows\System32\xxgwwbhh.dll
2008-05-14 17:55 . 2008-05-14 17:55 <REP> d-------- C:\Program Files\Uniblue
2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\ProgramData\WindowsSearch
2008-05-13 21:20 . 2008-05-13 21:21 133,632 --a------ C:\Windows\System32\hcmyegww.dll
2008-05-13 21:18 . 2008-05-13 21:19 123,392 --a------ C:\Windows\System32\cbxhvcra.dll
2008-05-13 18:45 . 2008-05-17 17:20 307 --a------ C:\Windows\wininit.ini
2008-05-13 18:20 . 2008-05-13 21:17 706 ---hs---- C:\Windows\System32\qjpqtkcv.ini
2008-05-13 18:17 . 2008-05-13 18:17 131,584 --a------ C:\Windows\System32\ufrqmeuw.dll
2008-05-13 18:02 . 2008-05-13 19:37 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000002.regtrans-ms
2008-05-13 18:02 . 2008-05-18 16:55 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000001.regtrans-ms
2008-05-13 18:02 . 2008-05-18 16:55 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TM.blf
2008-05-12 14:05 . 2008-05-12 14:06 371,712 --------- C:\Windows\System32\oPiJARKa.dll
2008-05-11 18:32 . 2008-05-11 18:32 316 --a------ C:\Windows\game.ini
2008-05-11 18:09 . 2008-05-13 18:01 <REP> d-------- C:\Program Files\id Software
2008-05-10 18:48 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Audacity
2008-05-10 00:35 . 2008-05-10 00:35 <REP> d-------- C:\Program Files\GoldWave
2008-05-10 00:18 . 2008-05-13 18:01 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Audacity
2008-05-10 00:18 . 2008-05-10 00:18 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-10 00:11 . 2008-05-10 00:11 <REP> d-------- C:\Program Files\DigitalSoundPlanet
2008-05-10 00:10 . 1998-02-06 21:37 299,520 --a------ C:\Windows\uninst.exe
2008-05-10 00:06 . 2008-05-10 00:06 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\streamripper
2008-05-10 00:03 . 2008-05-10 00:03 <REP> d-------- C:\Program Files\Streamripper
2008-05-03 23:35 . 2008-05-03 23:49 <REP> d-------- C:\Program Files\LcdStudio
2008-05-03 23:26 . 2008-05-03 23:26 <REP> d-------- C:\Program Files\RivaTuner v2.09
2008-05-03 14:56 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe
2008-05-03 14:56 . 1998-04-13 14:02 69,632 --a------ C:\Windows\TWUNK_32.728
2008-05-03 14:56 . 1998-04-13 14:02 48,560 --a------ C:\Windows\TWUNK_16.728
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Users\All Users\Real
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\Users\All Users\TrackMania
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\ProgramData\TrackMania
2008-04-29 19:02 . 2008-04-29 19:02 180,575 --a------ C:\acadminidump.dmp
2008-04-29 17:47 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\AutoCAD 2008
2008-04-29 17:45 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-29 17:45 . 2008-04-29 17:45 <REP> d-------- C:\Program Files\Autodesk
2008-04-26 19:01 . 2008-04-26 19:00 691,545 --a------ C:\Windows\unins000.exe
2008-04-26 19:01 . 2008-04-26 19:01 2,541 --a------ C:\Windows\unins000.dat
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Users\All Users\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\ProgramData\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Program Files\Skyline
2008-04-22 18:35 . 2008-04-22 18:35 <REP> d-------- C:\Program Files\Apple Software Update
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 15:06 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-18 15:05 --------- d---a-w C:\ProgramData\TEMP
2008-05-18 15:01 126,508,064 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-18 14:55 1,695,284 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-18 12:21 --------- d-----w C:\Program Files\SpeedFan
2008-05-16 21:30 --------- d-----w C:\Program Files\Steam
2008-05-15 16:46 --------- d-----w C:\Program Files\Rumble Box
2008-05-15 04:41 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 14:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-13 16:01 --------- d-----w C:\Program Files\Codemasters
2008-05-11 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 16:33 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-11 16:33 22,328 ----a-w C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys
2008-05-10 09:50 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-03 13:11 1,248 --sha-w C:\wdhfao30.sys
2008-05-03 12:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-29 15:59 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Autodesk
2008-04-29 15:59 --------- d-----w C:\ProgramData\Autodesk
2008-04-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 18:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\OpenOffice.org2
2008-04-22 16:43 --------- d-----w C:\Program Files\Safari
2008-04-17 19:06 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 19:06 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-16 19:21 --------- d-----w C:\Program Files\Google
2008-04-13 09:56 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 09:56 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
2008-04-13 09:41 --------- d-----w C:\Program Files\FlashGet
2008-04-04 17:09 --------- d-----w C:\Users\Guillaume\AppData\Roaming\teamspeak2
2008-04-04 09:57 --------- d-----w C:\Program Files\iTunes
2008-04-04 09:57 --------- d-----w C:\Program Files\iPod
2008-04-04 09:55 --------- d-----w C:\Program Files\QuickTime
2008-03-29 14:30 --------- d-----w C:\Program Files\TeamSpeak3
2008-03-24 15:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Apple Computer
2008-03-22 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-18 17:56 --------- d-----w C:\ProgramData\NVIDIA
2008-03-18 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Journal
