Se connecter / S'enregistrer
Votre question

Analyser mon log hijackthis

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Septembre 2008 12:37:48

Bonjour,

Est-ce que qqn aurait la gentillesse d'analyer le log ci-dessous et me dire ce que je dois faire ?

Merci d'avance à vous tous




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:46, on 07.09.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Avast4\ashDisp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
C:\Windows\system32\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Avast4\ashSimpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alexandre Perrottet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A218RR6S\HiJackThis[1].exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22D79647-107E-4D84-99C7-2441335B155A} - C:\Windows\system32\rqRLcYOF.dll
O2 - BHO: bambanner browser enhancer - {2fef477e-e427-f290-fde4-93cdb85be30f} - C:\Windows\system32\jkjtgagldzoeob.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e2cae0a0-0dc9-2749-0514-a40f7776922e} - {e2296777-f04a-4150-9472-9cd00a0eac2e} - C:\Windows\system32\olganp.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnllihE.dll,#1
O4 - HKLM\..\Run: [{34913d95-23b8-2814-b594-a1302dbcb5af}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\jkjtgagldzoeob.dll" DllStub
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [BM6b23b1bb] Rundll32.exe "C:\Windows\system32\kkuukuxm.dll",s
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: olganp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 12128 bytes

Autres pages sur : analyser log hijackthis

a b 8 Sécurité
7 Septembre 2008 16:57:13

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    7 Septembre 2008 17:51:40

    le rapport hijackthis n'est pas suffisant?
    Contenus similaires
    a b 8 Sécurité
    7 Septembre 2008 18:10:58

    Nan, il faut d'autres outils.
    7 Septembre 2008 18:39:49

    Voila le rapport combofix
    Merci de ton aide !




    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Windows\system32\cbXPhihI.dll
    C:\Windows\system32\cpblkxap.ini
    C:\Windows\System32\FOYcLRqr.ini
    C:\Windows\System32\FOYcLRqr.ini2
    C:\Windows\system32\ixdudtpv.dll
    C:\Windows\system32\jusched.exe
    C:\Windows\system32\kkuukuxm.dll
    C:\Windows\system32\lxsion.dll
    C:\Windows\system32\mcrh.tmp
    C:\Windows\system32\MSINET.oca
    C:\Windows\system32\olganp.dll
    C:\Windows\system32\oymeciyg.dll
    C:\Windows\system32\pac.txt
    C:\Windows\system32\rqRLcYOF.dll
    C:\Windows\system32\x1

