Mon PC est infecté besoin d'aide pour raport HijackThis

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

ComboFix 08-05-15.3 - Guillaume 2008-05-18 16:41:04.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1165 [GMT 2:00]
Endroit: C:\Users\Guillaume\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\aKRAJiPo.ini
C:\Windows\System32\aKRAJiPo.ini2
C:\Windows\system32\erwseosn.exe
C:\Windows\system32\hesbagdd.exe
C:\Windows\System32\jebwdvys.ini
C:\Windows\system32\mtxakhve.exe
C:\Windows\system32\onpayhbq.ini
C:\Windows\system32\ousgvkvp.ini
C:\Windows\system32\qnapvmmw.exe
C:\Windows\system32\rpwkdlkl.exe
C:\Windows\system32\ukrylnky.ini
C:\Windows\system32\uxwthxlq.exe
C:\Windows\system32\yymmkrhk.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.

2008-05-18 17:06 . 2008-05-18 17:06 345 --ahs---- C:\Windows\System32\aKRAJiPo.ini2
2008-05-18 17:06 . 2008-05-18 17:06 345 --ahs---- C:\Windows\System32\aKRAJiPo.ini
2008-05-18 17:05 . 2008-05-12 14:00 57,344 --a------ C:\Windows\System32\cbXOHWOe.dll
2008-05-18 17:05 . 2008-05-18 17:05 294 ---hs---- C:\Windows\System32\yymmkrhk.ini
2008-05-17 19:56 . 2008-05-17 19:56 116,224 --------- C:\Windows\System32\khrkmmyy.dll
2008-05-17 18:49 . 2008-05-17 18:49 125,952 --a------ C:\Windows\System32\gvgkcooj.dll
2008-05-17 13:43 . 2008-05-17 13:43 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-17 13:43 . 2008-05-17 13:43 1,409 --a------ C:\Windows\QTFont.for
2008-05-16 18:47 . 2008-05-16 18:47 125,952 --a------ C:\Windows\System32\bhxsrxps.dll
2008-05-16 18:44 . 2008-05-16 18:45 125,952 --a------ C:\Windows\System32\dsftbkao.dll
2008-05-15 18:59 . 2008-05-15 18:59 133,120 --a------ C:\Windows\System32\jxhkgpxy.dll
2008-05-15 18:45 . 2008-05-15 18:45 133,120 --a------ C:\Windows\System32\plmkqybs.dll
2008-05-15 15:19 . 2008-05-15 15:19 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 14:22 . 2008-05-15 14:22 134,144 --a------ C:\Windows\System32\xxgwwbhh.dll
2008-05-14 17:55 . 2008-05-14 17:55 <REP> d-------- C:\Program Files\Uniblue
2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\ProgramData\WindowsSearch
2008-05-13 21:20 . 2008-05-13 21:21 133,632 --a------ C:\Windows\System32\hcmyegww.dll
2008-05-13 21:18 . 2008-05-13 21:19 123,392 --a------ C:\Windows\System32\cbxhvcra.dll
2008-05-13 18:45 . 2008-05-17 17:20 307 --a------ C:\Windows\wininit.ini
2008-05-13 18:20 . 2008-05-13 21:17 706 ---hs---- C:\Windows\System32\qjpqtkcv.ini
2008-05-13 18:17 . 2008-05-13 18:17 131,584 --a------ C:\Windows\System32\ufrqmeuw.dll
2008-05-13 18:02 . 2008-05-13 19:37 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000002.regtrans-ms
2008-05-13 18:02 . 2008-05-18 16:55 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000001.regtrans-ms
2008-05-13 18:02 . 2008-05-18 16:55 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TM.blf
2008-05-12 14:05 . 2008-05-12 14:06 371,712 --------- C:\Windows\System32\oPiJARKa.dll
2008-05-11 18:32 . 2008-05-11 18:32 316 --a------ C:\Windows\game.ini
2008-05-11 18:09 . 2008-05-13 18:01 <REP> d-------- C:\Program Files\id Software
2008-05-10 18:48 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Audacity
2008-05-10 00:35 . 2008-05-10 00:35 <REP> d-------- C:\Program Files\GoldWave
2008-05-10 00:18 . 2008-05-13 18:01 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Audacity
2008-05-10 00:18 . 2008-05-10 00:18 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-10 00:11 . 2008-05-10 00:11 <REP> d-------- C:\Program Files\DigitalSoundPlanet
2008-05-10 00:10 . 1998-02-06 21:37 299,520 --a------ C:\Windows\uninst.exe
2008-05-10 00:06 . 2008-05-10 00:06 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\streamripper
2008-05-10 00:03 . 2008-05-10 00:03 <REP> d-------- C:\Program Files\Streamripper
2008-05-03 23:35 . 2008-05-03 23:49 <REP> d-------- C:\Program Files\LcdStudio
2008-05-03 23:26 . 2008-05-03 23:26 <REP> d-------- C:\Program Files\RivaTuner v2.09
2008-05-03 14:56 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe
2008-05-03 14:56 . 1998-04-13 14:02 69,632 --a------ C:\Windows\TWUNK_32.728
2008-05-03 14:56 . 1998-04-13 14:02 48,560 --a------ C:\Windows\TWUNK_16.728
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Users\All Users\Real
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\Users\All Users\TrackMania
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\ProgramData\TrackMania
2008-04-29 19:02 . 2008-04-29 19:02 180,575 --a------ C:\acadminidump.dmp
2008-04-29 17:47 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\AutoCAD 2008
2008-04-29 17:45 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-29 17:45 . 2008-04-29 17:45 <REP> d-------- C:\Program Files\Autodesk
2008-04-26 19:01 . 2008-04-26 19:00 691,545 --a------ C:\Windows\unins000.exe
2008-04-26 19:01 . 2008-04-26 19:01 2,541 --a------ C:\Windows\unins000.dat
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Users\All Users\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\ProgramData\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Program Files\Skyline
2008-04-22 18:35 . 2008-04-22 18:35 <REP> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 15:06 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-18 15:05 --------- d---a-w C:\ProgramData\TEMP
2008-05-18 15:01 126,508,064 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-18 14:55 1,695,284 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-18 12:21 --------- d-----w C:\Program Files\SpeedFan
2008-05-16 21:30 --------- d-----w C:\Program Files\Steam
2008-05-15 16:46 --------- d-----w C:\Program Files\Rumble Box
2008-05-15 04:41 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 14:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-13 16:01 --------- d-----w C:\Program Files\Codemasters
2008-05-11 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 16:33 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-11 16:33 22,328 ----a-w C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys
2008-05-10 09:50 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-03 13:11 1,248 --sha-w C:\wdhfao30.sys
2008-05-03 12:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-29 15:59 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Autodesk
2008-04-29 15:59 --------- d-----w C:\ProgramData\Autodesk
2008-04-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 18:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\OpenOffice.org2
2008-04-22 16:43 --------- d-----w C:\Program Files\Safari
2008-04-17 19:06 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 19:06 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-16 19:21 --------- d-----w C:\Program Files\Google
2008-04-13 09:56 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 09:56 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
2008-04-13 09:41 --------- d-----w C:\Program Files\FlashGet
2008-04-04 17:09 --------- d-----w C:\Users\Guillaume\AppData\Roaming\teamspeak2
2008-04-04 09:57 --------- d-----w C:\Program Files\iTunes
2008-04-04 09:57 --------- d-----w C:\Program Files\iPod
2008-04-04 09:55 --------- d-----w C:\Program Files\QuickTime
2008-03-29 14:30 --------- d-----w C:\Program Files\TeamSpeak3
2008-03-24 15:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Apple Computer
2008-03-22 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-18 17:56 --------- d-----w C:\ProgramData\NVIDIA
2008-03-18 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Journal
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Defender
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Calendar
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14370F76-7676-44A2-AD11-93A31C5FC9FC}]
2008-05-12 14:00 57344 --a------ C:\Windows\system32\cbXOHWOe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d86005a-acf9-43d7-bf09-e1a44c7d87d1}]
2008-05-15 18:59 133120 --a------ C:\Windows\system32\jxhkgpxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F636577-C87B-4C23-9A98-B31389445D1E}]
2008-05-12 14:06 371712 --------- C:\Windows\system32\oPiJARKa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-01 18:27 32768]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-01-08 12:25 2124088]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"MSServer"="C:\Windows\system32\cbXOHWOe.dll" [2008-05-12 14:00 57344]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ZSSnp211"="C:\Windows\ZSSnp211.exe" [2007-03-06 10:25 49152]
"Domino"="C:\Windows\Domino.exe" [2007-03-06 10:25 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 18:32 1261568]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-04 12:02 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-04 12:02 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-04 12:02 88608]
"RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]
"d8f28bb8"="C:\Windows\system32\khrkmmyy.dll" [2008-05-17 19:56 116224]
"BMdbc1b824"="C:\Windows\system32\gvgkcooj.dll" [2008-05-17 18:49 125952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-01 18:27:52 450560]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{14370F76-7676-44A2-AD11-93A31C5FC9FC}"= C:\Windows\system32\cbXOHWOe.dll [2008-05-12 14:00 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\oPiJARKa