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Defender
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Calendar
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14370F76-7676-44A2-AD11-93A31C5FC9FC}]
2008-05-12 14:00 57344 --a------ C:\Windows\system32\cbXOHWOe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d86005a-acf9-43d7-bf09-e1a44c7d87d1}]
2008-05-15 18:59 133120 --a------ C:\Windows\system32\jxhkgpxy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F636577-C87B-4C23-9A98-B31389445D1E}]
2008-05-12 14:06 371712 --------- C:\Windows\system32\oPiJARKa.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-01 18:27 32768]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-01-08 12:25 2124088]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"MSServer"="C:\Windows\system32\cbXOHWOe.dll" [2008-05-12 14:00 57344]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ZSSnp211"="C:\Windows\ZSSnp211.exe" [2007-03-06 10:25 49152]
"Domino"="C:\Windows\Domino.exe" [2007-03-06 10:25 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 18:32 1261568]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-04 12:02 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-04 12:02 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-04 12:02 88608]
"RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]
"d8f28bb8"="C:\Windows\system32\khrkmmyy.dll" [2008-05-17 19:56 116224]
"BMdbc1b824"="C:\Windows\system32\gvgkcooj.dll" [2008-05-17 18:49 125952]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-01 18:27:52 450560]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{14370F76-7676-44A2-AD11-93A31C5FC9FC}"= C:\Windows\system32\cbXOHWOe.dll [2008-05-12 14:00 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\oPiJARKa
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3012532108-3653173252-843021523-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A269090-57FC-4253-BBE1-2A398A0B0912}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FAEE4CEE-9FFF-4DF6-AE7A-888984A4C724}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7733464C-02F9-44FA-ACEC-2E07D136E2AF}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D4AFD5C5-BE92-4002-8A67-269E795BC8F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{83D9B4F1-BF61-41A6-B082-BAE8E03857AD}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{A7D1D972-B99C-4505-873D-ED6CF46CB3EE}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{0601BAB7-D10F-46A7-B44D-F77EF81B576C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{665F0B99-293D-4C8C-BEBE-0A8AD835D2C0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2B3146E0-9C59-4290-907C-459FE04D12FF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A6A7AEA9-26A5-402F-BF8D-5E89A23DB57E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{EDBF1396-D198-464C-9000-E0236F702461}"= UDP:8958:BitComet 8958 TCP
"{BCE3D636-472B-4B03-8AE4-E6A331808BF3}"= TCP:8958:BitComet 8958 UDP
"{11E36DE5-6F19-43AE-91F9-367D0C637F46}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{2578D77B-07AC-439A-B1BB-890CC6B937E6}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{73E310F9-4DA7-4C49-BBB9-E3A16B1CF442}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe
rb
"{75BE34DF-F4C9-4821-86E1-A6E4C3A21BB7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exerb
"{AA7F1AE8-5D0F-4DEB-AC66-1A28E455E24A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{4AA080EC-AAF4-4E08-92F6-96DAC426FA91}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{DE00E99C-06C1-4F70-AFEF-B9743D036550}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{C6593E5D-49AF-4856-B290-BD0492698FF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{85302E47-603C-4D32-9073-4FB744F3E49D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"{8831510A-D4C4-449B-B388-D59153E98B68}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"{2BD2189C-9478-46C6-ADEF-DB582AA0AFE1}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{FB07C9E5-58D5-46C5-95CA-77E32BFA2405}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{021C1600-E779-4400-98EC-2D1405CCCD22}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{EB671C70-C506-4D46-AB64-DC6D7F5357E1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{256EEC85-33F9-42E8-B9CB-8905558ABC3B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8819B311-A2E5-483A-9C9C-0F009B2E1F5B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2142FF64-4960-4855-A012-1751AC559D2A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{832B12AC-C5F0-4B35-BBEF-64A2483CEE4F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B07605A1-BE31-40E5-8468-4D853CECCC8E}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{17EBD14B-BFF4-495F-A9E8-0D8F59AE2898}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{E5726EE3-0AFB-4C7B-B0CE-A12DF5C4C92E}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{5F1E3062-8F24-431F-8CBC-B9E30A1F396D}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{2804DECC-0976-4B9D-9937-8D9DECA92E1F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CDF6B369-5185-427A-B45A-01D02760A8D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F64FC4F2-32AF-4778-8FE6-D5D81014B815}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6132CDFB-4C42-4D1F-A1B4-B5C4AA5939FE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0B62F929-5C04-4D9F-A4D4-018DE589555D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{5A8BF9D2-02ED-4303-938D-486B15387C01}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{9DA8FBB6-89CF-4C38-8B62-5D265F07405E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{3B6CA7A4-CD81-4CF7-A979-260626D3EF09}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-12 00:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-12 00:31]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 16:46]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-12 00:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-12 00:31]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 00:44]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-04-03 04:32]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-09 11:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4392e102-5aeb-11dc-8abe-001bfc4f16ae}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88cf2ca-58d0-11dc-ad78-806e6f6e6963}]