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\Users\All Users\Simply Super Software
    2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\Users\Alexandre Perrottet\AppData\Roaming\Simply Super Software
    2008-09-07 11:22 . 2008-09-07 11:22 <REP> d-------- C:\ProgramData\Simply Super Software
    2008-09-07 11:22 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
    2008-09-07 11:22 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
    2008-09-07 11:22 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
    2008-09-07 11:22 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
    2008-09-07 10:39 . 2008-01-19 00:34 888,320 --a------ C:\Windows\System32\vtUmnkii.dll
    2008-09-07 09:05 . 2008-09-07 09:05 71,711 --a------ C:\Windows\System32\upulyomdmwegfz.exe
    2008-09-07 09:04 . 2008-09-07 12:27 <REP> d-------- C:\Windows\System32\wTR02
    2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\vfig
    2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\bco
    2008-09-07 09:04 . 2008-09-07 11:57 <REP> d-------- C:\Windows\System32\am
    2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Temp\dax41
    2008-09-07 09:04 . 2008-09-07 18:25 <REP> d-------- C:\Temp
    2008-09-07 09:04 . 2008-09-07 09:04 392,529 --a------ C:\Temp\tw70v.exe
    2008-08-29 14:11 . 2008-08-29 14:11 166,400 --a------ C:\Windows\System32\jkjtgagldzoeob.dll
    2008-08-26 00:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
    2008-08-26 00:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
    2008-08-26 00:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
    2008-08-26 00:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
    2008-08-26 00:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
    2008-08-26 00:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
    2008-08-26 00:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
    2008-08-26 00:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
    2008-08-26 00:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-08-24 13:03 . 2008-08-24 13:03 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-08-16 18:11 . 2008-08-16 18:11 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-08-14 13:32 . 2008-08-14 13:32 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-14 03:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-14 00:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-14 00:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-14 00:44 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-14 00:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-14 00:44 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
    2008-08-09 08:37 . 2008-08-09 08:37 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
    2008-08-09 08:37 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
    2008-08-09 08:37 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-07 10:48 --------- d-----w C:\Program Files\Windows Live
    2008-09-07 10:38 --------- d---a-w C:\ProgramData\TEMP
    2008-09-07 09:24 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\LimeWire
    2008-09-07 09:22 --------- d-----w C:\Program Files\Trojan Remover
    2008-08-24 11:03 --------- d-----w C:\Program Files\Red Kawa
    2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-16 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail
    2008-08-14 01:04 --------- d-----w C:\ProgramData\Microsoft Help
    2008-08-09 06:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-08-04 11:45 --------- d-----w C:\Program Files\YesMessenger
    2008-08-01 06:21 --------- d-----w C:\Program Files\iTunes
    2008-08-01 06:20 --------- d-----w C:\Program Files\iPod
    2008-07-30 14:17 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\Roxio
    2008-07-30 14:13 --------- d-----w C:\Program Files\Roxio
    2008-07-30 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
    2008-07-30 14:12 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
    2008-07-30 14:12 57,344 ----a-w C:\Windows\uneng.exe
    2008-07-30 14:12 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
    2008-07-30 14:12 --------- d-----w C:\Program Files\directx
    2008-07-30 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
    2008-07-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-07-28 18:45 --------- d-----w C:\Program Files\Avast4
    2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
    2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-07-13 18:31 --------- d-----w C:\Users\Double Kebab\AppData\Roaming\Apple Computer
    2008-07-11 05:21 --------- d-----w C:\Program Files\Common Files\Logishrd
    2008-07-11 05:17 --------- d-----w C:\ProgramData\Logitech
    2008-07-11 05:17 --------- d-----w C:\ProgramData\LogiShrd
    2008-07-11 05:17 --------- d-----w C:\Program Files\Logitech
    2008-07-08 16:43 --------- d-----w C:\Program Files\Google
    2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fef477e-e427-f290-fde4-93cdb85be30f}]
    2008-08-29 14:11 166400 --a------ C:\Windows\system32\jkjtgagldzoeob.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
    "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
    "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "{34913d95-23b8-2814-b594-a1302dbcb5af}"="C:\Windows\system32\jkjtgagldzoeob.dll" [2008-08-29 166400]
    "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-09-04 917072]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\Windows\KHALMNPR.Exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-15 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=lxsion.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    --a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    --a------ 2007-04-18 17:01 65536 c:\hp\support\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
    --a------ 2008-09-04 18:55 917072 C:\Program Files\Trojan Remover\Trjscan.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1001]
    "EnableNotificationsRef"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1002]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E25F0AC6-4C65-4C3B-B508-924C29D84F96}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{A298A96C-E2E7-438B-8661-1763E5D7F3C7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{B901AF5F-11C8-458F-8754-B80E42D455F1}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{F4B67E82-3A39-46B4-BA74-B936C065CDD3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{ABCDF7FE-106C-41EC-A4D0-F31CF0449408}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{26E99000-D2D7-46CC-AAA1-1598CDA70D51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{47492A9D-E144-448F-960B-A4DDCFD6FC02}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
    "{BB295072-FBAB-4FC0-841F-447A8BF161AC}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
