Analyser mon log hijackthis - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Analyser mon log hijackthis
 
aperrottet
Profil : IDNaute
Plus d'informations
n°333438
07-09-2008 à 12:37:48

Bonjour,

Est-ce que qqn aurait la gentillesse d'analyer le log ci-dessous et me dire ce que je dois faire ?

Merci d'avance à vous tous




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:46, on 07.09.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Avast4\ashDisp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Windows\system32\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Avast4\ashSimpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alexandre Perrottet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A218RR6S\HiJackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22D79647-107E-4D84-99C7-2441335B155A} - C:\Windows\system32\rqRLcYOF.dll
O2 - BHO: bambanner browser enhancer - {2fef477e-e427-f290-fde4-93cdb85be30f} - C:\Windows\system32\jkjtgagldzoeob.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e2cae0a0-0dc9-2749-0514-a40f7776922e} - {e2296777-f04a-4150-9472-9cd00a0eac2e} - C:\Windows\system32\olganp.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnllihE.dll,#1
O4 - HKLM\..\Run: [{34913d95-23b8-2814-b594-a1302dbcb5af}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\jkjtgagldzoeob.dll" DllStub
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [BM6b23b1bb] Rundll32.exe "C:\Windows\system32\kkuukuxm.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/d [...] DEXAXO.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: olganp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 12128 bytes

Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

Angeldark
Profil : Helper
Plus d'informations
n°333479
07-09-2008 à 16:57:13

Bonjour,

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


---------------
Prévention & Protection||Vous m'aimez ? Cliquez :o
aperrottet
Profil : IDNaute
Plus d'informations
n°333494
07-09-2008 à 17:51:40

le rapport hijackthis n'est pas suffisant?

Angeldark
Profil : Helper
Plus d'informations
n°333498
07-09-2008 à 18:10:58

Nan, il faut d'autres outils.


---------------
Prévention & Protection||Vous m'aimez ? Cliquez :o
aperrottet
Profil : IDNaute
Plus d'informations
n°333515
07-09-2008 à 18:39:49

Voila le rapport combofix
Merci de ton aide !




(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Windows\system32\cbXPhihI.dll
C:\Windows\system32\cpblkxap.ini
C:\Windows\System32\FOYcLRqr.ini
C:\Windows\System32\FOYcLRqr.ini2
C:\Windows\system32\ixdudtpv.dll
C:\Windows\system32\jusched.exe
C:\Windows\system32\kkuukuxm.dll
C:\Windows\system32\lxsion.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\MSINET.oca
C:\Windows\system32\olganp.dll
C:\Windows\system32\oymeciyg.dll
C:\Windows\system32\pac.txt
C:\Windows\system32\rqRLcYOF.dll
C:\Windows\system32\x1

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.

