Analyser mon log hijackthis
Dernière réponse : dans Sécurité
Bonjour,
Est-ce que qqn aurait la gentillesse d'analyer le log ci-dessous et me dire ce que je dois faire ?
Merci d'avance à vous tous
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:46, on 07.09.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Avast4\ashDisp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Windows\system32\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Avast4\ashSimpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alexandre Perrottet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A218RR6S\HiJackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22D79647-107E-4D84-99C7-2441335B155A} - C:\Windows\system32\rqRLcYOF.dll
O2 - BHO: bambanner browser enhancer - {2fef477e-e427-f290-fde4-93cdb85be30f} - C:\Windows\system32\jkjtgagldzoeob.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e2cae0a0-0dc9-2749-0514-a40f7776922e} - {e2296777-f04a-4150-9472-9cd00a0eac2e} - C:\Windows\system32\olganp.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnllihE.dll,#1
O4 - HKLM\..\Run: [{34913d95-23b8-2814-b594-a1302dbcb5af}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\jkjtgagldzoeob.dll" DllStub
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [BM6b23b1bb] Rundll32.exe "C:\Windows\system32\kkuukuxm.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: olganp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 12128 bytes
Est-ce que qqn aurait la gentillesse d'analyer le log ci-dessous et me dire ce que je dois faire ?
Merci d'avance à vous tous
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:46, on 07.09.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Avast4\ashDisp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Windows\system32\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Avast4\ashSimpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alexandre Perrottet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A218RR6S\HiJackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22D79647-107E-4D84-99C7-2441335B155A} - C:\Windows\system32\rqRLcYOF.dll
O2 - BHO: bambanner browser enhancer - {2fef477e-e427-f290-fde4-93cdb85be30f} - C:\Windows\system32\jkjtgagldzoeob.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e2cae0a0-0dc9-2749-0514-a40f7776922e} - {e2296777-f04a-4150-9472-9cd00a0eac2e} - C:\Windows\system32\olganp.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnllihE.dll,#1
O4 - HKLM\..\Run: [{34913d95-23b8-2814-b594-a1302dbcb5af}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\jkjtgagldzoeob.dll" DllStub
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [BM6b23b1bb] Rundll32.exe "C:\Windows\system32\kkuukuxm.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: olganp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 12128 bytes
Autres pages sur : analyser log hijackthis
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Voila le rapport combofix
Merci de ton aide !
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Windows\system32\cbXPhihI.dll
C:\Windows\system32\cpblkxap.ini
C:\Windows\System32\FOYcLRqr.ini
C:\Windows\System32\FOYcLRqr.ini2
C:\Windows\system32\ixdudtpv.dll
C:\Windows\system32\jusched.exe
C:\Windows\system32\kkuukuxm.dll
C:\Windows\system32\lxsion.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\MSINET.oca
C:\Windows\system32\olganp.dll
C:\Windows\system32\oymeciyg.dll
C:\Windows\system32\pac.txt
C:\Windows\system32\rqRLcYOF.dll
C:\Windows\system32\x1
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\Users\All Users\Simply Super Software
2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\Users\Alexandre Perrottet\AppData\Roaming\Simply Super Software
2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\ProgramData\Simply Super Software
2008-09-07 11:22 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-09-07 11:22 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-09-07 11:22 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-09-07 11:22 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-09-07 10:39 . 2008-01-19 00:34 888,320 --a------ C:\Windows\System32\vtUmnkii.dll
2008-09-07 09:05 . 2008-09-07 09:05 71,711 --a------ C:\Windows\System32\upulyomdmwegfz.exe
2008-09-07 09:04 . 2008-09-07 12:27 <REP> d-------- C:\Windows\System32\wTR02
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\vfig
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\bco
2008-09-07 09:04 . 2008-09-07 11:57 <REP> d-------- C:\Windows\System32\am
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Temp\dax41
2008-09-07 09:04 . 2008-09-07 18:25 <REP> d-------- C:\Temp
2008-09-07 09:04 . 2008-09-07 09:04 392,529 --a------ C:\Temp\tw70v.exe
2008-08-29 14:11 . 2008-08-29 14:11 166,400 --a------ C:\Windows\System32\jkjtgagldzoeob.dll
2008-08-26 00:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 00:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 00:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 00:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 00:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 00:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 00:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 00:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 00:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 13:03 . 2008-08-24 13:03 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-08-16 18:11 . 2008-08-16 18:11 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-14 13:32 . 2008-08-14 13:32 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-14 03:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 00:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 00:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 00:44 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 00:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 00:44 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-09 08:37 . 2008-08-09 08:37 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-09 08:37 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-09 08:37 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 10:48 --------- d-----w C:\Program Files\Windows Live
2008-09-07 10:38 --------- d---a-w C:\ProgramData\TEMP
2008-09-07 09:24 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\LimeWire
2008-09-07 09:22 --------- d-----w C:\Program Files\Trojan Remover
2008-08-24 11:03 --------- d-----w C:\Program Files\Red Kawa
2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 01:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-09 06:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-04 11:45 --------- d-----w C:\Program Files\YesMessenger
2008-08-01 06:21 --------- d-----w C:\Program Files\iTunes
2008-08-01 06:20 --------- d-----w C:\Program Files\iPod
2008-07-30 14:17 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-07-30 14:12 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
2008-07-30 14:12 57,344 ----a-w C:\Windows\uneng.exe
2008-07-30 14:12 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
2008-07-30 14:12 --------- d-----w C:\Program Files\directx
2008-07-30 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-07-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-28 18:45 --------- d-----w C:\Program Files\Avast4
2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-13 18:31 --------- d-----w C:\Users\Double Kebab\AppData\Roaming\Apple Computer
2008-07-11 05:21 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-11 05:17 --------- d-----w C:\ProgramData\Logitech
2008-07-11 05:17 --------- d-----w C:\ProgramData\LogiShrd
2008-07-11 05:17 --------- d-----w C:\Program Files\Logitech
2008-07-08 16:43 --------- d-----w C:\Program Files\Google
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fef477e-e427-f290-fde4-93cdb85be30f}]
2008-08-29 14:11 166400 --a------ C:\Windows\system32\jkjtgagldzoeob.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"{34913d95-23b8-2814-b594-a1302dbcb5af}"="C:\Windows\system32\jkjtgagldzoeob.dll" [2008-08-29 166400]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-09-04 917072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\Windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-15 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lxsion.