    "{28AFE757-0871-4529-BD35-E80759DBE808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{204BE8E7-7CDE-4578-8911-E794A13AA669}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{BA04BD17-094C-4498-8027-A5C9ABB7DC07}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{510ABD91-CB88-4B63-AEB5-953AE006552C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{BF2D090D-81D6-491D-959D-50C8036B8C26}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{3757E564-3A19-44B3-A4DA-E4950B965991}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{1EA24D7C-1C9A-44DE-A82A-6D93B3A5A8E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{77A185AA-7369-4422-A235-74EBFB0593D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{29ABE26E-1964-40A2-A8A3-71B6711D3A0C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{42C16EF2-23A8-47D0-93AA-68512572B0E6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{45DB1ED8-F43A-4BE1-BC94-350377241918}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "{A7274694-E340-4F42-96B1-0CAA687EB777}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "TCP Query User{3D2A536F-10A6-478E-BC4A-14D7D8FD6DDF}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "UDP Query User{EB3050F3-657B-47DA-B747-A5F5BB7B1AB5}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "TCP Query User{BF09B13E-E4BF-4447-AC4B-D7DC81BEF6AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{2AFC0708-AE4C-4229-A271-1D441D8A58A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{74188BCE-74F4-4CAF-B497-680869F13699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{580BBE7D-85F5-41C8-8BFE-F6F1491E859A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "UDP Query User{399E89F8-AD03-431C-977D-7E7AA041D369}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "TCP Query User{539F476A-F663-431B-ABC3-E54D4BD3BC0C}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
    "UDP Query User{83A7E275-2109-42E4-B12B-C4FE47F0BAB0}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
    "TCP Query User{3160FA58-4FA3-48CE-8063-7DEB4085D978}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
    "UDP Query User{1BD20539-9BC9-453D-8C81-3F683BC623C2}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
    "TCP Query User{BDAB9E03-C6FF-45DC-B4D4-767D2B27732A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
    "UDP Query User{8986C12A-DC79-40E9-B6D4-C19AE41A4888}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
    "{EF422B85-E22A-4E54-8869-C3362FE4DCA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{DD571031-7D5F-4844-A64D-55DE4D7FC759}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{B325F871-F4FC-48FE-A41B-B47C87F36E86}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "UDP Query User{159BFFCF-7AE9-4649-B7C5-B972CF8C935B}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "TCP Query User{467DBE13-6F53-4D99-892E-F16BF4EC24EA}C:\\windows\\ccalc.exe"= UDP:C:\windows\ccalc.exe:mIRC
    "UDP Query User{11EC18B3-73F3-4604-9F40-B40F130049DE}C:\\windows\\ccalc.exe"= TCP:C:\windows\ccalc.exe:mIRC
    "{E19C01EA-2583-44EA-84FE-2A03ED556F90}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "{22417789-1ABF-461E-884F-7B03C6C8432D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "TCP Query User{154ACB29-97E4-4CC4-BAA0-073C89CC0913}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{4FBF8AE7-CEA6-4FD3-9DB5-9C8F78CCF3A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "{41C2D404-48D6-4F59-AE9E-4881E8D7BB32}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{957C0670-BF10-42C2-87F5-88E1A2FC4E00}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{ABEEF77A-31D9-4939-8A3C-D07C9EF6E51F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{144E56D7-A3E8-4CE9-89F3-0A83140975D9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{F6EF7BA2-E1D5-4164-812A-1EDF80FCD0E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{D90EE791-26D7-4D52-98B7-FCBD9291EC5C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{5CD2FBF5-AF23-44FB-B7A5-5CB2C7C8BB10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{99670711-C3F5-4929-A960-021D35EDD049}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{EDF98F5D-E296-49C3-9C43-EF35F8D6E0BD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{80096D32-D3CC-4602-905D-C72AEBD0100E}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{DECDA17F-05A1-4108-BAE5-E2CD261DFA60}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{2F74FC76-33C8-477F-9AAA-93575609C07D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{89D5E405-6FDA-489B-8D35-DA0D2612C617}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{EA4EEBD6-5970-4F3F-97C3-3477D8F323FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{7C9CD70C-71A8-495F-98C3-084880C76493}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-21 368736]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
    R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
    R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
    R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
    S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-07-30 66000]
    S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-07-30 27388]
    S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-09 355584]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{118b8d2c-3a31-4e3a-8f1d-ec1a396fb75d} - C:\Windows\system32\lxsion.dll
    BHO-{22D79647-107E-4D84-99C7-2441335B155A} - C:\Windows\system32\rqRLcYOF.dll
    HKLM-Run-MSServer - C:\Windows\system32\pmnllihE.dll
    HKLM-Run-BM6b23b1bb - C:\Windows\system32\kkuukuxm.dll
    ShellExecuteHooks-{AE55C7EC-82F8-46CB-8DC2-57BF42F025FF} - C:\Windows\system32\pmnllihE.dll
    MSConfigStartUp-NetAppel - C:\Program Files\NetAppel\NetAppel.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.ch/
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
    C:\Windows\Downloaded Program Files\oscan8.inf
    C:\Windows\Downloaded Program Files\oscan81.ocx_x
    C:\Windows\bdoscandellang.ini
    C:\Windows\bdoscandel.exe
    C:\Windows\Downloaded Program Files\live.ini
    C:\Windows\Downloaded Program Files\scanoptions.tsi
    C:\Windows\Downloaded Program Files\lang.ini
    C:\Windows\Downloaded Program Files\ipsupd.dll
    C:\Windows\Downloaded Program Files\bdupd.dll
    C:\Windows\Downloaded Program Files\libfn.dll
    C:\Windows\Downloaded Program Files\bdcore.dll
    C:\Windows\Downloaded Program Files\oscan8.ocx
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-07 18:28:27
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
    C:\Windows\System32\wercon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\System32\schtasks.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehrecvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\wbem\WMIADAP.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-07 18:33:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-07 16:33:08