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3012532108-3653173252-843021523-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A269090-57FC-4253-BBE1-2A398A0B0912}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FAEE4CEE-9FFF-4DF6-AE7A-888984A4C724}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7733464C-02F9-44FA-ACEC-2E07D136E2AF}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D4AFD5C5-BE92-4002-8A67-269E795BC8F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{83D9B4F1-BF61-41A6-B082-BAE8E03857AD}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{A7D1D972-B99C-4505-873D-ED6CF46CB3EE}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{0601BAB7-D10F-46A7-B44D-F77EF81B576C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{665F0B99-293D-4C8C-BEBE-0A8AD835D2C0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2B3146E0-9C59-4290-907C-459FE04D12FF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A6A7AEA9-26A5-402F-BF8D-5E89A23DB57E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{EDBF1396-D198-464C-9000-E0236F702461}"= UDP:8958:BitComet 8958 TCP
"{BCE3D636-472B-4B03-8AE4-E6A331808BF3}"= TCP:8958:BitComet 8958 UDP
"{11E36DE5-6F19-43AE-91F9-367D0C637F46}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{2578D77B-07AC-439A-B1BB-890CC6B937E6}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{73E310F9-4DA7-4C49-BBB9-E3A16B1CF442}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe rb
"{75BE34DF-F4C9-4821-86E1-A6E4C3A21BB7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe rb
"{AA7F1AE8-5D0F-4DEB-AC66-1A28E455E24A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe rbTray
"{4AA080EC-AAF4-4E08-92F6-96DAC426FA91}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe rbTray
"{DE00E99C-06C1-4F70-AFEF-B9743D036550}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe rbIR
"{C6593E5D-49AF-4856-B290-BD0492698FF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe rbIR
"{85302E47-603C-4D32-9073-4FB744F3E49D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe rb Stream Client
"{8831510A-D4C4-449B-B388-D59153E98B68}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe rb Stream Client
"{2BD2189C-9478-46C6-ADEF-DB582AA0AFE1}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{FB07C9E5-58D5-46C5-95CA-77E32BFA2405}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{021C1600-E779-4400-98EC-2D1405CCCD22}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{EB671C70-C506-4D46-AB64-DC6D7F5357E1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{256EEC85-33F9-42E8-B9CB-8905558ABC3B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8819B311-A2E5-483A-9C9C-0F009B2E1F5B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2142FF64-4960-4855-A012-1751AC559D2A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{832B12AC-C5F0-4B35-BBEF-64A2483CEE4F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B07605A1-BE31-40E5-8468-4D853CECCC8E}"= UDP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{17EBD14B-BFF4-495F-A9E8-0D8F59AE2898}"= TCP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{E5726EE3-0AFB-4C7B-B0CE-A12DF5C4C92E}"= UDP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{5F1E3062-8F24-431F-8CBC-B9E30A1F396D}"= TCP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{2804DECC-0976-4B9D-9937-8D9DECA92E1F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CDF6B369-5185-427A-B45A-01D02760A8D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F64FC4F2-32AF-4778-8FE6-D5D81014B815}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6132CDFB-4C42-4D1F-A1B4-B5C4AA5939FE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0B62F929-5C04-4D9F-A4D4-018DE589555D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{5A8BF9D2-02ED-4303-938D-486B15387C01}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{9DA8FBB6-89CF-4C38-8B62-5D265F07405E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{3B6CA7A4-CD81-4CF7-A979-260626D3EF09}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-12 00:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-12 00:31]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 16:46]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-12 00:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-12 00:31]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 00:44]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-04-03 04:32]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-09 11:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4392e102-5aeb-11dc-8abe-001bfc4f16ae}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88cf2ca-58d0-11dc-ad78-806e6f6e6963}]
\shell\AutoRun\command - D:\.\Bin\Assetup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-13 16:02:57 C:\Windows\Tasks\At1.job"
- C:\Windows\widupdate.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At2.job"
- C:\Windows\dr.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At3.job"
- C:\Windows\patcher.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At4.job"
- C:\Windows\dr.exe
"2008-05-18 15:05:31 C:\Windows\Tasks\RtlVistaStart.job"
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
"2008-05-17 18:12:52 C:\Windows\Tasks\User_Feed_Synchronization-{B88CB541-93A9-40AD-9E12-9DFB1460494C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 17:05:58
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Windows\TEMP\TMP0000002F53E72EF5356303C3 524288 bytes executable
C:\Users\Guillaume\AppData\Local\eMule\config\server_met.old 25530 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 2