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 17:01 65536 c:\hp\support\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-09-04 18:55 917072 C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1001]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E25F0AC6-4C65-4C3B-B508-924C29D84F96}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A298A96C-E2E7-438B-8661-1763E5D7F3C7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B901AF5F-11C8-458F-8754-B80E42D455F1}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F4B67E82-3A39-46B4-BA74-B936C065CDD3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{ABCDF7FE-106C-41EC-A4D0-F31CF0449408}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{26E99000-D2D7-46CC-AAA1-1598CDA70D51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{47492A9D-E144-448F-960B-A4DDCFD6FC02}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{BB295072-FBAB-4FC0-841F-447A8BF161AC}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{28AFE757-0871-4529-BD35-E80759DBE808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{204BE8E7-7CDE-4578-8911-E794A13AA669}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA04BD17-094C-4498-8027-A5C9ABB7DC07}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{510ABD91-CB88-4B63-AEB5-953AE006552C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BF2D090D-81D6-491D-959D-50C8036B8C26}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3757E564-3A19-44B3-A4DA-E4950B965991}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1EA24D7C-1C9A-44DE-A82A-6D93B3A5A8E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{77A185AA-7369-4422-A235-74EBFB0593D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29ABE26E-1964-40A2-A8A3-71B6711D3A0C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{42C16EF2-23A8-47D0-93AA-68512572B0E6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{45DB1ED8-F43A-4BE1-BC94-350377241918}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{A7274694-E340-4F42-96B1-0CAA687EB777}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{3D2A536F-10A6-478E-BC4A-14D7D8FD6DDF}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{EB3050F3-657B-47DA-B747-A5F5BB7B1AB5}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{BF09B13E-E4BF-4447-AC4B-D7DC81BEF6AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2AFC0708-AE4C-4229-A271-1D441D8A58A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{74188BCE-74F4-4CAF-B497-680869F13699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{580BBE7D-85F5-41C8-8BFE-F6F1491E859A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{399E89F8-AD03-431C-977D-7E7AA041D369}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{539F476A-F663-431B-ABC3-E54D4BD3BC0C}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{83A7E275-2109-42E4-B12B-C4FE47F0BAB0}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{3160FA58-4FA3-48CE-8063-7DEB4085D978}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{1BD20539-9BC9-453D-8C81-3F683BC623C2}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"TCP Query User{BDAB9E03-C6FF-45DC-B4D4-767D2B27732A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{8986C12A-DC79-40E9-B6D4-C19AE41A4888}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{EF422B85-E22A-4E54-8869-C3362FE4DCA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DD571031-7D5F-4844-A64D-55DE4D7FC759}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B325F871-F4FC-48FE-A41B-B47C87F36E86}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{159BFFCF-7AE9-4649-B7C5-B972CF8C935B}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{467DBE13-6F53-4D99-892E-F16BF4EC24EA}C:\\windows\\ccalc.exe"= UDP:C:\windows\ccalc.exe:mIRC
"UDP Query User{11EC18B3-73F3-4604-9F40-B40F130049DE}C:\\windows\\ccalc.exe"= TCP:C:\windows\ccalc.exe:mIRC
"{E19C01EA-2583-44EA-84FE-2A03ED556F90}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{22417789-1ABF-461E-884F-7B03C6C8432D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{154ACB29-97E4-4CC4-BAA0-073C89CC0913}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{4FBF8AE7-CEA6-4FD3-9DB5-9C8F78CCF3A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{41C2D404-48D6-4F59-AE9E-4881E8D7BB32}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{957C0670-BF10-42C2-87F5-88E1A2FC4E00}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{ABEEF77A-31D9-4939-8A3C-D07C9EF6E51F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{144E56D7-A3E8-4CE9-89F3-0A83140975D9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{F6EF7BA2-E1D5-4164-812A-1EDF80FCD0E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D90EE791-26D7-4D52-98B7-FCBD9291EC5C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5CD2FBF5-AF23-44FB-B7A5-5CB2C7C8BB10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99670711-C3F5-4929-A960-021D35EDD049}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDF98F5D-E296-49C3-9C43-EF35F8D6E0BD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80096D32-D3CC-4602-905D-C72AEBD0100E}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DECDA17F-05A1-4108-BAE5-E2CD261DFA60}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2F74FC76-33C8-477F-9AAA-93575609C07D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89D5E405-6FDA-489B-8D35-DA0D2612C617}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{EA4EEBD6-5970-4F3F-97C3-3477D8F323FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7C9CD70C-71A8-495F-98C3-084880C76493}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-21 368736]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-07-30 66000]
S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-07-30 27388]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-09 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
BHO-{118b8d2c-3a31-4e3a-8f1d-ec1a396fb75d} - C:\Windows\system32\lxsion.dll
BHO-{22D79647-107E-4D84-99C7-2441335B155A} - C:\Windows\system32\rqRLcYOF.dll
HKLM-Run-MSServer - C:\Windows\system32\pmnllihE.dll
HKLM-Run-BM6b23b1bb - C:\Windows\system32\kkuukuxm.dll
ShellExecuteHooks-{AE55C7EC-82F8-46CB-8DC2-57BF42F025FF} - C:\Windows\system32\pmnllihE.dll
MSConfigStartUp-NetAppel - C:\Program Files\NetAppel\NetAppel.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ch/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 18:28:27
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\wercon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehrecvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 18:33:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 16:33:08
Pre-Run: 424,717,737,984 octets libres
Post-Run: 425,302,777,856 octets libres
343 --- E O F --- 2008-09-02 19:50:13
Merci de ton aide !
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Windows\system32\cbXPhihI.dll
C:\Windows\system32\cpblkxap.ini
C:\Windows\System32\FOYcLRqr.ini
C:\Windows\System32\FOYcLRqr.ini2
C:\Windows\system32\ixdudtpv.dll
C:\Windows\system32\jusched.exe
C:\Windows\system32\kkuukuxm.dll
C:\Windows\system32\lxsion.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\MSINET.oca
C:\Windows\system32\olganp.dll
C:\Windows\system32\oymeciyg.dll
C:\Windows\system32\pac.txt
C:\Windows\system32\rqRLcYOF.dll
C:\Windows\system32\x1
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\Users\All Users\Simply Super Software
2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\Users\Alexandre Perrottet\AppData\Roaming\Simply Super Software
2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\ProgramData\Simply Super Software
2008-09-07 11:22 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-09-07 11:22 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-09-07 11:22 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-09-07 11:22 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-09-07 10:39 . 2008-01-19 00:34 888,320 --a------ C:\Windows\System32\vtUmnkii.dll
2008-09-07 09:05 . 2008-09-07 09:05 71,711 --a------ C:\Windows\System32\upulyomdmwegfz.exe
2008-09-07 09:04 . 2008-09-07 12:27 <REP> d-------- C:\Windows\System32\wTR02
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\vfig
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\bco
2008-09-07 09:04 . 2008-09-07 11:57 <REP> d-------- C:\Windows\System32\am
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Temp\dax41
2008-09-07 09:04 . 2008-09-07 18:25 <REP> d-------- C:\Temp
2008-09-07 09:04 . 2008-09-07 09:04 392,529 --a------ C:\Temp\tw70v.exe
2008-08-29 14:11 . 2008-08-29 14:11 166,400 --a------ C:\Windows\System32\jkjtgagldzoeob.dll
2008-08-26 00:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 00:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 00:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 00:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 00:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 00:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 00:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 00:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 00:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 13:03 . 2008-08-24 13:03 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-08-16 18:11 . 2008-08-16 18:11 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-14 13:32 . 2008-08-14 13:32 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-14 03:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 00:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 00:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 00:44 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 00:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 00:44 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-09 08:37 . 2008-08-09 08:37 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-09 08:37 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-09 08:37 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 10:48 --------- d-----w C:\Program Files\Windows Live
2008-09-07 10:38 --------- d---a-w C:\ProgramData\TEMP
2008-09-07 09:24 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\LimeWire
2008-09-07 09:22 --------- d-----w C:\Program Files\Trojan Remover
2008-08-24 11:03 --------- d-----w C:\Program Files\Red Kawa
2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 01:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-09 06:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-04 11:45 --------- d-----w C:\Program Files\YesMessenger