\shell\AutoRun\command - D:\.\Bin\Assetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-13 16:02:57 C:\Windows\Tasks\At1.job"
- C:\Windows\widupdate.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At2.job"
- C:\Windows\dr.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At3.job"
- C:\Windows\patcher.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At4.job"
- C:\Windows\dr.exe
"2008-05-18 15:05:31 C:\Windows\Tasks\RtlVistaStart.job"
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
"2008-05-17 18:12:52 C:\Windows\Tasks\User_Feed_Synchronization-{B88CB541-93A9-40AD-9E12-9DFB1460494C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 17:05:58
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Windows\TEMP\TMP0000002F53E72EF5356303C3 524288 bytes executable
C:\Users\Guillaume\AppData\Local\eMule\config\server_met.old 25530 bytes
Scan termin‚ avec succŠs
Les fichiers cach‚s: 2
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\cbXOHWOe.dll
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\khrkmmyy.dll
-> C:\Windows\system32\gvgkcooj.dll
-> C:\Windows\system32\oPiJARKa.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\PnkBstrB.exe
C:\Fraps\fraps.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\VSSVC.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-18 17:13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 15:13:26
Pre-Run: 50,705,195,008 octets libres
Post-Run: 67,569,651,712 octets libres
323 --- E O F --- 2008-05-17 09:13:03
voila mon dernier scan combofix
ComboFix 08-05-15.3 - Guillaume 2008-05-19 18:57:34.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.740 [GMT 2:00]
Endroit: C:\Downloads\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\balclhwj.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))
.
2008-05-18 17:30 . 2008-05-18 17:30 122,556 --ah----- C:\Windows\System32\mlfcache.dat
2008-05-18 17:21 . 2008-05-18 17:21 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Malwarebytes
2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-18 17:20 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-18 17:19 . 2008-05-18 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 17:19 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-18 17:16 . 2008-05-18 19:27 124,928 --------- C:\Windows\System32\qraxdxal.dll
2008-05-18 17:05 . 2008-05-18 19:27 57,344 --------- C:\Windows\System32\cbXOHWOe.dll
2008-05-17 19:56 . 2008-05-18 19:27 116,224 --------- C:\Windows\System32\khrkmmyy.dll
2008-05-17 18:49 . 2008-05-17 18:49 125,952 --a------ C:\Windows\System32\gvgkcooj.dll
2008-05-17 13:43 . 2008-05-19 18:42 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-17 13:43 . 2008-05-17 13:43 1,409 --a------ C:\Windows\QTFont.for
2008-05-16 18:47 . 2008-05-16 18:47 125,952 --a------ C:\Windows\System32\bhxsrxps.dll
2008-05-16 18:44 . 2008-05-16 18:45 125,952 --a------ C:\Windows\System32\dsftbkao.dll
2008-05-15 18:59 . 2008-05-15 18:59 133,120 --a------ C:\Windows\System32\jxhkgpxy.dll
2008-05-15 18:45 . 2008-05-15 18:45 133,120 --a------ C:\Windows\System32\plmkqybs.dll
2008-05-15 15:19 . 2008-05-15 15:19 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 14:22 . 2008-05-15 14:22 134,144 --a------ C:\Windows\System32\xxgwwbhh.dll
2008-05-14 17:55 . 2008-05-14 17:55 <REP> d-------- C:\Program Files\Uniblue
2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\ProgramData\WindowsSearch
2008-05-13 21:20 . 2008-05-13 21:21 133,632 --a------ C:\Windows\System32\hcmyegww.dll
2008-05-13 18:45 . 2008-05-17 17:20 307 --a------ C:\Windows\wininit.ini
2008-05-13 18:20 . 2008-05-13 21:17 706 ---hs---- C:\Windows\System32\qjpqtkcv.ini
2008-05-13 18:17 . 2008-05-13 18:17 131,584 --a------ C:\Windows\System32\ufrqmeuw.dll
2008-05-13 18:02 . 2008-05-13 19:37 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000002.regtrans-ms
2008-05-13 18:02 . 2008-05-19 19:31 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000001.regtrans-ms
2008-05-13 18:02 . 2008-05-19 19:31 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TM.blf
2008-05-12 14:05 . 2008-05-18 19:27 371,712 --------- C:\Windows\System32\oPiJARKa.dll
2008-05-11 18:32 . 2008-05-11 18:32 316 --a------ C:\Windows\game.ini
2008-05-11 18:09 . 2008-05-13 18:01 <REP> d-------- C:\Program Files\id Software
2008-05-10 18:48 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Audacity
2008-05-10 00:35 . 2008-05-10 00:35 <REP> d-------- C:\Program Files\GoldWave
2008-05-10 00:18 . 2008-05-13 18:01 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Audacity
2008-05-10 00:18 . 2008-05-10 00:18 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-10 00:11 . 2008-05-10 00:11 <REP> d-------- C:\Program Files\DigitalSoundPlanet
2008-05-10 00:10 . 1998-02-06 21:37 299,520 --a------ C:\Windows\uninst.exe
2008-05-10 00:06 . 2008-05-10 00:06 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\streamripper
2008-05-10 00:03 . 2008-05-10 00:03 <REP> d-------- C:\Program Files\Streamripper