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\cbXOHWOe.dll

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\khrkmmyy.dll
-> C:\Windows\system32\gvgkcooj.dll
-> C:\Windows\system32\oPiJARKa.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\PnkBstrB.exe
C:\Fraps\fraps.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\VSSVC.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-18 17:13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 15:13:26

Pre-Run: 50,705,195,008 octets libres
Post-Run: 67,569,651,712 octets libres

323 --- E O F --- 2008-05-17 09:13:03

Je l'avait deja fait avant que tu ne me le demande

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

La aussi j'avait deja lancer le scan avant que tu ne me le dise mais il vient juste de finir voila se qu'il me dit me dit

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 762

Type de recherche: Examen complet (C:\|)
Eléments examinés: 230734
Temps écoulé: 1 hour(s), 49 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\khrkmmyy.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\oPiJARKa.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\cbXOHWOe.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f636577-c87b-4c23-9a98-b31389445d1e} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9f636577-c87b-4c23-9a98-b31389445d1e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d8f28bb8 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMdbc1b824 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opijarka -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opijarka -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\khrkmmyy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\yymmkrhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\oPiJARKa.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\aKRAJiPo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aKRAJiPo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\cbXOHWOe.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\qraxdxal.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\cbxhvcra.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


j'ai eu le message me disant de redémaré se que j'ai fait

Ca y est je peut de nouveau surfe avec firefox et je peut lancer des jeu avec steam

mon pc semble etre redevenu comme avant

Merci de ton aide

Refais un scan Combofix.

voila mon dernier scan combofix

ComboFix 08-05-15.3 - Guillaume 2008-05-19 18:57:34.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.740 [GMT 2:00]
Endroit: C:\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\balclhwj.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))
.