2008-08-01 06:21 --------- d-----w C:\Program Files\iTunes
2008-08-01 06:20 --------- d-----w C:\Program Files\iPod
2008-07-30 14:17 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-07-30 14:12 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
2008-07-30 14:12 57,344 ----a-w C:\Windows\uneng.exe
2008-07-30 14:12 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
2008-07-30 14:12 --------- d-----w C:\Program Files\directx
2008-07-30 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-07-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-28 18:45 --------- d-----w C:\Program Files\Avast4
2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-13 18:31 --------- d-----w C:\Users\Double Kebab\AppData\Roaming\Apple Computer
2008-07-11 05:21 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-11 05:17 --------- d-----w C:\ProgramData\Logitech
2008-07-11 05:17 --------- d-----w C:\ProgramData\LogiShrd
2008-07-11 05:17 --------- d-----w C:\Program Files\Logitech
2008-07-08 16:43 --------- d-----w C:\Program Files\Google
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fef477e-e427-f290-fde4-93cdb85be30f}]
2008-08-29 14:11 166400 --a------ C:\Windows\system32\jkjtgagldzoeob.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"{34913d95-23b8-2814-b594-a1302dbcb5af}"="C:\Windows\system32\jkjtgagldzoeob.dll" [2008-08-29 166400]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-09-04 917072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\Windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-15 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lxsion.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 17:01 65536 c:\hp\support\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 2008-09-04 18:55 917072 C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1001]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E25F0AC6-4C65-4C3B-B508-924C29D84F96}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A298A96C-E2E7-438B-8661-1763E5D7F3C7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B901AF5F-11C8-458F-8754-B80E42D455F1}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F4B67E82-3A39-46B4-BA74-B936C065CDD3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{ABCDF7FE-106C-41EC-A4D0-F31CF0449408}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{26E99000-D2D7-46CC-AAA1-1598CDA70D51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{47492A9D-E144-448F-960B-A4DDCFD6FC02}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{BB295072-FBAB-4FC0-841F-447A8BF161AC}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{28AFE757-0871-4529-BD35-E80759DBE808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{204BE8E7-7CDE-4578-8911-E794A13AA669}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA04BD17-094C-4498-8027-A5C9ABB7DC07}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{510ABD91-CB88-4B63-AEB5-953AE006552C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BF2D090D-81D6-491D-959D-50C8036B8C26}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3757E564-3A19-44B3-A4DA-E4950B965991}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1EA24D7C-1C9A-44DE-A82A-6D93B3A5A8E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{77A185AA-7369-4422-A235-74EBFB0593D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29ABE26E-1964-40A2-A8A3-71B6711D3A0C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{42C16EF2-23A8-47D0-93AA-68512572B0E6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{45DB1ED8-F43A-4BE1-BC94-350377241918}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{A7274694-E340-4F42-96B1-0CAA687EB777}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{3D2A536F-10A6-478E-BC4A-14D7D8FD6DDF}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{EB3050F3-657B-47DA-B747-A5F5BB7B1AB5}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{BF09B13E-E4BF-4447-AC4B-D7DC81BEF6AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2AFC0708-AE4C-4229-A271-1D441D8A58A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{74188BCE-74F4-4CAF-B497-680869F13699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{580BBE7D-85F5-41C8-8BFE-F6F1491E859A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{399E89F8-AD03-431C-977D-7E7AA041D369}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{539F476A-F663-431B-ABC3-E54D4BD3BC0C}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{83A7E275-2109-42E4-B12B-C4FE47F0BAB0}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{3160FA58-4FA3-48CE-8063-7DEB4085D978}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{1BD20539-9BC9-453D-8C81-3F683BC623C2}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"TCP Query User{BDAB9E03-C6FF-45DC-B4D4-767D2B27732A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{8986C12A-DC79-40E9-B6D4-C19AE41A4888}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{EF422B85-E22A-4E54-8869-C3362FE4DCA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DD571031-7D5F-4844-A64D-55DE4D7FC759}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B325F871-F4FC-48FE-A41B-B47C87F36E86}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{159BFFCF-7AE9-4649-B7C5-B972CF8C935B}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{467DBE13-6F53-4D99-892E-F16BF4EC24EA}C:\\windows\\ccalc.exe"= UDP:C:\windows\ccalc.exe:mIRC
"UDP Query User{11EC18B3-73F3-4604-9F40-B40F130049DE}C:\\windows\\ccalc.exe"= TCP:C:\windows\ccalc.exe:mIRC
"{E19C01EA-2583-44EA-84FE-2A03ED556F90}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{22417789-1ABF-461E-884F-7B03C6C8432D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{154ACB29-97E4-4CC4-BAA0-073C89CC0913}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{4FBF8AE7-CEA6-4FD3-9DB5-9C8F78CCF3A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{41C2D404-48D6-4F59-AE9E-4881E8D7BB32}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{957C0670-BF10-42C2-87F5-88E1A2FC4E00}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{ABEEF77A-31D9-4939-8A3C-D07C9EF6E51F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{144E56D7-A3E8-4CE9-89F3-0A83140975D9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{F6EF7BA2-E1D5-4164-812A-1EDF80FCD0E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D90EE791-26D7-4D52-98B7-FCBD9291EC5C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5CD2FBF5-AF23-44FB-B7A5-5CB2C7C8BB10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99670711-C3F5-4929-A960-021D35EDD049}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDF98F5D-E296-49C3-9C43-EF35F8D6E0BD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80096D32-D3CC-4602-905D-C72AEBD0100E}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DECDA17F-05A1-4108-BAE5-E2CD261DFA60}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2F74FC76-33C8-477F-9AAA-93575609C07D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89D5E405-6FDA-489B-8D35-DA0D2612C617}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{EA4EEBD6-5970-4F3F-97C3-3477D8F323FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7C9CD70C-71A8-495F-98C3-084880C76493}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-21 368736]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-07-30 66000]
S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-07-30 27388]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-09 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
BHO-{118b8d2c-3a31-4e3a-8f1d-ec1a396fb75d} - C:\Windows\system32\lxsion.dll
BHO-{22D79647-107E-4D84-99C7-2441335B155A} - C:\Windows\system32\rqRLcYOF.dll
HKLM-Run-MSServer - C:\Windows\system32\pmnllihE.dll
HKLM-Run-BM6b23b1bb - C:\Windows\system32\kkuukuxm.dll
ShellExecuteHooks-{AE55C7EC-82F8-46CB-8DC2-57BF42F025FF} - C:\Windows\system32\pmnllihE.dll
MSConfigStartUp-NetAppel - C:\Program Files\NetAppel\NetAppel.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ch/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 18:28:27
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\wercon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehrecvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 18:33:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 16:33:08
Pre-Run: 424,717,737,984 octets libres
Post-Run: 425,302,777,856 octets libres
343 --- E O F --- 2008-09-02 19:50:13
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Voilà le log final après suppression des éléments infectés.
Dois-je entreprendre d'autres démarches ?
Merci encore infiniment pour ton aide !
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1125
Windows 6.0.6001 Service Pack 1
07.09.2008 19:46:55
mbam-log-2008-09-07 (19-46-55).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 174427
Temps écoulé: 29 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Windows\System32\am (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\wTR02 (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\System32\ixdudtpv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\lxsion.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\olganp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\oymeciyg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
Dois-je entreprendre d'autres démarches ?
Merci encore infiniment pour ton aide !