2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\Users\All Users\Simply Super Software
2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\Users\Alexandre Perrottet\AppData\Roaming\Simply Super Software
2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\ProgramData\Simply Super Software
2008-09-07 11:22 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-09-07 11:22 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-09-07 11:22 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-09-07 11:22 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-09-07 10:39 . 2008-01-19 00:34 888,320 --a------ C:\Windows\System32\vtUmnkii.dll
2008-09-07 09:05 . 2008-09-07 09:05 71,711 --a------ C:\Windows\System32\upulyomdmwegfz.exe
2008-09-07 09:04 . 2008-09-07 12:27 <REP> d-------- C:\Windows\System32\wTR02
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\vfig
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\bco
2008-09-07 09:04 . 2008-09-07 11:57 <REP> d-------- C:\Windows\System32\am
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Temp\dax41
2008-09-07 09:04 . 2008-09-07 18:25 <REP> d-------- C:\Temp
2008-09-07 09:04 . 2008-09-07 09:04 392,529 --a------ C:\Temp\tw70v.exe
2008-08-29 14:11 . 2008-08-29 14:11 166,400 --a------ C:\Windows\System32\jkjtgagldzoeob.dll
2008-08-26 00:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 00:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 00:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 00:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 00:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 00:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 00:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 00:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 00:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 13:03 . 2008-08-24 13:03 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-08-16 18:11 . 2008-08-16 18:11 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-14 13:32 . 2008-08-14 13:32 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-14 03:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 00:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 00:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 00:44 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 00:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 00:44 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-09 08:37 . 2008-08-09 08:37 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-09 08:37 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-09 08:37 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 10:48 --------- d-----w C:\Program Files\Windows Live
2008-09-07 10:38 --------- d---a-w C:\ProgramData\TEMP
2008-09-07 09:24 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\LimeWire
2008-09-07 09:22 --------- d-----w C:\Program Files\Trojan Remover
2008-08-24 11:03 --------- d-----w C:\Program Files\Red Kawa
2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 01:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-09 06:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-04 11:45 --------- d-----w C:\Program Files\YesMessenger
2008-08-01 06:21 --------- d-----w C:\Program Files\iTunes
2008-08-01 06:20 --------- d-----w C:\Program Files\iPod
2008-07-30 14:17 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-07-30 14:12 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
2008-07-30 14:12 57,344 ----a-w C:\Windows\uneng.exe
2008-07-30 14:12 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
2008-07-30 14:12 --------- d-----w C:\Program Files\directx
2008-07-30 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-07-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-28 18:45 --------- d-----w C:\Program Files\Avast4
2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-13 18:31 --------- d-----w C:\Users\Double Kebab\AppData\Roaming\Apple Computer
2008-07-11 05:21 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-11 05:17 --------- d-----w C:\ProgramData\Logitech
2008-07-11 05:17 --------- d-----w C:\ProgramData\LogiShrd
2008-07-11 05:17 --------- d-----w C:\Program Files\Logitech
2008-07-08 16:43 --------- d-----w C:\Program Files\Google
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fef477e-e427-f290-fde4-93cdb85be30f}]
2008-08-29 14:11 166400 --a------ C:\Windows\system32\jkjtgagldzoeob.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"{34913d95-23b8-2814-b594-a1302dbcb5af}"="C:\Windows\system32\jkjtgagldzoeob.dll" [2008-08-29 166400]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-09-04 917072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\Windows\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-15 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lxsion.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 17:01 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-09-04 18:55 917072 C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1001]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1002]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E25F0AC6-4C65-4C3B-B508-924C29D84F96}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A298A96C-E2E7-438B-8661-1763E5D7F3C7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B901AF5F-11C8-458F-8754-B80E42D455F1}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F4B67E82-3A39-46B4-BA74-B936C065CDD3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{ABCDF7FE-106C-41EC-A4D0-F31CF0449408}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{26E99000-D2D7-46CC-AAA1-1598CDA70D51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{47492A9D-E144-448F-960B-A4DDCFD6FC02}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{BB295072-FBAB-4FC0-841F-447A8BF161AC}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{28AFE757-0871-4529-BD35-E80759DBE808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{204BE8E7-7CDE-4578-8911-E794A13AA669}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA04BD17-094C-4498-8027-A5C9ABB7DC07}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{510ABD91-CB88-4B63-AEB5-953AE006552C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BF2D090D-81D6-491D-959D-50C8036B8C26}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3757E564-3A19-44B3-A4DA-E4950B965991}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1EA24D7C-1C9A-44DE-A82A-6D93B3A5A8E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{77A185AA-7369-4422-A235-74EBFB0593D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29ABE26E-1964-40A2-A8A3-71B6711D3A0C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{42C16EF2-23A8-47D0-93AA-68512572B0E6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{45DB1ED8-F43A-4BE1-BC94-350377241918}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{A7274694-E340-4F42-96B1-0CAA687EB777}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{3D2A536F-10A6-478E-BC4A-14D7D8FD6DDF}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{EB3050F3-657B-47DA-B747-A5F5BB7B1AB5}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{BF09B13E-E4BF-4447-AC4B-D7DC81BEF6AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2AFC0708-AE4C-4229-A271-1D441D8A58A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{74188BCE-74F4-4CAF-B497-680869F13699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{580BBE7D-85F5-41C8-8BFE-F6F1491E859A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{399E89F8-AD03-431C-977D-7E7AA041D369}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{539F476A-F663-431B-ABC3-E54D4BD3BC0C}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{83A7E275-2109-42E4-B12B-C4FE47F0BAB0}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{3160FA58-4FA3-48CE-8063-7DEB4085D978}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{1BD20539-9BC9-453D-8C81-3F683BC623C2}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"TCP Query User{BDAB9E03-C6FF-45DC-B4D4-767D2B27732A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{8986C12A-DC79-40E9-B6D4-C19AE41A4888}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{EF422B85-E22A-4E54-8869-C3362FE4DCA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DD571031-7D5F-4844-A64D-55DE4D7FC759}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B325F871-F4FC-48FE-A41B-B47C87F36E86}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{159BFFCF-7AE9-4649-B7C5-B972CF8C935B}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{467DBE13-6F53-4D99-892E-F16BF4EC24EA}C:\\windows\\ccalc.exe"= UDP:C:\windows\ccalc.exe:mIRC
"UDP Query User{11EC18B3-73F3-4604-9F40-B40F130049DE}C:\\windows\\ccalc.exe"= TCP:C:\windows\ccalc.exe:mIRC
"{E19C01EA-2583-44EA-84FE-2A03ED556F90}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{22417789-1ABF-461E-884F-7B03C6C8432D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{154ACB29-97E4-4CC4-BAA0-073C89CC0913}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{4FBF8AE7-CEA6-4FD3-9DB5-9C8F78CCF3A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{41C2D404-48D6-4F59-AE9E-4881E8D7BB32}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{957C0670-BF10-42C2-87F5-88E1A2FC4E00}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{ABEEF77A-31D9-4939-8A3C-D07C9EF6E51F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{144E56D7-A3E8-4CE9-89F3-0A83140975D9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{F6EF7BA2-E1D5-4164-812A-1EDF80FCD0E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D90EE791-26D7-4D52-98B7-FCBD9291EC5C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5CD2FBF5-AF23-44FB-B7A5-5CB2C7C8BB10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99670711-C3F5-4929-A960-021D35EDD049}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDF98F5D-E296-49C3-9C43-EF35F8D6E0BD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80096D32-D3CC-4602-905D-C72AEBD0100E}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DECDA17F-05A1-4108-BAE5-E2CD261DFA60}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2F74FC76-33C8-477F-9AAA-93575609C07D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89D5E405-6FDA-489B-8D35-DA0D2612C617}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{EA4EEBD6-5970-4F3F-97C3-3477D8F323FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7C9CD70C-71A8-495F-98C3-084880C76493}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-21 368736]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-07-30 66000]
S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-07-30 27388]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-09 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