    Pre-Run: 424,717,737,984 octets libres
    Post-Run: 425,302,777,856 octets libres

    343 --- E O F --- 2008-09-02 19:50:13
    a b 8 Sécurité
    7 Septembre 2008 18:53:10

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    7 Septembre 2008 19:54:34

    Voilà le log final après suppression des éléments infectés.

    Dois-je entreprendre d'autres démarches ?
    Merci encore infiniment pour ton aide !


    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1125
    Windows 6.0.6001 Service Pack 1

    07.09.2008 19:46:55
    mbam-log-2008-09-07 (19-46-55).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 174427
    Temps écoulé: 29 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Windows\System32\am (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\wTR02 (Trojan.Agent) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Windows\System32\ixdudtpv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\lxsion.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\olganp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Windows\System32\oymeciyg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    7 Septembre 2008 19:55:32

    Refais un scan Combofix :) 
    7 Septembre 2008 20:15:07

    Voila le dernier log

    et maintenant ? :-)



    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\Alexandre Perrottet\AppData\Roaming\Malwarebytes
    2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-09-07 10:39 . 2008-01-19 00:34 888,320 --a------ C:\Windows\System32\vtUmnkii.dll
    2008-09-07 09:05 . 2008-09-07 09:05 71,711 --a------ C:\Windows\System32\upulyomdmwegfz.exe
    2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\vfig
    2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\bco
    2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Temp\dax41
    2008-09-07 09:04 . 2008-09-07 18:25 <REP> d-------- C:\Temp
    2008-09-07 09:04 . 2008-09-07 09:04 392,529 --a------ C:\Temp\tw70v.exe
    2008-08-29 14:11 . 2008-08-29 14:11 166,400 --a------ C:\Windows\System32\jkjtgagldzoeob.dll
    2008-08-26 00:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
    2008-08-26 00:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
    2008-08-26 00:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
    2008-08-26 00:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
    2008-08-26 00:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
    2008-08-26 00:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
    2008-08-26 00:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
    2008-08-26 00:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
    2008-08-26 00:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-08-24 13:03 . 2008-08-24 13:03 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-08-16 18:11 . 2008-08-16 18:11 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-08-14 13:32 . 2008-08-14 13:32 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-14 03:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-14 00:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-14 00:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-14 00:44 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-14 00:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-14 00:44 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
    2008-08-09 08:37 . 2008-08-09 08:37 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
    2008-08-09 08:37 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
    2008-08-09 08:37 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-07 10:48 --------- d-----w C:\Program Files\Windows Live
    2008-09-07 10:38 --------- d---a-w C:\ProgramData\TEMP
    2008-09-07 09:24 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\LimeWire
    2008-08-24 11:03 --------- d-----w C:\Program Files\Red Kawa
    2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-16 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail
    2008-08-14 01:04 --------- d-----w C:\ProgramData\Microsoft Help
    2008-08-09 06:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-08-04 11:45 --------- d-----w C:\Program Files\YesMessenger
    2008-08-01 06:21 --------- d-----w C:\Program Files\iTunes
    2008-08-01 06:20 --------- d-----w C:\Program Files\iPod
    2008-07-30 14:17 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\Roxio
    2008-07-30 14:13 --------- d-----w C:\Program Files\Roxio
    2008-07-30 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
    2008-07-30 14:12 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
    2008-07-30 14:12 57,344 ----a-w C:\Windows\uneng.exe
    2008-07-30 14:12 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
    2008-07-30 14:12 --------- d-----w C:\Program Files\directx
    2008-07-30 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
    2008-07-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-07-28 18:45 --------- d-----w C:\Program Files\Avast4
    2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
    2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-07-13 18:31 --------- d-----w C:\Users\Double Kebab\AppData\Roaming\Apple Computer
    2008-07-11 05:21 --------- d-----w C:\Program Files\Common Files\Logishrd
    2008-07-11 05:17 --------- d-----w C:\ProgramData\Logitech
    2008-07-11 05:17 --------- d-----w C:\ProgramData\LogiShrd
    2008-07-11 05:17 --------- d-----w C:\Program Files\Logitech
    2008-07-08 16:43 --------- d-----w C:\Program Files\Google