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1125
Windows 6.0.6001 Service Pack 1
07.09.2008 19:46:55
mbam-log-2008-09-07 (19-46-55).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 174427
Temps écoulé: 29 minute(s), 49 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Windows\System32\am (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\wTR02 (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Windows\System32\ixdudtpv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\lxsion.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\olganp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\oymeciyg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
Voila le dernier log
et maintenant ? :-)
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\Alexandre Perrottet\AppData\Roaming\Malwarebytes
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-07 10:39 . 2008-01-19 00:34 888,320 --a------ C:\Windows\System32\vtUmnkii.dll
2008-09-07 09:05 . 2008-09-07 09:05 71,711 --a------ C:\Windows\System32\upulyomdmwegfz.exe
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\vfig
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\bco
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Temp\dax41
2008-09-07 09:04 . 2008-09-07 18:25 <REP> d-------- C:\Temp
2008-09-07 09:04 . 2008-09-07 09:04 392,529 --a------ C:\Temp\tw70v.exe
2008-08-29 14:11 . 2008-08-29 14:11 166,400 --a------ C:\Windows\System32\jkjtgagldzoeob.dll
2008-08-26 00:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 00:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 00:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 00:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 00:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 00:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 00:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 00:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 00:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 13:03 . 2008-08-24 13:03 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-08-16 18:11 . 2008-08-16 18:11 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-14 13:32 . 2008-08-14 13:32 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-14 03:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 00:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 00:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 00:44 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 00:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 00:44 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-09 08:37 . 2008-08-09 08:37 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-09 08:37 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-09 08:37 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 10:48 --------- d-----w C:\Program Files\Windows Live
2008-09-07 10:38 --------- d---a-w C:\ProgramData\TEMP
2008-09-07 09:24 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\LimeWire
2008-08-24 11:03 --------- d-----w C:\Program Files\Red Kawa
2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 01:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-09 06:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-04 11:45 --------- d-----w C:\Program Files\YesMessenger
2008-08-01 06:21 --------- d-----w C:\Program Files\iTunes
2008-08-01 06:20 --------- d-----w C:\Program Files\iPod
2008-07-30 14:17 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-07-30 14:12 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
2008-07-30 14:12 57,344 ----a-w C:\Windows\uneng.exe
2008-07-30 14:12 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
2008-07-30 14:12 --------- d-----w C:\Program Files\directx
2008-07-30 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-07-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-28 18:45 --------- d-----w C:\Program Files\Avast4
2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-13 18:31 --------- d-----w C:\Users\Double Kebab\AppData\Roaming\Apple Computer
2008-07-11 05:21 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-11 05:17 --------- d-----w C:\ProgramData\Logitech
2008-07-11 05:17 --------- d-----w C:\ProgramData\LogiShrd
2008-07-11 05:17 --------- d-----w C:\Program Files\Logitech
2008-07-08 16:43 --------- d-----w C:\Program Files\Google
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-07_18.32.12.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-07 16:27:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-07 18:00:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-07 16:27:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-07 18:00:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-07 16:28:03 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-07 18:02:26 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-07 16:29:08 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-07 18:02:51 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-07 18:01:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-07 16:28:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-07 18:01:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-07 18:01:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-07 08:13:21 101,896 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-07 17:52:58 101,896 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-07 08:13:21 124,228 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-07 17:52:58 124,228 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-07 08:13:21 589,884 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-07 17:52:58 589,884 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-07 08:13:21 672,084 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-07 17:52:58 672,084 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-07 08:41:14 9,070 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
+ 2008-09-07 17:50:00 9,546 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
- 2008-09-07 08:41:12 50,804 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 17:50:00 51,022 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-04 13:22:34 45,086 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 17:49:59 45,252 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fef477e-e427-f290-fde4-93cdb85be30f}]
2008-08-29 14:11 166400 --a------ C:\Windows\system32\jkjtgagldzoeob.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"{34913d95-23b8-2814-b594-a1302dbcb5af}"="C:\Windows\system32\jkjtgagldzoeob.dll" [2008-08-29 166400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\Windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-15 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lxsion.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 17:01 65536 c:\hp\support\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1001]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E25F0AC6-4C65-4C3B-B508-924C29D84F96}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A298A96C-E2E7-438B-8661-1763E5D7F3C7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B901AF5F-11C8-458F-8754-B80E42D455F1}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F4B67E82-3A39-46B4-BA74-B936C065CDD3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{ABCDF7FE-106C-41EC-A4D0-F31CF0449408}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{26E99000-D2D7-46CC-AAA1-1598CDA70D51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{47492A9D-E144-448F-960B-A4DDCFD6FC02}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{BB295072-FBAB-4FC0-841F-447A8BF161AC}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{28AFE757-0871-4529-BD35-E80759DBE808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{204BE8E7-7CDE-4578-8911-E794A13AA669}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA04BD17-094C-4498-8027-A5C9ABB7DC07}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{510ABD91-CB88-4B63-AEB5-953AE006552C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BF2D090D-81D6-491D-959D-50C8036B8C26}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3757E564-3A19-44B3-A4DA-E4950B965991}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1EA24D7C-1C9A-44DE-A82A-6D93B3A5A8E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{77A185AA-7369-4422-A235-74EBFB0593D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29ABE26E-1964-40A2-A8A3-71B6711D3A0C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{42C16EF2-23A8-47D0-93AA-68512572B0E6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{45DB1ED8-F43A-4BE1-BC94-350377241918}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{A7274694-E340-4F42-96B1-0CAA687EB777}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{3D2A536F-10A6-478E-BC4A-14D7D8FD6DDF}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{EB3050F3-657B-47DA-B747-A5F5BB7B1AB5}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{BF09B13E-E4BF-4447-AC4B-D7DC81BEF6AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2AFC0708-AE4C-4229-A271-1D441D8A58A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{74188BCE-74F4-4CAF-B497-680869F13699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{580BBE7D-85F5-41C8-8BFE-F6F1491E859A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{399E89F8-AD03-431C-977D-7E7AA041D369}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{539F476A-F663-431B-ABC3-E54D4BD3BC0C}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{83A7E275-2109-42E4-B12B-C4FE47F0BAB0}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{3160FA58-4FA3-48CE-8063-7DEB4085D978}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{1BD20539-9BC9-453D-8C81-3F683BC623C2}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"TCP Query User{BDAB9E03-C6FF-45DC-B4D4-767D2B27732A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{8986C12A-DC79-40E9-B6D4-C19AE41A4888}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{EF422B85-E22A-4E54-8869-C3362FE4DCA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DD571031-7D5F-4844-A64D-55DE4D7FC759}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B325F871-F4FC-48FE-A41B-B47C87F36E86}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{159BFFCF-7AE9-4649-B7C5-B972CF8C935B}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{467DBE13-6F53-4D99-892E-F16BF4EC24EA}C:\\windows\\ccalc.exe"= UDP:C:\windows\ccalc.exe:mIRC
"UDP Query User{11EC18B3-73F3-4604-9F40-B40F130049DE}C:\\windows\\ccalc.exe"= TCP:C:\windows\ccalc.exe:mIRC