2008-05-03 23:35 . 2008-05-03 23:49 <REP> d-------- C:\Program Files\LcdStudio
2008-05-03 23:26 . 2008-05-03 23:26 <REP> d-------- C:\Program Files\RivaTuner v2.09
2008-05-03 14:56 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe
2008-05-03 14:56 . 1998-04-13 14:02 69,632 --a------ C:\Windows\TWUNK_32.728
2008-05-03 14:56 . 1998-04-13 14:02 48,560 --a------ C:\Windows\TWUNK_16.728
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Users\All Users\Real
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\Users\All Users\TrackMania
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\ProgramData\TrackMania
2008-04-29 19:02 . 2008-04-29 19:02 180,575 --a------ C:\acadminidump.dmp
2008-04-29 17:47 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\AutoCAD 2008
2008-04-29 17:45 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-29 17:45 . 2008-04-29 17:45 <REP> d-------- C:\Program Files\Autodesk
2008-04-26 19:01 . 2008-04-26 19:00 691,545 --a------ C:\Windows\unins000.exe
2008-04-26 19:01 . 2008-04-26 19:01 2,541 --a------ C:\Windows\unins000.dat
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Users\All Users\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\ProgramData\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Program Files\Skyline
2008-04-22 18:35 . 2008-04-22 18:35 <REP> d-------- C:\Program Files\Apple Software Update
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 17:33 126,710,560 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-19 17:32 --------- d---a-w C:\ProgramData\TEMP
2008-05-19 17:31 1,698,044 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-19 16:47 --------- d-----w C:\Program Files\Steam
2008-05-19 16:42 --------- d-----w C:\Program Files\SpeedFan
2008-05-19 16:31 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-15 16:46 --------- d-----w C:\Program Files\Rumble Box
2008-05-15 04:41 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 14:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-13 16:01 --------- d-----w C:\Program Files\Codemasters
2008-05-11 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 16:33 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-11 16:33 22,328 ----a-w C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys
2008-05-10 09:50 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-03 13:11 1,248 --sha-w C:\wdhfao30.sys
2008-05-03 12:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-29 15:59 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Autodesk
2008-04-29 15:59 --------- d-----w C:\ProgramData\Autodesk
2008-04-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 18:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\OpenOffice.org2
2008-04-22 16:43 --------- d-----w C:\Program Files\Safari
2008-04-17 19:06 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 19:06 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-16 19:21 --------- d-----w C:\Program Files\Google
2008-04-13 09:56 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 09:56 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
2008-04-13 09:41 --------- d-----w C:\Program Files\FlashGet
2008-04-04 17:09 --------- d-----w C:\Users\Guillaume\AppData\Roaming\teamspeak2
2008-04-04 09:57 --------- d-----w C:\Program Files\iTunes
2008-04-04 09:57 --------- d-----w C:\Program Files\iPod
2008-04-04 09:55 --------- d-----w C:\Program Files\QuickTime
2008-03-29 14:30 --------- d-----w C:\Program Files\TeamSpeak3
2008-03-24 15:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Apple Computer
2008-03-22 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-18 17:54 174 --sha-w C:\Program Files\desktop.ini
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-18_17.11.35.86 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 14:56:26 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-19 17:32:16 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-18 14:56:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-19 17:32:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-18 15:05:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-19 17:33:20 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-18 15:06:25 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-19 17:33:20 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-18 15:05:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-18 15:05:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-19 16:29:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-18 15:05:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-18 15:02:07 104,742 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-19 16:35:37 104,742 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-18 15:02:07 127,798 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-19 16:35:37 127,798 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-18 15:02:07 595,308 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-19 16:35:37 595,308 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-18 15:02:07 678,730 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-19 16:35:37 678,730 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-18 15:07:33 8,228 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
+ 2008-05-19 17:35:09 8,474 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
- 2008-05-18 15:07:30 98,438 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-19 17:35:08 98,696 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-18 09:41:43 47,912 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-19 16:31:26 48,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d86005a-acf9-43d7-bf09-e1a44c7d87d1}]