BHO-{118b8d2c-3a31-4e3a-8f1d-ec1a396fb75d} - C:\Windows\system32\lxsion.dll
BHO-{22D79647-107E-4D84-99C7-2441335B155A} - C:\Windows\system32\rqRLcYOF.dll
HKLM-Run-MSServer - C:\Windows\system32\pmnllihE.dll
HKLM-Run-BM6b23b1bb - C:\Windows\system32\kkuukuxm.dll
ShellExecuteHooks-{AE55C7EC-82F8-46CB-8DC2-57BF42F025FF} - C:\Windows\system32\pmnllihE.dll
MSConfigStartUp-NetAppel - C:\Program Files\NetAppel\NetAppel.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ch/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 18:28:27
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\wercon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehrecvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 18:33:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 16:33:08

Pre-Run: 424,717,737,984 octets libres
Post-Run: 425,302,777,856 octets libres

343 --- E O F --- 2008-09-02 19:50:13

Angeldark
Profil : Helper
Plus d'informations
n°333519
07-09-2008 à 18:53:10

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM


---------------
Prévention & Protection||Vous m'aimez ? Cliquez :o
aperrottet
Profil : IDNaute
Plus d'informations
n°333547
07-09-2008 à 19:54:34

Voilà le log final après suppression des éléments infectés.

Dois-je entreprendre d'autres démarches ?
Merci encore infiniment pour ton aide !


Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1125
Windows 6.0.6001 Service Pack 1

07.09.2008 19:46:55
mbam-log-2008-09-07 (19-46-55).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 174427
Temps écoulé: 29 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\System32\am (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\wTR02 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\System32\ixdudtpv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\lxsion.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\olganp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\oymeciyg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

Angeldark
Profil : Helper
Plus d'informations