"{E19C01EA-2583-44EA-84FE-2A03ED556F90}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{22417789-1ABF-461E-884F-7B03C6C8432D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{154ACB29-97E4-4CC4-BAA0-073C89CC0913}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{4FBF8AE7-CEA6-4FD3-9DB5-9C8F78CCF3A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{41C2D404-48D6-4F59-AE9E-4881E8D7BB32}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{957C0670-BF10-42C2-87F5-88E1A2FC4E00}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{ABEEF77A-31D9-4939-8A3C-D07C9EF6E51F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{144E56D7-A3E8-4CE9-89F3-0A83140975D9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{F6EF7BA2-E1D5-4164-812A-1EDF80FCD0E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D90EE791-26D7-4D52-98B7-FCBD9291EC5C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5CD2FBF5-AF23-44FB-B7A5-5CB2C7C8BB10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99670711-C3F5-4929-A960-021D35EDD049}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDF98F5D-E296-49C3-9C43-EF35F8D6E0BD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80096D32-D3CC-4602-905D-C72AEBD0100E}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DECDA17F-05A1-4108-BAE5-E2CD261DFA60}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2F74FC76-33C8-477F-9AAA-93575609C07D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89D5E405-6FDA-489B-8D35-DA0D2612C617}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{EA4EEBD6-5970-4F3F-97C3-3477D8F323FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7C9CD70C-71A8-495F-98C3-084880C76493}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-21 368736]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-07-30 66000]
S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-07-30 27388]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-09 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-TrojanScanner - C:\Program Files\Trojan Remover\Trjscan.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ch/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 20:02:31
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\schtasks.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehrecvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 20:07:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 18:07:10
ComboFix2.txt 2008-09-07 16:33:21
Pre-Run: 424,034,304,000 octets libres
Post-Run: 424,028,573,696 octets libres
338 --- E O F --- 2008-09-02 19:50:13
et maintenant ? :-)
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\Alexandre Perrottet\AppData\Roaming\Malwarebytes
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-07 10:39 . 2008-01-19 00:34 888,320 --a------ C:\Windows\System32\vtUmnkii.dll
2008-09-07 09:05 . 2008-09-07 09:05 71,711 --a------ C:\Windows\System32\upulyomdmwegfz.exe
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\vfig
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\bco
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Temp\dax41
2008-09-07 09:04 . 2008-09-07 18:25 <REP> d-------- C:\Temp
2008-09-07 09:04 . 2008-09-07 09:04 392,529 --a------ C:\Temp\tw70v.exe
2008-08-29 14:11 . 2008-08-29 14:11 166,400 --a------ C:\Windows\System32\jkjtgagldzoeob.dll
2008-08-26 00:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 00:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 00:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 00:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 00:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 00:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 00:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 00:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 00:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 13:03 . 2008-08-24 13:03 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-08-16 18:11 . 2008-08-16 18:11 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-14 13:32 . 2008-08-14 13:32 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-14 03:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 00:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 00:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 00:44 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 00:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 00:44 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-09 08:37 . 2008-08-09 08:37 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-09 08:37 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-09 08:37 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 10:48 --------- d-----w C:\Program Files\Windows Live
2008-09-07 10:38 --------- d---a-w C:\ProgramData\TEMP
2008-09-07 09:24 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\LimeWire
2008-08-24 11:03 --------- d-----w C:\Program Files\Red Kawa
2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 01:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-09 06:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-04 11:45 --------- d-----w C:\Program Files\YesMessenger
2008-08-01 06:21 --------- d-----w C:\Program Files\iTunes
2008-08-01 06:20 --------- d-----w C:\Program Files\iPod
2008-07-30 14:17 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-07-30 14:12 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
2008-07-30 14:12 57,344 ----a-w C:\Windows\uneng.exe
2008-07-30 14:12 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
2008-07-30 14:12 --------- d-----w C:\Program Files\directx
2008-07-30 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-07-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-28 18:45 --------- d-----w C:\Program Files\Avast4
2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-13 18:31 --------- d-----w C:\Users\Double Kebab\AppData\Roaming\Apple Computer
2008-07-11 05:21 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-11 05:17 --------- d-----w C:\ProgramData\Logitech
2008-07-11 05:17 --------- d-----w C:\ProgramData\LogiShrd
2008-07-11 05:17 --------- d-----w C:\Program Files\Logitech
2008-07-08 16:43 --------- d-----w C:\Program Files\Google
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-07_18.32.12.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-07 16:27:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-07 18:00:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-07 16:27:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-07 18:00:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-07 16:28:03 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-07 18:02:26 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-07 16:29:08 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-07 18:02:51 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-07 18:01:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-07 16:28:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-07 18:01:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-07 18:01:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-07 08:13:21 101,896 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-07 17:52:58 101,896 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-07 08:13:21 124,228 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-07 17:52:58 124,228 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-07 08:13:21 589,884 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-07 17:52:58 589,884 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-07 08:13:21 672,084 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-07 17:52:58 672,084 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-07 08:41:14 9,070 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
+ 2008-09-07 17:50:00 9,546 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
- 2008-09-07 08:41:12 50,804 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 17:50:00 51,022 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-04 13:22:34 45,086 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 17:49:59 45,252 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fef477e-e427-f290-fde4-93cdb85be30f}]
2008-08-29 14:11 166400 --a------ C:\Windows\system32\jkjtgagldzoeob.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"{34913d95-23b8-2814-b594-a1302dbcb5af}"="C:\Windows\system32\jkjtgagldzoeob.dll" [2008-08-29 166400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\Windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-15 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lxsion.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 17:01 65536 c:\hp\support\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1001]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E25F0AC6-4C65-4C3B-B508-924C29D84F96}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A298A96C-E2E7-438B-8661-1763E5D7F3C7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B901AF5F-11C8-458F-8754-B80E42D455F1}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F4B67E82-3A39-46B4-BA74-B936C065CDD3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{ABCDF7FE-106C-41EC-A4D0-F31CF0449408}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{26E99000-D2D7-46CC-AAA1-1598CDA70D51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{47492A9D-E144-448F-960B-A4DDCFD6FC02}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{BB295072-FBAB-4FC0-841F-447A8BF161AC}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{28AFE757-0871-4529-BD35-E80759DBE808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{204BE8E7-7CDE-4578-8911-E794A13AA669}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA04BD17-094C-4498-8027-A5C9ABB7DC07}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{510ABD91-CB88-4B63-AEB5-953AE006552C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BF2D090D-81D6-491D-959D-50C8036B8C26}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3757E564-3A19-44B3-A4DA-E4950B965991}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1EA24D7C-1C9A-44DE-A82A-6D93B3A5A8E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{77A185AA-7369-4422-A235-74EBFB0593D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29ABE26E-1964-40A2-A8A3-71B6711D3A0C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{42C16EF2-23A8-47D0-93AA-68512572B0E6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{45DB1ED8-F43A-4BE1-BC94-350377241918}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{A7274694-E340-4F42-96B1-0CAA687EB777}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{3D2A536F-10A6-478E-BC4A-14D7D8FD6DDF}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{EB3050F3-657B-47DA-B747-A5F5BB7B1AB5}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{BF09B13E-E4BF-4447-AC4B-D7DC81BEF6AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2AFC0708-AE4C-4229-A271-1D441D8A58A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{74188BCE-74F4-4CAF-B497-680869F13699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{580BBE7D-85F5-41C8-8BFE-F6F1491E859A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{399E89F8-AD03-431C-977D-7E7AA041D369}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{539F476A-F663-431B-ABC3-E54D4BD3BC0C}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{83A7E275-2109-42E4-B12B-C4FE47F0BAB0}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{3160FA58-4FA3-48CE-8063-7DEB4085D978}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{1BD20539-9BC9-453D-8C81-3F683BC623C2}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"TCP