2008-05-15 18:59 133120 --a------ C:\Windows\system32\jxhkgpxy.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-01 18:27 32768]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-01-08 12:25 2124088]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ZSSnp211"="C:\Windows\ZSSnp211.exe" [2007-03-06 10:25 49152]
"Domino"="C:\Windows\Domino.exe" [2007-03-06 10:25 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 18:32 1261568]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-04 12:02 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-04 12:02 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-04 12:02 88608]
"RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-01 18:27:52 450560]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3012532108-3653173252-843021523-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A269090-57FC-4253-BBE1-2A398A0B0912}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FAEE4CEE-9FFF-4DF6-AE7A-888984A4C724}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7733464C-02F9-44FA-ACEC-2E07D136E2AF}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D4AFD5C5-BE92-4002-8A67-269E795BC8F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{83D9B4F1-BF61-41A6-B082-BAE8E03857AD}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{A7D1D972-B99C-4505-873D-ED6CF46CB3EE}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{0601BAB7-D10F-46A7-B44D-F77EF81B576C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{665F0B99-293D-4C8C-BEBE-0A8AD835D2C0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2B3146E0-9C59-4290-907C-459FE04D12FF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A6A7AEA9-26A5-402F-BF8D-5E89A23DB57E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{EDBF1396-D198-464C-9000-E0236F702461}"= UDP:8958:BitComet 8958 TCP
"{BCE3D636-472B-4B03-8AE4-E6A331808BF3}"= TCP:8958:BitComet 8958 UDP
"{11E36DE5-6F19-43AE-91F9-367D0C637F46}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{2578D77B-07AC-439A-B1BB-890CC6B937E6}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{73E310F9-4DA7-4C49-BBB9-E3A16B1CF442}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exerb
"{75BE34DF-F4C9-4821-86E1-A6E4C3A21BB7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exerb
"{AA7F1AE8-5D0F-4DEB-AC66-1A28E455E24A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{4AA080EC-AAF4-4E08-92F6-96DAC426FA91}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{DE00E99C-06C1-4F70-AFEF-B9743D036550}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{C6593E5D-49AF-4856-B290-BD0492698FF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{85302E47-603C-4D32-9073-4FB744F3E49D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"{8831510A-D4C4-449B-B388-D59153E98B68}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"{2BD2189C-9478-46C6-ADEF-DB582AA0AFE1}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{FB07C9E5-58D5-46C5-95CA-77E32BFA2405}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{021C1600-E779-4400-98EC-2D1405CCCD22}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{EB671C70-C506-4D46-AB64-DC6D7F5357E1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{256EEC85-33F9-42E8-B9CB-8905558ABC3B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8819B311-A2E5-483A-9C9C-0F009B2E1F5B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2142FF64-4960-4855-A012-1751AC559D2A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{832B12AC-C5F0-4B35-BBEF-64A2483CEE4F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B07605A1-BE31-40E5-8468-4D853CECCC8E}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{17EBD14B-BFF4-495F-A9E8-0D8F59AE2898}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{E5726EE3-0AFB-4C7B-B0CE-A12DF5C4C92E}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{5F1E3062-8F24-431F-8CBC-B9E30A1F396D}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{2804DECC-0976-4B9D-9937-8D9DECA92E1F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CDF6B369-5185-427A-B45A-01D02760A8D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F64FC4F2-32AF-4778-8FE6-D5D81014B815}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6132CDFB-4C42-4D1F-A1B4-B5C4AA5939FE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0B62F929-5C04-4D9F-A4D4-018DE589555D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{5A8BF9D2-02ED-4303-938D-486B15387C01}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{9DA8FBB6-89CF-4C38-8B62-5D265F07405E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{3B6CA7A4-CD81-4CF7-A979-260626D3EF09}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-12 00:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-12 00:31]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 16:46]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-12 00:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-12 00:31]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 00:44]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-04-03 04:32]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-09 11:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4392e102-5aeb-11dc-8abe-001bfc4f16ae}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88cf2ca-58d0-11dc-ad78-806e6f6e6963}]
\shell\AutoRun\command - D:\.\Bin\Assetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-13 16:02:57 C:\Windows\Tasks\At1.job"
- C:\Windows\widupdate.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At2.job"
- C:\Windows\dr.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At3.job"