2008-05-18 17:30 . 2008-05-18 17:30 122,556 --ah----- C:\Windows\System32\mlfcache.dat
2008-05-18 17:21 . 2008-05-18 17:21 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Malwarebytes
2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-18 17:20 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-18 17:19 . 2008-05-18 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 17:19 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-18 17:16 . 2008-05-18 19:27 124,928 --------- C:\Windows\System32\qraxdxal.dll
2008-05-18 17:05 . 2008-05-18 19:27 57,344 --------- C:\Windows\System32\cbXOHWOe.dll
2008-05-17 19:56 . 2008-05-18 19:27 116,224 --------- C:\Windows\System32\khrkmmyy.dll
2008-05-17 18:49 . 2008-05-17 18:49 125,952 --a------ C:\Windows\System32\gvgkcooj.dll
2008-05-17 13:43 . 2008-05-19 18:42 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-17 13:43 . 2008-05-17 13:43 1,409 --a------ C:\Windows\QTFont.for
2008-05-16 18:47 . 2008-05-16 18:47 125,952 --a------ C:\Windows\System32\bhxsrxps.dll
2008-05-16 18:44 . 2008-05-16 18:45 125,952 --a------ C:\Windows\System32\dsftbkao.dll
2008-05-15 18:59 . 2008-05-15 18:59 133,120 --a------ C:\Windows\System32\jxhkgpxy.dll
2008-05-15 18:45 . 2008-05-15 18:45 133,120 --a------ C:\Windows\System32\plmkqybs.dll
2008-05-15 15:19 . 2008-05-15 15:19 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 14:22 . 2008-05-15 14:22 134,144 --a------ C:\Windows\System32\xxgwwbhh.dll
2008-05-14 17:55 . 2008-05-14 17:55 <REP> d-------- C:\Program Files\Uniblue
2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\ProgramData\WindowsSearch
2008-05-13 21:20 . 2008-05-13 21:21 133,632 --a------ C:\Windows\System32\hcmyegww.dll
2008-05-13 18:45 . 2008-05-17 17:20 307 --a------ C:\Windows\wininit.ini
2008-05-13 18:20 . 2008-05-13 21:17 706 ---hs---- C:\Windows\System32\qjpqtkcv.ini
2008-05-13 18:17 . 2008-05-13 18:17 131,584 --a------ C:\Windows\System32\ufrqmeuw.dll
2008-05-13 18:02 . 2008-05-13 19:37 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000002.regtrans-ms
2008-05-13 18:02 . 2008-05-19 19:31 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000001.regtrans-ms
2008-05-13 18:02 . 2008-05-19 19:31 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TM.blf
2008-05-12 14:05 . 2008-05-18 19:27 371,712 --------- C:\Windows\System32\oPiJARKa.dll
2008-05-11 18:32 . 2008-05-11 18:32 316 --a------ C:\Windows\game.ini
2008-05-11 18:09 . 2008-05-13 18:01 <REP> d-------- C:\Program Files\id Software
2008-05-10 18:48 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Audacity
2008-05-10 00:35 . 2008-05-10 00:35 <REP> d-------- C:\Program Files\GoldWave
2008-05-10 00:18 . 2008-05-13 18:01 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Audacity
2008-05-10 00:18 . 2008-05-10 00:18 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-10 00:11 . 2008-05-10 00:11 <REP> d-------- C:\Program Files\DigitalSoundPlanet
2008-05-10 00:10 . 1998-02-06 21:37 299,520 --a------ C:\Windows\uninst.exe
2008-05-10 00:06 . 2008-05-10 00:06 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\streamripper
2008-05-10 00:03 . 2008-05-10 00:03 <REP> d-------- C:\Program Files\Streamripper
2008-05-03 23:35 . 2008-05-03 23:49 <REP> d-------- C:\Program Files\LcdStudio
2008-05-03 23:26 . 2008-05-03 23:26 <REP> d-------- C:\Program Files\RivaTuner v2.09
2008-05-03 14:56 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe
2008-05-03 14:56 . 1998-04-13 14:02 69,632 --a------ C:\Windows\TWUNK_32.728
2008-05-03 14:56 . 1998-04-13 14:02 48,560 --a------ C:\Windows\TWUNK_16.728
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Users\All Users\Real
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\Users\All Users\TrackMania
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\ProgramData\TrackMania
2008-04-29 19:02 . 2008-04-29 19:02 180,575 --a------ C:\acadminidump.dmp
2008-04-29 17:47 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\AutoCAD 2008
2008-04-29 17:45 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-29 17:45 . 2008-04-29 17:45 <REP> d-------- C:\Program Files\Autodesk
2008-04-26 19:01 . 2008-04-26 19:00 691,545 --a------ C:\Windows\unins000.exe
2008-04-26 19:01 . 2008-04-26 19:01 2,541 --a------ C:\Windows\unins000.dat
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Users\All Users\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\ProgramData\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Program Files\Skyline
2008-04-22 18:35 . 2008-04-22 18:35 <REP> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 17:33 126,710,560 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-19 17:32 --------- d---a-w C:\ProgramData\TEMP
2008-05-19 17:31 1,698,044 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-19 16:47 --------- d-----w C:\Program Files\Steam
2008-05-19 16:42 --------- d-----w C:\Program Files\SpeedFan
2008-05-19 16:31 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-15 16:46 --------- d-----w C:\Program Files\Rumble Box
2008-05-15 04:41 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 14:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-13 16:01 --------- d-----w C:\Program Files\Codemasters
2008-05-11 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 16:33 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-11 16:33 22,328 ----a-w C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys
2008-05-10 09:50 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-03 13:11 1,248 --sha-w C:\wdhfao30.sys
2008-05-03 12:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-29 15:59 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Autodesk
2008-04-29 15:59 --------- d-----w C:\ProgramData\Autodesk
2008-04-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 18:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\OpenOffice.org2
2008-04-22 16:43 --------- d-----w C:\Program Files\Safari
2008-04-17 19:06 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 19:06 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-16 19:21 --------- d-----w C:\Program Files\Google
2008-04-13 09:56 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 09:56 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
2008-04-13 09:41 --------- d-----w C:\Program Files\FlashGet
2008-04-04 17:09 --------- d-----w C:\Users\Guillaume\AppData\Roaming\teamspeak2
2008-04-04 09:57 --------- d-----w C:\Program Files\iTunes
2008-04-04 09:57 --------- d-----w C:\Program Files\iPod
2008-04-04 09:55 --------- d-----w C:\Program Files\QuickTime
2008-03-29 14:30 --------- d-----w C:\Program Files\TeamSpeak3
2008-03-24 15:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Apple Computer
2008-03-22 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-18 17:54 174 --sha-w C:\Program Files\desktop.ini