Query User{BDAB9E03-C6FF-45DC-B4D4-767D2B27732A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{8986C12A-DC79-40E9-B6D4-C19AE41A4888}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{EF422B85-E22A-4E54-8869-C3362FE4DCA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DD571031-7D5F-4844-A64D-55DE4D7FC759}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B325F871-F4FC-48FE-A41B-B47C87F36E86}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{159BFFCF-7AE9-4649-B7C5-B972CF8C935B}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{467DBE13-6F53-4D99-892E-F16BF4EC24EA}C:\\windows\\ccalc.exe"= UDP:C:\windows\ccalc.exe:mIRC
"UDP Query User{11EC18B3-73F3-4604-9F40-B40F130049DE}C:\\windows\\ccalc.exe"= TCP:C:\windows\ccalc.exe:mIRC
"{E19C01EA-2583-44EA-84FE-2A03ED556F90}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{22417789-1ABF-461E-884F-7B03C6C8432D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{154ACB29-97E4-4CC4-BAA0-073C89CC0913}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{4FBF8AE7-CEA6-4FD3-9DB5-9C8F78CCF3A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{41C2D404-48D6-4F59-AE9E-4881E8D7BB32}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{957C0670-BF10-42C2-87F5-88E1A2FC4E00}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{ABEEF77A-31D9-4939-8A3C-D07C9EF6E51F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{144E56D7-A3E8-4CE9-89F3-0A83140975D9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{F6EF7BA2-E1D5-4164-812A-1EDF80FCD0E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D90EE791-26D7-4D52-98B7-FCBD9291EC5C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5CD2FBF5-AF23-44FB-B7A5-5CB2C7C8BB10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99670711-C3F5-4929-A960-021D35EDD049}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDF98F5D-E296-49C3-9C43-EF35F8D6E0BD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80096D32-D3CC-4602-905D-C72AEBD0100E}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DECDA17F-05A1-4108-BAE5-E2CD261DFA60}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2F74FC76-33C8-477F-9AAA-93575609C07D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89D5E405-6FDA-489B-8D35-DA0D2612C617}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{EA4EEBD6-5970-4F3F-97C3-3477D8F323FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7C9CD70C-71A8-495F-98C3-084880C76493}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-21 368736]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-07-30 66000]
S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-07-30 27388]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-09 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-TrojanScanner - C:\Program Files\Trojan Remover\Trjscan.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.ch/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 20:02:31
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\schtasks.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehrecvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 20:07:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 18:07:10
ComboFix2.txt 2008-09-07 16:33:21
Pre-Run: 424,034,304,000 octets libres
Post-Run: 424,028,573,696 octets libres
338 --- E O F --- 2008-09-02 19:50:13
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
DirLook::
C:\Windows\System32\vfig
C:\Windows\System32\bco
File::
C:\Windows\system32\jkjtgagldzoeob.dll
C:\Windows\System32\vtUmnkii.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fef477e-e427-f290-fde4-93cdb85be30f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{34913d95-23b8-2814-b594-a1302dbcb5af}"=-
C:\Windows\System32\vfig
C:\Windows\System32\bco
File::
C:\Windows\system32\jkjtgagldzoeob.dll
C:\Windows\System32\vtUmnkii.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fef477e-e427-f290-fde4-93cdb85be30f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{34913d95-23b8-2814-b594-a1302dbcb5af}"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
combofix
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\jkjtgagldzoeob.dll
C:\Windows\System32\vtUmnkii.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 20:15 . 2008-09-07 20:15 <REP> d-------- C:\Program Files\Alwil Software
2008-09-07 20:15 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\Alexandre Perrottet\AppData\Roaming\Malwarebytes
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-07 09:05 . 2008-09-07 09:05 71,711 --a------ C:\Windows\System32\upulyomdmwegfz.exe
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\vfig
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\bco
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Temp\dax41
2008-09-07 09:04 . 2008-09-07 18:25 <REP> d-------- C:\Temp
2008-09-07 09:04 . 2008-09-07 09:04 392,529 --a------ C:\Temp\tw70v.exe
2008-08-26 00:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 00:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 00:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 00:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 00:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 00:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 00:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 00:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 00:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 13:03 . 2008-08-24 13:03 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-08-16 18:11 . 2008-08-16 18:11 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-14 13:32 . 2008-08-14 13:32 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-14 03:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 00:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 00:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 00:44 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 00:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 00:44 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-09 08:37 . 2008-08-09 08:37 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-09 08:37 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-09 08:37 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 18:11 --------- d-----w C:\Program Files\Avast4
2008-09-07 10:48 --------- d-----w C:\Program Files\Windows Live
2008-09-07 10:38 --------- d---a-w C:\ProgramData\TEMP
2008-09-07 09:24 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\LimeWire
2008-08-24 11:03 --------- d-----w C:\Program Files\Red Kawa
2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 01:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-09 06:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-04 11:45 --------- d-----w C:\Program Files\YesMessenger
2008-08-01 06:21 --------- d-----w C:\Program Files\iTunes
2008-08-01 06:20 --------- d-----w C:\Program Files\iPod
2008-07-30 14:17 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-07-30 14:12 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
2008-07-30 14:12 57,344 ----a-w C:\Windows\uneng.exe
2008-07-30 14:12 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
2008-07-30 14:12 --------- d-----w C:\Program Files\directx
2008-07-30 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-07-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-13 18:31 --------- d-----w C:\Users\Double Kebab\AppData\Roaming\Apple Computer
2008-07-11 05:21 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-11 05:17 --------- d-----w C:\ProgramData\Logitech
2008-07-11 05:17 --------- d-----w C:\ProgramData\LogiShrd
2008-07-11 05:17 --------- d-----w C:\Program Files\Logitech
2008-07-08 16:43 --------- d-----w C:\Program Files\Google
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Windows\System32\bco ----
2008-09-07 08:27 162870 --a------ C:\Windows\System32\bco\QS2214v3.exe
---- Directory of C:\Windows\System32\vfig ----
((((((((((((((((((((((((((((( snapshot@2008-09-07_18.32.12.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-07 16:28:03 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-07 18:49:12 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-07 16:29:08 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-07 18:49:12 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-07 18:50:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-07 16:28:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-07 18:50:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-07 18:50:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-07 16:21:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-07 18:09:54 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-07 18:09:54 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-09-07 08:13:21 101,896 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-07 18:22:00 101,896 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-07 08:13:21 124,228 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-07 18:22:00 124,228 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-07 08:13:21 589,884 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-07 18:22:00 589,884 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-07 08:13:21 672,084 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-07 18:22:00 672,084 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-07 08:41:14 9,070 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
+ 2008-09-07 18:50:54 9,770 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