- C:\Windows\patcher.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At4.job"
- C:\Windows\dr.exe
"2008-05-19 17:32:44 C:\Windows\Tasks\RtlVistaStart.job"
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
"2008-05-18 18:52:33 C:\Windows\Tasks\User_Feed_Synchronization-{B88CB541-93A9-40AD-9E12-9DFB1460494C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 19:33:31
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\PnkBstrB.exe
C:\Fraps\fraps.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-19 19:43:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 17:42:59
Pre-Run: 67,181,989,888 octets libres
Post-Run: 66,794,627,072 octets libres
315 --- E O F --- 2008-05-17 09:13:03
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
Re
alors j'ai desactivé kaspersky j'ai fait se que tu ma ecrit ( le pc na pas redémarré )
le raport combofix
ComboFix 08-05-15.3 - Guillaume 2008-05-20 18:32:48.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1225 [GMT 2:00]
Endroit: C:\Downloads\ComboFix.exe
Command switches used :: C:\Downloads\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\System32\bhxsrxps.dll
C:\Windows\System32\cbXOHWOe.dll
C:\Windows\System32\dsftbkao.dll
C:\Windows\System32\gvgkcooj.dll
C:\Windows\System32\hcmyegww.dll
C:\Windows\System32\jxhkgpxy.dll
C:\Windows\System32\khrkmmyy.dll
C:\Windows\System32\oPiJARKa.dll
C:\Windows\System32\plmkqybs.dll
C:\Windows\System32\qjpqtkcv.ini
C:\Windows\System32\ufrqmeuw.dll
C:\Windows\System32\xxgwwbhh.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\WindowsSearch
C:\Windows\System32\bhxsrxps.dll
C:\Windows\System32\cbXOHWOe.dll
C:\Windows\System32\dsftbkao.dll
C:\Windows\System32\gvgkcooj.dll
C:\Windows\System32\hcmyegww.dll
C:\Windows\System32\jxhkgpxy.dll
C:\Windows\System32\khrkmmyy.dll
C:\Windows\System32\oPiJARKa.dll
C:\Windows\System32\plmkqybs.dll
C:\Windows\System32\qjpqtkcv.ini
C:\Windows\System32\ufrqmeuw.dll
C:\Windows\System32\xxgwwbhh.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.
2008-05-20 18:31 . 2008-05-20 18:31 <REP> d-------- C:\327882R2FWJFW
2008-05-18 17:30 . 2008-05-18 17:30 122,556 --ah----- C:\Windows\System32\mlfcache.dat
2008-05-18 17:21 . 2008-05-18 17:21 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Malwarebytes
2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-18 17:20 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-18 17:19 . 2008-05-18 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 17:19 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-18 17:16 . 2008-05-18 19:27 124,928 --------- C:\Windows\System32\qraxdxal.dll
2008-05-15 15:19 . 2008-05-15 15:19 <REP> d-------- C:\Program Files\Trend Micro
2008-05-14 17:55 . 2008-05-14 17:55 <REP> d-------- C:\Program Files\Uniblue
2008-05-13 18:45 . 2008-05-17 17:20 307 --a------ C:\Windows\wininit.ini
2008-05-13 18:02 . 2008-05-13 19:37 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000002.regtrans-ms
2008-05-13 18:02 . 2008-05-19 22:20 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000001.regtrans-ms
2008-05-13 18:02 . 2008-05-19 22:20 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TM.blf
2008-05-11 18:32 . 2008-05-11 18:32 316 --a------ C:\Windows\game.ini
2008-05-11 18:09 . 2008-05-13 18:01 <REP> d-------- C:\Program Files\id Software
2008-05-10 18:48 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Audacity
2008-05-10 00:35 . 2008-05-10 00:35 <REP> d-------- C:\Program Files\GoldWave
2008-05-10 00:18 . 2008-05-13 18:01 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Audacity
2008-05-10 00:18 . 2008-05-10 00:18 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-10 00:11 . 2008-05-10 00:11 <REP> d-------- C:\Program Files\DigitalSoundPlanet
2008-05-10 00:10 . 1998-02-06 21:37 299,520 --a------ C:\Windows\uninst.exe
2008-05-10 00:06 . 2008-05-10 00:06 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\streamripper
2008-05-10 00:03 . 2008-05-10 00:03 <REP> d-------- C:\Program Files\Streamripper
2008-05-03 23:35 . 2008-05-03 23:49 <REP> d-------- C:\Program Files\LcdStudio
2008-05-03 23:26 . 2008-05-03 23:26 <REP> d-------- C:\Program Files\RivaTuner v2.09
2008-05-03 14:56 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe
2008-05-03 14:56 . 1998-04-13 14:02 69,632 --a------ C:\Windows\TWUNK_32.728
2008-05-03 14:56 . 1998-04-13 14:02 48,560 --a------ C:\Windows\TWUNK_16.728
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Users\All Users\Real
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\Users\All Users\TrackMania
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\ProgramData\TrackMania
2008-04-29 19:02 . 2008-04-29 19:02 180,575 --a------ C:\acadminidump.dmp
2008-04-29 17:47 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\AutoCAD 2008
2008-04-29 17:45 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-29 17:45 . 2008-04-29 17:45 <REP> d-------- C:\Program Files\Autodesk
2008-04-26 19:01 . 2008-04-26 19:00 691,545 --a------ C:\Windows\unins000.exe
2008-04-26 19:01 . 2008-04-26 19:01 2,541 --a------ C:\Windows\unins000.dat
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Users\All Users\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\ProgramData\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Program Files\Skyline
2008-04-22 18:35 . 2008-04-22 18:35 <REP> d-------- C:\Program Files\Apple Software Update
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 16:35 126,882,592 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-20 15:29 --------- d-----w C:\Program Files\Steam
2008-05-20 15:27 --------- d-----w C:\Program Files\SpeedFan