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-18_17.11.35.86 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 14:56:26 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-19 17:32:16 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-18 14:56:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-19 17:32:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-18 15:05:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-19 17:33:20 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-18 15:06:25 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-19 17:33:20 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-18 15:05:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-18 15:05:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-19 16:29:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-18 15:05:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-18 15:02:07 104,742 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-19 16:35:37 104,742 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-18 15:02:07 127,798 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-19 16:35:37 127,798 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-18 15:02:07 595,308 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-19 16:35:37 595,308 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-18 15:02:07 678,730 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-19 16:35:37 678,730 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-18 15:07:33 8,228 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
+ 2008-05-19 17:35:09 8,474 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
- 2008-05-18 15:07:30 98,438 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-19 17:35:08 98,696 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-18 09:41:43 47,912 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-19 16:31:26 48,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d86005a-acf9-43d7-bf09-e1a44c7d87d1}]
2008-05-15 18:59 133120 --a------ C:\Windows\system32\jxhkgpxy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-01 18:27 32768]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-01-08 12:25 2124088]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ZSSnp211"="C:\Windows\ZSSnp211.exe" [2007-03-06 10:25 49152]
"Domino"="C:\Windows\Domino.exe" [2007-03-06 10:25 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 18:32 1261568]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-04 12:02 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-04 12:02 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-04 12:02 88608]
"RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-01 18:27:52 450560]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3012532108-3653173252-843021523-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A269090-57FC-4253-BBE1-2A398A0B0912}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FAEE4CEE-9FFF-4DF6-AE7A-888984A4C724}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7733464C-02F9-44FA-ACEC-2E07D136E2AF}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D4AFD5C5-BE92-4002-8A67-269E795BC8F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{83D9B4F1-BF61-41A6-B082-BAE8E03857AD}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{A7D1D972-B99C-4505-873D-ED6CF46CB3EE}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{0601BAB7-D10F-46A7-B44D-F77EF81B576C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{665F0B99-293D-4C8C-BEBE-0A8AD835D2C0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2B3146E0-9C59-4290-907C-459FE04D12FF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A6A7AEA9-26A5-402F-BF8D-5E89A23DB57E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{EDBF1396-D198-464C-9000-E0236F702461}"= UDP:8958:BitComet 8958 TCP
"{BCE3D636-472B-4B03-8AE4-E6A331808BF3}"= TCP:8958:BitComet 8958 UDP
"{11E36DE5-6F19-43AE-91F9-367D0C637F46}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{2578D77B-07AC-439A-B1BB-890CC6B937E6}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{73E310F9-4DA7-4C49-BBB9-E3A16B1CF442}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe rb
"{75BE34DF-F4C9-4821-86E1-A6E4C3A21BB7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe rb
"{AA7F1AE8-5D0F-4DEB-AC66-1A28E455E24A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe rbTray
"{4AA080EC-AAF4-4E08-92F6-96DAC426FA91}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe rbTray
"{DE00E99C-06C1-4F70-AFEF-B9743D036550}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe rbIR
"{C6593E5D-49AF-4856-B290-BD0492698FF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe rbIR
"{85302E47-603C-4D32-9073-4FB744F3E49D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe rb Stream Client
"{8831510A-D4C4-449B-B388-D59153E98B68}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe rb Stream Client
"{2BD2189C-9478-46C6-ADEF-DB582AA0AFE1}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{FB07C9E5-58D5-46C5-95CA-77E32BFA2405}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{021C1600-E779-4400-98EC-2D1405CCCD22}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{EB671C70-C506-4D46-AB64-DC6D7F5357E1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{256EEC85-33F9-42E8-B9CB-8905558ABC3B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8819B311-A2E5-483A-9C9C-0F009B2E1F5B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2142FF64-4960-4855-A012-1751AC559D2A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{832B12AC-C5F0-4B35-BBEF-64A2483CEE4F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B07605A1-BE31-40E5-8468-4D853CECCC8E}"= UDP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{17EBD14B-BFF4-495F-A9E8-0D8F59AE2898}"= TCP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{E5726EE3-0AFB-4C7B-B0CE-A12DF5C4C92E}"= UDP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{5F1E3062-8F24-431F-8CBC-B9E30A1F396D}"= TCP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{2804DECC-0976-4B9D-9937-8D9DECA92E1F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CDF6B369-5185-427A-B45A-01D02760A8D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F64FC4F2-32AF-4778-8FE6-D5D81014B815}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6132CDFB-4C42-4D1F-A1B4-B5C4AA5939FE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0B62F929-5C04-4D9F-A4D4-018DE589555D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{5A8BF9D2-02ED-4303-938D-486B15387C01}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{9DA8FBB6-89CF-4C38-8B62-5D265F07405E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{3B6CA7A4-CD81-4CF7-A979-260626D3EF09}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-12 00:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-12 00:31]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 16:46]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-12 00:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-12 00:31]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 00:44]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-04-03 04:32]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-09 11:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4392e102-5aeb-11dc-8abe-001bfc4f16ae}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88cf2ca-58d0-11dc-ad78-806e6f6e6963}]
\shell\AutoRun\command - D:\.\Bin\Assetup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-13 16:02:57 C:\Windows\Tasks\At1.job"
- C:\Windows\widupdate.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At2.job"
- C:\Windows\dr.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At3.job"
- C:\Windows\patcher.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At4.job"
- C:\Windows\dr.exe
"2008-05-19 17:32:44 C:\Windows\Tasks\RtlVistaStart.job"
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
"2008-05-18 18:52:33 C:\Windows\Tasks\User_Feed_Synchronization-{B88CB541-93A9-40AD-9E12-9DFB1460494C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 19:33:31
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\PnkBstrB.exe
C:\Fraps\fraps.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-19 19:43:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 17:42:59