    2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-07_18.32.12.34 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-09-07 16:27:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-09-07 18:00:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-09-07 16:27:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-09-07 18:00:35 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-09-07 16:28:03 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-09-07 18:02:26 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2008-09-07 16:29:08 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-09-07 18:02:51 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-09-07 18:01:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-09-07 16:28:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-07 18:01:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-09-07 18:01:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-09-07 08:13:21 101,896 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-09-07 17:52:58 101,896 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-09-07 08:13:21 124,228 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-09-07 17:52:58 124,228 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-09-07 08:13:21 589,884 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-09-07 17:52:58 589,884 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-09-07 08:13:21 672,084 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-09-07 17:52:58 672,084 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-09-07 08:41:14 9,070 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
    + 2008-09-07 17:50:00 9,546 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
    - 2008-09-07 08:41:12 50,804 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-09-07 17:50:00 51,022 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-08-04 13:22:34 45,086 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-09-07 17:49:59 45,252 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fef477e-e427-f290-fde4-93cdb85be30f}]
    2008-08-29 14:11 166400 --a------ C:\Windows\system32\jkjtgagldzoeob.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
    "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
    "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "{34913d95-23b8-2814-b594-a1302dbcb5af}"="C:\Windows\system32\jkjtgagldzoeob.dll" [2008-08-29 166400]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\Windows\KHALMNPR.Exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-15 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=lxsion.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    --a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    --a------ 2007-04-18 17:01 65536 c:\hp\support\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1001]
    "EnableNotificationsRef"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1002]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E25F0AC6-4C65-4C3B-B508-924C29D84F96}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{A298A96C-E2E7-438B-8661-1763E5D7F3C7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{B901AF5F-11C8-458F-8754-B80E42D455F1}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{F4B67E82-3A39-46B4-BA74-B936C065CDD3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{ABCDF7FE-106C-41EC-A4D0-F31CF0449408}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{26E99000-D2D7-46CC-AAA1-1598CDA70D51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{47492A9D-E144-448F-960B-A4DDCFD6FC02}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
    "{BB295072-FBAB-4FC0-841F-447A8BF161AC}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
    "{28AFE757-0871-4529-BD35-E80759DBE808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{204BE8E7-7CDE-4578-8911-E794A13AA669}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{BA04BD17-094C-4498-8027-A5C9ABB7DC07}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{510ABD91-CB88-4B63-AEB5-953AE006552C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{BF2D090D-81D6-491D-959D-50C8036B8C26}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{3757E564-3A19-44B3-A4DA-E4950B965991}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{1EA24D7C-1C9A-44DE-A82A-6D93B3A5A8E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{77A185AA-7369-4422-A235-74EBFB0593D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{29ABE26E-1964-40A2-A8A3-71B6711D3A0C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{42C16EF2-23A8-47D0-93AA-68512572B0E6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{45DB1ED8-F43A-4BE1-BC94-350377241918}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "{A7274694-E340-4F42-96B1-0CAA687EB777}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "TCP Query User{3D2A536F-10A6-478E-BC4A-14D7D8FD6DDF}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "UDP Query User{EB3050F3-657B-47DA-B747-A5F5BB7B1AB5}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "TCP Query User{BF09B13E-E4BF-4447-AC4B-D7DC81BEF6AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{2AFC0708-AE4C-4229-A271-1D441D8A58A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{74188BCE-74F4-4CAF-B497-680869F13699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{580BBE7D-85F5-41C8-8BFE-F6F1491E859A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "UDP Query User{399E89F8-AD03-431C-977D-7E7AA041D369}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "TCP Query User{539F476A-F663-431B-ABC3-E54D4BD3BC0C}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
    "UDP Query User{83A7E275-2109-42E4-B12B-C4FE47F0BAB0}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
    "TCP Query User{3160FA58-4FA3-48CE-8063-7DEB4085D978}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