- 2008-09-07 08:41:12 50,804 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 18:50:54 51,038 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-04 13:22:34 45,086 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 18:18:07 45,444 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\Windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-15 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lxsion.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 17:01 65536 c:\hp\support\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1001]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E25F0AC6-4C65-4C3B-B508-924C29D84F96}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A298A96C-E2E7-438B-8661-1763E5D7F3C7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B901AF5F-11C8-458F-8754-B80E42D455F1}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F4B67E82-3A39-46B4-BA74-B936C065CDD3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{ABCDF7FE-106C-41EC-A4D0-F31CF0449408}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{26E99000-D2D7-46CC-AAA1-1598CDA70D51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{47492A9D-E144-448F-960B-A4DDCFD6FC02}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{BB295072-FBAB-4FC0-841F-447A8BF161AC}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{28AFE757-0871-4529-BD35-E80759DBE808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{204BE8E7-7CDE-4578-8911-E794A13AA669}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA04BD17-094C-4498-8027-A5C9ABB7DC07}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{510ABD91-CB88-4B63-AEB5-953AE006552C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BF2D090D-81D6-491D-959D-50C8036B8C26}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3757E564-3A19-44B3-A4DA-E4950B965991}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1EA24D7C-1C9A-44DE-A82A-6D93B3A5A8E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{77A185AA-7369-4422-A235-74EBFB0593D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29ABE26E-1964-40A2-A8A3-71B6711D3A0C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{42C16EF2-23A8-47D0-93AA-68512572B0E6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{45DB1ED8-F43A-4BE1-BC94-350377241918}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{A7274694-E340-4F42-96B1-0CAA687EB777}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{3D2A536F-10A6-478E-BC4A-14D7D8FD6DDF}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{EB3050F3-657B-47DA-B747-A5F5BB7B1AB5}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{BF09B13E-E4BF-4447-AC4B-D7DC81BEF6AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2AFC0708-AE4C-4229-A271-1D441D8A58A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{74188BCE-74F4-4CAF-B497-680869F13699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{580BBE7D-85F5-41C8-8BFE-F6F1491E859A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{399E89F8-AD03-431C-977D-7E7AA041D369}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{539F476A-F663-431B-ABC3-E54D4BD3BC0C}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{83A7E275-2109-42E4-B12B-C4FE47F0BAB0}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{3160FA58-4FA3-48CE-8063-7DEB4085D978}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{1BD20539-9BC9-453D-8C81-3F683BC623C2}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"TCP Query User{BDAB9E03-C6FF-45DC-B4D4-767D2B27732A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{8986C12A-DC79-40E9-B6D4-C19AE41A4888}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{EF422B85-E22A-4E54-8869-C3362FE4DCA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DD571031-7D5F-4844-A64D-55DE4D7FC759}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B325F871-F4FC-48FE-A41B-B47C87F36E86}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{159BFFCF-7AE9-4649-B7C5-B972CF8C935B}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{467DBE13-6F53-4D99-892E-F16BF4EC24EA}C:\\windows\\ccalc.exe"= UDP:C:\windows\ccalc.exe:mIRC
"UDP Query User{11EC18B3-73F3-4604-9F40-B40F130049DE}C:\\windows\\ccalc.exe"= TCP:C:\windows\ccalc.exe:mIRC
"{E19C01EA-2583-44EA-84FE-2A03ED556F90}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{22417789-1ABF-461E-884F-7B03C6C8432D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{154ACB29-97E4-4CC4-BAA0-073C89CC0913}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{4FBF8AE7-CEA6-4FD3-9DB5-9C8F78CCF3A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{41C2D404-48D6-4F59-AE9E-4881E8D7BB32}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{957C0670-BF10-42C2-87F5-88E1A2FC4E00}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{ABEEF77A-31D9-4939-8A3C-D07C9EF6E51F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{144E56D7-A3E8-4CE9-89F3-0A83140975D9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{F6EF7BA2-E1D5-4164-812A-1EDF80FCD0E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D90EE791-26D7-4D52-98B7-FCBD9291EC5C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5CD2FBF5-AF23-44FB-B7A5-5CB2C7C8BB10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99670711-C3F5-4929-A960-021D35EDD049}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDF98F5D-E296-49C3-9C43-EF35F8D6E0BD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80096D32-D3CC-4602-905D-C72AEBD0100E}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DECDA17F-05A1-4108-BAE5-E2CD261DFA60}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2F74FC76-33C8-477F-9AAA-93575609C07D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89D5E405-6FDA-489B-8D35-DA0D2612C617}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{EA4EEBD6-5970-4F3F-97C3-3477D8F323FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7C9CD70C-71A8-495F-98C3-084880C76493}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-21 368736]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-07-30 66000]
S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-07-30 27388]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-09 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 20:49:19
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.0.cs
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.cmdline
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.dll
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.err
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.out
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.tmp
Scan termin‚ avec succŠs
Les fichiers cach‚s: 6
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Windows\System32\wercon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\ehome\ehrecvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\Sprite6.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 20:53:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 18:53:45
ComboFix2.txt 2008-09-07 18:07:19
ComboFix3.txt 2008-09-07 16:33:21
Pre-Run: 423,096,418,304 octets libres
Post-Run: 423,503,523,840 octets libres
331 --- E O F --- 2008-09-02 19:50:13
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\jkjtgagldzoeob.dll
C:\Windows\System32\vtUmnkii.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 20:15 . 2008-09-07 20:15 <REP> d-------- C:\Program Files\Alwil Software
2008-09-07 20:15 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\Alexandre Perrottet\AppData\Roaming\Malwarebytes
2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\ProgramData\Malwarebytes
2008-09-07 09:05 . 2008-09-07 09:05 71,711 --a------ C:\Windows\System32\upulyomdmwegfz.exe
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\vfig
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\bco
2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Temp\dax41
2008-09-07 09:04 . 2008-09-07 18:25 <REP> d-------- C:\Temp
2008-09-07 09:04 . 2008-09-07 09:04 392,529 --a------ C:\Temp\tw70v.exe
2008-08-26 00:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-26 00:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-26 00:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-26 00:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-26 00:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-26 00:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-26 00:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-26 00:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-26 00:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-24 13:03 . 2008-08-24 13:03 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-08-16 18:11 . 2008-08-16 18:11 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-14 13:32 . 2008-08-14 13:32 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-14 03:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 00:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 00:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 00:44 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 00:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 00:44 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-09 08:37 . 2008-08-09 08:37 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-09 08:37 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-09 08:37 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 18:11 --------- d-----w C:\Program Files\Avast4
2008-09-07 10:48 --------- d-----w C:\Program Files\Windows Live
2008-09-07 10:38 --------- d---a-w C:\ProgramData\TEMP
2008-09-07 09:24 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\LimeWire
2008-08-24 11:03 --------- d-----w C:\Program Files\Red Kawa
2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 01:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-09 06:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-04 11:45 --------- d-----w C:\Program Files\YesMessenger
2008-08-01 06:21 --------- d-----w C:\Program Files\iTunes
2008-08-01 06:20 --------- d-----w C:\Program Files\iPod
2008-07-30 14:17 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Roxio
2008-07-30 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-07-30 14:12 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
2008-07-30 14:12 57,344 ----a-w C:\Windows\uneng.exe
2008-07-30 14:12 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
2008-07-30 14:12 --------- d-----w C:\Program Files\directx
2008-07-30 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-07-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-13 18:31 --------- d-----w C:\Users\Double Kebab\AppData\Roaming\Apple Computer
2008-07-11 05:21 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-11 05:17 --------- d-----w C:\ProgramData\Logitech