Pre-Run: 67,181,989,888 octets libres
Post-Run: 66,794,627,072 octets libres

315 --- E O F --- 2008-05-17 09:13:03

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Re

alors j'ai desactivé kaspersky j'ai fait se que tu ma ecrit ( le pc na pas redémarré )

le raport combofix


ComboFix 08-05-15.3 - Guillaume 2008-05-20 18:32:48.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1225 [GMT 2:00]
Endroit: C:\Downloads\ComboFix.exe
Command switches used :: C:\Downloads\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\System32\bhxsrxps.dll
C:\Windows\System32\cbXOHWOe.dll
C:\Windows\System32\dsftbkao.dll
C:\Windows\System32\gvgkcooj.dll
C:\Windows\System32\hcmyegww.dll
C:\Windows\System32\jxhkgpxy.dll
C:\Windows\System32\khrkmmyy.dll
C:\Windows\System32\oPiJARKa.dll
C:\Windows\System32\plmkqybs.dll
C:\Windows\System32\qjpqtkcv.ini
C:\Windows\System32\ufrqmeuw.dll
C:\Windows\System32\xxgwwbhh.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\WindowsSearch
C:\Windows\System32\bhxsrxps.dll
C:\Windows\System32\cbXOHWOe.dll
C:\Windows\System32\dsftbkao.dll
C:\Windows\System32\gvgkcooj.dll
C:\Windows\System32\hcmyegww.dll
C:\Windows\System32\jxhkgpxy.dll
C:\Windows\System32\khrkmmyy.dll
C:\Windows\System32\oPiJARKa.dll
C:\Windows\System32\plmkqybs.dll
C:\Windows\System32\qjpqtkcv.ini
C:\Windows\System32\ufrqmeuw.dll
C:\Windows\System32\xxgwwbhh.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
.