2008-05-20 15:26 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-20 15:24 --------- d---a-w C:\ProgramData\TEMP
2008-05-19 20:20 1,699,028 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-15 16:46 --------- d-----w C:\Program Files\Rumble Box
2008-05-15 04:41 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 14:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-13 16:01 --------- d-----w C:\Program Files\Codemasters
2008-05-11 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 16:33 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-05-11 16:33 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-11 16:33 22,328 ----a-w C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys
2008-05-11 16:33 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-10 09:50 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-03 13:11 1,248 --sha-w C:\wdhfao30.sys
2008-05-03 12:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-29 15:59 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Autodesk
2008-04-29 15:59 --------- d-----w C:\ProgramData\Autodesk
2008-04-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 18:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\OpenOffice.org2
2008-04-22 16:43 --------- d-----w C:\Program Files\Safari
2008-04-17 19:06 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 19:06 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-16 19:21 --------- d-----w C:\Program Files\Google
2008-04-13 09:56 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 09:56 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
2008-04-13 09:41 --------- d-----w C:\Program Files\FlashGet
2008-04-04 17:09 --------- d-----w C:\Users\Guillaume\AppData\Roaming\teamspeak2
2008-04-04 09:57 --------- d-----w C:\Program Files\iTunes
2008-04-04 09:57 --------- d-----w C:\Program Files\iPod
2008-04-04 09:55 --------- d-----w C:\Program Files\QuickTime
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
2008-03-29 14:30 --------- d-----w C:\Program Files\TeamSpeak3
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-24 15:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Apple Computer
2008-03-22 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-18 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-03-18 17:32 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-18 17:32 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-18 16:42 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-03-18 16:42 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-03-08 15:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-06 15:23 442,368 ----a-w C:\Windows\System32\nvuninst.exe
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot_2008-05-19_19.41.48.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 17:32:16 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-20 15:24:21 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-19 17:32:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-20 15:24:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-20 15:25:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-20 15:25:58 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-20 16:35:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-20 15:24:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-19 16:29:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-20 15:24:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-20 15:24:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-19 16:35:37 104,742 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-19 17:38:38 104,742 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-19 16:35:37 127,798 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-19 17:38:38 127,798 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-19 16:35:37 595,308 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-19 17:38:38 595,308 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-19 16:35:37 678,730 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-19 17:38:38 678,730 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-19 17:35:09 8,474 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
+ 2008-05-20 15:26:19 8,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
- 2008-05-19 17:35:08 98,696 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-20 15:26:19 98,766 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-19 16:31:26 48,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-20 15:26:17 48,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-01 18:27 32768]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-01-08 12:25 2124088]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ZSSnp211"="C:\Windows\ZSSnp211.exe" [2007-03-06 10:25 49152]
"Domino"="C:\Windows\Domino.exe" [2007-03-06 10:25 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 18:32 1261568]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-04 12:02 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-04 12:02 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-04 12:02 88608]
"RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-01 18:27:52 450560]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3012532108-3653173252-843021523-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A269090-57FC-4253-BBE1-2A398A0B0912}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FAEE4CEE-9FFF-4DF6-AE7A-888984A4C724}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7733464C-02F9-44FA-ACEC-2E07D136E2AF}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D4AFD5C5-BE92-4002-8A67-269E795BC8F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{83D9B4F1-BF61-41A6-B082-BAE8E03857AD}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{A7D1D972-B99C-4505-873D-ED6CF46CB3EE}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{0601BAB7-D10F-46A7-B44D-F77EF81B576C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{665F0B99-293D-4C8C-BEBE-0A8AD835D2C0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2B3146E0-9C59-4290-907C-459FE04D12FF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A6A7AEA9-26A5-402F-BF8D-5E89A23DB57E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{EDBF1396-D198-464C-9000-E0236F702461}"= UDP:8958:BitComet 8958 TCP
"{BCE3D636-472B-4B03-8AE4-E6A331808BF3}"= TCP:8958:BitComet 8958 UDP
"{11E36DE5-6F19-43AE-91F9-367D0C637F46}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{2578D77B-07AC-439A-B1BB-890CC6B937E6}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{73E310F9-4DA7-4C49-BBB9-E3A16B1CF442}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exerb
"{75BE34DF-F4C9-4821-86E1-A6E4C3A21BB7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exerb
"{AA7F1AE8-5D0F-4DEB-AC66-1A28E455E24A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{4AA080EC-AAF4-4E08-92F6-96DAC426FA91}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exerbTray
"{DE00E99C-06C1-4F70-AFEF-B9743D036550}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{C6593E5D-49AF-4856-B290-BD0492698FF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exerbIR
"{85302E47-603C-4D32-9073-4FB744F3E49D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"{8831510A-D4C4-449B-B388-D59153E98B68}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exerb Stream Client
"{2BD2189C-9478-46C6-ADEF-DB582AA0AFE1}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{FB07C9E5-58D5-46C5-95CA-77E32BFA2405}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{021C1600-E779-4400-98EC-2D1405CCCD22}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{EB671C70-C506-4D46-AB64-DC6D7F5357E1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{256EEC85-33F9-42E8-B9CB-8905558ABC3B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8819B311-A2E5-483A-9C9C-0F009B2E1F5B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2142FF64-4960-4855-A012-1751AC559D2A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{832B12AC-C5F0-4B35-BBEF-64A2483CEE4F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B07605A1-BE31-40E5-8468-4D853CECCC8E}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{17EBD14B-BFF4-495F-A9E8-0D8F59AE2898}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{E5726EE3-0AFB-4C7B-B0CE-A12DF5C4C92E}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{5F1E3062-8F24-431F-8CBC-B9E30A1F396D}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{2804DECC-0976-4B9D-9937-8D9DECA92E1F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CDF6B369-5185-427A-B45A-01D02760A8D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F64FC4F2-32AF-4778-8FE6-D5D81014B815}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6132CDFB-4C42-4D1F-A1B4-B5C4AA5939FE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0B62F929-5C04-4D9F-A4D4-018DE589555D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{5A8BF9D2-02ED-4303-938D-486B15387C01}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{9DA8FBB6-89CF-4C38-8B62-5D265F07405E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{3B6CA7A4-CD81-4CF7-A979-260626D3EF09}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-12 00:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-12 00:31]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 16:46]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-12 00:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-12 00:31]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 00:44]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-04-03 04:32]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-09 11:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4392e102-5aeb-11dc-8abe-001bfc4f16ae}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88cf2ca-58d0-11dc-ad78-806e6f6e6963}]
\shell\AutoRun\command - D:\.\Bin\Assetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-13 16:02:57 C:\Windows\Tasks\At1.job"
- C:\Windows\widupdate.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At2.job"
- C:\Windows\dr.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At3.job"
- C:\Windows\patcher.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At4.job"
- C:\Windows\dr.exe
"2008-05-20 15:28:06 C:\Windows\Tasks\RtlVistaStart.job"
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
"2008-05-19 19:33:30 C:\Windows\Tasks\User_Feed_Synchronization-{B88CB541-93A9-40AD-9E12-9DFB1460494C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 18:35:56
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-20 18:37:11
ComboFix-quarantined-files.txt 2008-05-20 16:36:41
Pre-Run: 64,288,026,624 octets libres
Post-Run: 64,185,815,040 octets libres
328 --- E O F --- 2008-05-17 09:13:03
et le rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:59, on 20/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Fraps\fraps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /T
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: bw+0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 21128 bytes
Via Windows 
Répondre à Angeldark
re
c moi j'ai supprime le fichier comme tu ma dit mais depuis je c pas ce qui c passer mais mon compte c effacé et on dirait pareil pour mon compte steam 
donc je pense que c lié
si tu pourait m'aider sinon je 
Refais un scan Combofix 
Répondre à Angeldark