2008-07-11 05:17 --------- d-----w C:\ProgramData\LogiShrd
2008-07-11 05:17 --------- d-----w C:\Program Files\Logitech
2008-07-08 16:43 --------- d-----w C:\Program Files\Google
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Windows\System32\bco ----
2008-09-07 08:27 162870 --a------ C:\Windows\System32\bco\QS2214v3.exe
---- Directory of C:\Windows\System32\vfig ----
((((((((((((((((((((((((((((( snapshot@2008-09-07_18.32.12.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-07 16:28:03 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-07 18:49:12 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-07 16:29:08 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-07 18:49:12 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-07 18:50:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-07 16:28:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-07 18:50:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-07 18:50:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-07 16:21:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-07 18:09:54 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-09-07 18:09:54 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-09-07 08:13:21 101,896 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-09-07 18:22:00 101,896 ----a-w C:\Windows\System32\perfc009.dat
- 2008-09-07 08:13:21 124,228 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-09-07 18:22:00 124,228 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-09-07 08:13:21 589,884 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-09-07 18:22:00 589,884 ----a-w C:\Windows\System32\perfh009.dat
- 2008-09-07 08:13:21 672,084 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-09-07 18:22:00 672,084 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-09-07 08:41:14 9,070 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
+ 2008-09-07 18:50:54 9,770 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
- 2008-09-07 08:41:12 50,804 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 18:50:54 51,038 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-04 13:22:34 45,086 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-07 18:18:07 45,444 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\Windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-15 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lxsion.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2007-04-18 17:01 65536 c:\hp\support\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1001]
"EnableNotificationsRef"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1002]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E25F0AC6-4C65-4C3B-B508-924C29D84F96}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A298A96C-E2E7-438B-8661-1763E5D7F3C7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B901AF5F-11C8-458F-8754-B80E42D455F1}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F4B67E82-3A39-46B4-BA74-B936C065CDD3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{ABCDF7FE-106C-41EC-A4D0-F31CF0449408}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{26E99000-D2D7-46CC-AAA1-1598CDA70D51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{47492A9D-E144-448F-960B-A4DDCFD6FC02}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{BB295072-FBAB-4FC0-841F-447A8BF161AC}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{28AFE757-0871-4529-BD35-E80759DBE808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{204BE8E7-7CDE-4578-8911-E794A13AA669}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA04BD17-094C-4498-8027-A5C9ABB7DC07}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{510ABD91-CB88-4B63-AEB5-953AE006552C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BF2D090D-81D6-491D-959D-50C8036B8C26}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3757E564-3A19-44B3-A4DA-E4950B965991}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1EA24D7C-1C9A-44DE-A82A-6D93B3A5A8E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{77A185AA-7369-4422-A235-74EBFB0593D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{29ABE26E-1964-40A2-A8A3-71B6711D3A0C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{42C16EF2-23A8-47D0-93AA-68512572B0E6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{45DB1ED8-F43A-4BE1-BC94-350377241918}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{A7274694-E340-4F42-96B1-0CAA687EB777}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{3D2A536F-10A6-478E-BC4A-14D7D8FD6DDF}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{EB3050F3-657B-47DA-B747-A5F5BB7B1AB5}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{BF09B13E-E4BF-4447-AC4B-D7DC81BEF6AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2AFC0708-AE4C-4229-A271-1D441D8A58A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{74188BCE-74F4-4CAF-B497-680869F13699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{580BBE7D-85F5-41C8-8BFE-F6F1491E859A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{399E89F8-AD03-431C-977D-7E7AA041D369}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{539F476A-F663-431B-ABC3-E54D4BD3BC0C}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{83A7E275-2109-42E4-B12B-C4FE47F0BAB0}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{3160FA58-4FA3-48CE-8063-7DEB4085D978}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"UDP Query User{1BD20539-9BC9-453D-8C81-3F683BC623C2}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
"TCP Query User{BDAB9E03-C6FF-45DC-B4D4-767D2B27732A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{8986C12A-DC79-40E9-B6D4-C19AE41A4888}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{EF422B85-E22A-4E54-8869-C3362FE4DCA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DD571031-7D5F-4844-A64D-55DE4D7FC759}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B325F871-F4FC-48FE-A41B-B47C87F36E86}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"UDP Query User{159BFFCF-7AE9-4649-B7C5-B972CF8C935B}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
"TCP Query User{467DBE13-6F53-4D99-892E-F16BF4EC24EA}C:\\windows\\ccalc.exe"= UDP:C:\windows\ccalc.exe:mIRC
"UDP Query User{11EC18B3-73F3-4604-9F40-B40F130049DE}C:\\windows\\ccalc.exe"= TCP:C:\windows\ccalc.exe:mIRC
"{E19C01EA-2583-44EA-84FE-2A03ED556F90}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"{22417789-1ABF-461E-884F-7B03C6C8432D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
"TCP Query User{154ACB29-97E4-4CC4-BAA0-073C89CC0913}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{4FBF8AE7-CEA6-4FD3-9DB5-9C8F78CCF3A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"{41C2D404-48D6-4F59-AE9E-4881E8D7BB32}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{957C0670-BF10-42C2-87F5-88E1A2FC4E00}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{ABEEF77A-31D9-4939-8A3C-D07C9EF6E51F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{144E56D7-A3E8-4CE9-89F3-0A83140975D9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{F6EF7BA2-E1D5-4164-812A-1EDF80FCD0E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{D90EE791-26D7-4D52-98B7-FCBD9291EC5C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5CD2FBF5-AF23-44FB-B7A5-5CB2C7C8BB10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{99670711-C3F5-4929-A960-021D35EDD049}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EDF98F5D-E296-49C3-9C43-EF35F8D6E0BD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80096D32-D3CC-4602-905D-C72AEBD0100E}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DECDA17F-05A1-4108-BAE5-E2CD261DFA60}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2F74FC76-33C8-477F-9AAA-93575609C07D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{89D5E405-6FDA-489B-8D35-DA0D2612C617}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{EA4EEBD6-5970-4F3F-97C3-3477D8F323FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7C9CD70C-71A8-495F-98C3-084880C76493}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-21 368736]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-07-30 66000]
S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-07-30 27388]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-09 355584]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 20:49:19
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.0.cs
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.cmdline
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.dll
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.err
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.out
C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.tmp
Scan termin‚ avec succŠs
Les fichiers cach‚s: 6
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Windows\System32\wercon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\ehome\ehrecvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\Sprite6.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 20:53:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 18:53:45
ComboFix2.txt 2008-09-07 18:07:19
ComboFix3.txt 2008-09-07 16:33:21
Pre-Run: 423,096,418,304 octets libres
Post-Run: 423,503,523,840 octets libres
331 --- E O F --- 2008-09-02 19:50:13
hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:17, on 07.09.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\WerCon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Alexandre Perrottet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A218RR6S\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: lxsion.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 10620 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:17, on 07.09.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\WerCon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Alexandre Perrottet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A218RR6S\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: lxsion.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 10620 bytes
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumMerci pour analyser log hijackthis
- ForumHijackthis - analyser un log.
- ForumHijackthis analyser de log.
- ForumLog hijackthis a analyser.
- ForumTrop de pub log hijackthis a analyser
- ForumLog hijackthis a analyser
- ForumLog hijackthis a analyser virus notes.exe
- ForumLog hijackthis a analyser suite virus
- ForumAnalyser, interpreter un log hijackthis
- ForumAnalyser un rapport de log hijackthis
- Voir plus