2008-05-20 18:31 . 2008-05-20 18:31 <REP> d-------- C:\327882R2FWJFW
2008-05-18 17:30 . 2008-05-18 17:30 122,556 --ah----- C:\Windows\System32\mlfcache.dat
2008-05-18 17:21 . 2008-05-18 17:21 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Malwarebytes
2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-18 17:20 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-18 17:19 . 2008-05-18 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 17:19 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-18 17:16 . 2008-05-18 19:27 124,928 --------- C:\Windows\System32\qraxdxal.dll
2008-05-15 15:19 . 2008-05-15 15:19 <REP> d-------- C:\Program Files\Trend Micro
2008-05-14 17:55 . 2008-05-14 17:55 <REP> d-------- C:\Program Files\Uniblue
2008-05-13 18:45 . 2008-05-17 17:20 307 --a------ C:\Windows\wininit.ini
2008-05-13 18:02 . 2008-05-13 19:37 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000002.regtrans-ms
2008-05-13 18:02 . 2008-05-19 22:20 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000001.regtrans-ms
2008-05-13 18:02 . 2008-05-19 22:20 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TM.blf
2008-05-11 18:32 . 2008-05-11 18:32 316 --a------ C:\Windows\game.ini
2008-05-11 18:09 . 2008-05-13 18:01 <REP> d-------- C:\Program Files\id Software
2008-05-10 18:48 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Audacity
2008-05-10 00:35 . 2008-05-10 00:35 <REP> d-------- C:\Program Files\GoldWave
2008-05-10 00:18 . 2008-05-13 18:01 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Audacity
2008-05-10 00:18 . 2008-05-10 00:18 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-10 00:11 . 2008-05-10 00:11 <REP> d-------- C:\Program Files\DigitalSoundPlanet
2008-05-10 00:10 . 1998-02-06 21:37 299,520 --a------ C:\Windows\uninst.exe
2008-05-10 00:06 . 2008-05-10 00:06 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\streamripper
2008-05-10 00:03 . 2008-05-10 00:03 <REP> d-------- C:\Program Files\Streamripper
2008-05-03 23:35 . 2008-05-03 23:49 <REP> d-------- C:\Program Files\LcdStudio
2008-05-03 23:26 . 2008-05-03 23:26 <REP> d-------- C:\Program Files\RivaTuner v2.09
2008-05-03 14:56 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe
2008-05-03 14:56 . 1998-04-13 14:02 69,632 --a------ C:\Windows\TWUNK_32.728
2008-05-03 14:56 . 1998-04-13 14:02 48,560 --a------ C:\Windows\TWUNK_16.728
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Users\All Users\Real
2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\Users\All Users\TrackMania
2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\ProgramData\TrackMania
2008-04-29 19:02 . 2008-04-29 19:02 180,575 --a------ C:\acadminidump.dmp
2008-04-29 17:47 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\AutoCAD 2008
2008-04-29 17:45 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-04-29 17:45 . 2008-04-29 17:45 <REP> d-------- C:\Program Files\Autodesk
2008-04-26 19:01 . 2008-04-26 19:00 691,545 --a------ C:\Windows\unins000.exe
2008-04-26 19:01 . 2008-04-26 19:01 2,541 --a------ C:\Windows\unins000.dat
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Users\All Users\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\ProgramData\Skyline
2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Program Files\Skyline
2008-04-22 18:35 . 2008-04-22 18:35 <REP> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 16:35 126,882,592 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-20 15:29 --------- d-----w C:\Program Files\Steam
2008-05-20 15:27 --------- d-----w C:\Program Files\SpeedFan
2008-05-20 15:26 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-05-20 15:24 --------- d---a-w C:\ProgramData\TEMP
2008-05-19 20:20 1,699,028 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-15 16:46 --------- d-----w C:\Program Files\Rumble Box
2008-05-15 04:41 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 14:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-13 16:01 --------- d-----w C:\Program Files\Codemasters
2008-05-11 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 16:33 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-05-11 16:33 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-11 16:33 22,328 ----a-w C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys
2008-05-11 16:33 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-10 09:50 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-03 13:11 1,248 --sha-w C:\wdhfao30.sys
2008-05-03 12:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-29 15:59 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Autodesk
2008-04-29 15:59 --------- d-----w C:\ProgramData\Autodesk
2008-04-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 18:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\OpenOffice.org2
2008-04-22 16:43 --------- d-----w C:\Program Files\Safari
2008-04-17 19:06 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 19:06 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-16 19:21 --------- d-----w C:\Program Files\Google
2008-04-13 09:56 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 09:56 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
2008-04-13 09:41 --------- d-----w C:\Program Files\FlashGet
2008-04-04 17:09 --------- d-----w C:\Users\Guillaume\AppData\Roaming\teamspeak2
2008-04-04 09:57 --------- d-----w C:\Program Files\iTunes
2008-04-04 09:57 --------- d-----w C:\Program Files\iPod
2008-04-04 09:55 --------- d-----w C:\Program Files\QuickTime
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
2008-03-29 14:30 --------- d-----w C:\Program Files\TeamSpeak3
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-24 15:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Apple Computer
2008-03-22 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-18 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-03-18 17:32 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-18 17:32 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-18 16:42 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-03-18 16:42 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-03-08 15:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-06 15:23 442,368 ----a-w C:\Windows\System32\nvuninst.exe
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-19_19.41.48.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 17:32:16 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-20 15:24:21 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-19 17:32:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-20 15:24:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-20 15:25:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-20 15:25:58 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-20 16:35:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-20 15:24:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-19 16:29:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-20 15:24:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-20 15:24:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-19 16:35:37 104,742 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-19 17:38:38 104,742 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-19 16:35:37 127,798 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-19 17:38:38 127,798 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-19 16:35:37 595,308 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-19 17:38:38 595,308 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-19 16:35:37 678,730 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-19 17:38:38 678,730 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-19 17:35:09 8,474 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
+ 2008-05-20 15:26:19 8,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
- 2008-05-19 17:35:08 98,696 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-20 15:26:19 98,766 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-19 16:31:26 48,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-20 15:26:17 48,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-01 18:27 32768]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-01-08 12:25 2124088]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ZSSnp211"="C:\Windows\ZSSnp211.exe" [2007-03-06 10:25 49152]
"Domino"="C:\Windows\Domino.exe" [2007-03-06 10:25 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 18:32 1261568]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-04 12:02 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-04 12:02 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-04 12:02 88608]
"RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-01 18:27:52 450560]
SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3012532108-3653173252-843021523-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A269090-57FC-4253-BBE1-2A398A0B0912}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FAEE4CEE-9FFF-4DF6-AE7A-888984A4C724}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7733464C-02F9-44FA-ACEC-2E07D136E2AF}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D4AFD5C5-BE92-4002-8A67-269E795BC8F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{83D9B4F1-BF61-41A6-B082-BAE8E03857AD}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{A7D1D972-B99C-4505-873D-ED6CF46CB3EE}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{0601BAB7-D10F-46A7-B44D-F77EF81B576C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{665F0B99-293D-4C8C-BEBE-0A8AD835D2C0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{2B3146E0-9C59-4290-907C-459FE04D12FF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{A6A7AEA9-26A5-402F-BF8D-5E89A23DB57E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{EDBF1396-D198-464C-9000-E0236F702461}"= UDP:8958:BitComet 8958 TCP
"{BCE3D636-472B-4B03-8AE4-E6A331808BF3}"= TCP:8958:BitComet 8958 UDP
"{11E36DE5-6F19-43AE-91F9-367D0C637F46}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{2578D77B-07AC-439A-B1BB-890CC6B937E6}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{73E310F9-4DA7-4C49-BBB9-E3A16B1CF442}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe rb
"{75BE34DF-F4C9-4821-86E1-A6E4C3A21BB7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe rb
"{AA7F1AE8-5D0F-4DEB-AC66-1A28E455E24A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe rbTray
"{4AA080EC-AAF4-4E08-92F6-96DAC426FA91}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe rbTray
"{DE00E99C-06C1-4F70-AFEF-B9743D036550}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe rbIR
"{C6593E5D-49AF-4856-B290-BD0492698FF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe rbIR
"{85302E47-603C-4D32-9073-4FB744F3E49D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe rb Stream Client
"{8831510A-D4C4-449B-B388-D59153E98B68}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe rb Stream Client
"{2BD2189C-9478-46C6-ADEF-DB582AA0AFE1}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{FB07C9E5-58D5-46C5-95CA-77E32BFA2405}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{021C1600-E779-4400-98EC-2D1405CCCD22}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{EB671C70-C506-4D46-AB64-DC6D7F5357E1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{256EEC85-33F9-42E8-B9CB-8905558ABC3B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8819B311-A2E5-483A-9C9C-0F009B2E1F5B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2142FF64-4960-4855-A012-1751AC559D2A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{832B12AC-C5F0-4B35-BBEF-64A2483CEE4F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B07605A1-BE31-40E5-8468-4D853CECCC8E}"= UDP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{17EBD14B-BFF4-495F-A9E8-0D8F59AE2898}"= TCP:C:\Windows\System32\PnkBstrA.exe nkBstrA
"{E5726EE3-0AFB-4C7B-B0CE-A12DF5C4C92E}"= UDP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{5F1E3062-8F24-431F-8CBC-B9E30A1F396D}"= TCP:C:\Windows\System32\PnkBstrB.exe nkBstrB
"{2804DECC-0976-4B9D-9937-8D9DECA92E1F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CDF6B369-5185-427A-B45A-01D02760A8D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F64FC4F2-32AF-4778-8FE6-D5D81014B815}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6132CDFB-4C42-4D1F-A1B4-B5C4AA5939FE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0B62F929-5C04-4D9F-A4D4-018DE589555D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{5A8BF9D2-02ED-4303-938D-486B15387C01}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{9DA8FBB6-89CF-4C38-8B62-5D265F07405E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{3B6CA7A4-CD81-4CF7-A979-260626D3EF09}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-12 00:31]
R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-12 00:31]
R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 16:46]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-12 00:31]
R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-12 00:31]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 00:44]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-04-03 04:32]
R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-09 11:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4392e102-5aeb-11dc-8abe-001bfc4f16ae}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88cf2ca-58d0-11dc-ad78-806e6f6e6963}]
\shell\AutoRun\command - D:\.\Bin\Assetup.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-13 16:02:57 C:\Windows\Tasks\At1.job"
- C:\Windows\widupdate.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At2.job"
- C:\Windows\dr.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At3.job"
- C:\Windows\patcher.exe
"2008-05-13 16:02:57 C:\Windows\Tasks\At4.job"
- C:\Windows\dr.exe
"2008-05-20 15:28:06 C:\Windows\Tasks\RtlVistaStart.job"
- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
"2008-05-19 19:33:30 C:\Windows\Tasks\User_Feed_Synchronization-{B88CB541-93A9-40AD-9E12-9DFB1460494C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 18:35:56
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-20 18:37:11
ComboFix-quarantined-files.txt 2008-05-20 16:36:41

Pre-Run: 64,288,026,624 octets libres
Post-Run: 64,185,815,040 octets libres

328 --- E O F --- 2008-05-17 09:13:03











et le rapport Hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:59, on 20/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Fraps\fraps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /T
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: bw+0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 21128 bytes

Re,

Supprime :
C:\Windows\System32\qraxdxal.dll

avec Hijackthis ou simplemant par windows

j'espére que t'est sur de ton cout je te fait comfiance ^^

Via Windows  

re

c moi j'ai supprime le fichier comme tu ma dit mais depuis je c pas ce qui c passer mais mon compte c effacé et on dirait pareil pour mon compte steam      

donc je pense que c lié

si tu pourait m'aider sinon je      

c bon c'est réparé j'ai fait une restauration systeme ouff
je me suis fait peur

Reposte un rapport Hijackthis pour voir.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:22, on 22/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Fraps\fraps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TeamSpeak3\TeamSpeak.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {1d78d7c4-4a1e-90fb-7d34-9fcaa50068d6} - {6d86005a-acf9-43d7-bf09-e1a44c7d87d1} - C:\Windows\system32\jxhkgpxy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /T
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: bw+0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 21344 bytes

Refais un scan Combofix