    "UDP Query User{1BD20539-9BC9-453D-8C81-3F683BC623C2}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
    "TCP Query User{BDAB9E03-C6FF-45DC-B4D4-767D2B27732A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
    "UDP Query User{8986C12A-DC79-40E9-B6D4-C19AE41A4888}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
    "{EF422B85-E22A-4E54-8869-C3362FE4DCA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{DD571031-7D5F-4844-A64D-55DE4D7FC759}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{B325F871-F4FC-48FE-A41B-B47C87F36E86}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "UDP Query User{159BFFCF-7AE9-4649-B7C5-B972CF8C935B}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "TCP Query User{467DBE13-6F53-4D99-892E-F16BF4EC24EA}C:\\windows\\ccalc.exe"= UDP:C:\windows\ccalc.exe:mIRC
    "UDP Query User{11EC18B3-73F3-4604-9F40-B40F130049DE}C:\\windows\\ccalc.exe"= TCP:C:\windows\ccalc.exe:mIRC
    "{E19C01EA-2583-44EA-84FE-2A03ED556F90}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "{22417789-1ABF-461E-884F-7B03C6C8432D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "TCP Query User{154ACB29-97E4-4CC4-BAA0-073C89CC0913}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{4FBF8AE7-CEA6-4FD3-9DB5-9C8F78CCF3A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "{41C2D404-48D6-4F59-AE9E-4881E8D7BB32}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{957C0670-BF10-42C2-87F5-88E1A2FC4E00}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{ABEEF77A-31D9-4939-8A3C-D07C9EF6E51F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{144E56D7-A3E8-4CE9-89F3-0A83140975D9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{F6EF7BA2-E1D5-4164-812A-1EDF80FCD0E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{D90EE791-26D7-4D52-98B7-FCBD9291EC5C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{5CD2FBF5-AF23-44FB-B7A5-5CB2C7C8BB10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{99670711-C3F5-4929-A960-021D35EDD049}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{EDF98F5D-E296-49C3-9C43-EF35F8D6E0BD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{80096D32-D3CC-4602-905D-C72AEBD0100E}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{DECDA17F-05A1-4108-BAE5-E2CD261DFA60}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{2F74FC76-33C8-477F-9AAA-93575609C07D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{89D5E405-6FDA-489B-8D35-DA0D2612C617}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{EA4EEBD6-5970-4F3F-97C3-3477D8F323FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{7C9CD70C-71A8-495F-98C3-084880C76493}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-21 368736]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
    R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
    R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
    R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
    S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-07-30 66000]
    S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-07-30 27388]
    S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-09 355584]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-TrojanScanner - C:\Program Files\Trojan Remover\Trjscan.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.ch/
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
    C:\Windows\Downloaded Program Files\oscan8.inf
    C:\Windows\Downloaded Program Files\oscan81.ocx_x
    C:\Windows\bdoscandellang.ini
    C:\Windows\bdoscandel.exe
    C:\Windows\Downloaded Program Files\live.ini
    C:\Windows\Downloaded Program Files\scanoptions.tsi
    C:\Windows\Downloaded Program Files\lang.ini
    C:\Windows\Downloaded Program Files\ipsupd.dll
    C:\Windows\Downloaded Program Files\bdupd.dll
    C:\Windows\Downloaded Program Files\libfn.dll
    C:\Windows\Downloaded Program Files\bdcore.dll
    C:\Windows\Downloaded Program Files\oscan8.ocx
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-07 20:02:31
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\schtasks.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\ehome\ehrecvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\wbem\WMIADAP.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-07 20:07:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-07 18:07:10
    ComboFix2.txt 2008-09-07 16:33:21

    Pre-Run: 424,034,304,000 octets libres
    Post-Run: 424,028,573,696 octets libres

    338 --- E O F --- 2008-09-02 19:50:13
    a b 8 Sécurité
    7 Septembre 2008 20:24:55

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    DirLook::
    C:\Windows\System32\vfig
    C:\Windows\System32\bco

    File::
    C:\Windows\system32\jkjtgagldzoeob.dll
    C:\Windows\System32\vtUmnkii.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fef477e-e427-f290-fde4-93cdb85be30f}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "{34913d95-23b8-2814-b594-a1302dbcb5af}"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    7 Septembre 2008 21:08:28

    combofix


    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\jkjtgagldzoeob.dll
    C:\Windows\System32\vtUmnkii.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-07 20:15 . 2008-09-07 20:15 <REP> d-------- C:\Program Files\Alwil Software
    2008-09-07 20:15 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
    2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\Users\Alexandre Perrottet\AppData\Roaming\Malwarebytes
    2008-09-07 19:06 . 2008-09-07 19:06 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-09-07 09:05 . 2008-09-07 09:05 71,711 --a------ C:\Windows\System32\upulyomdmwegfz.exe
    2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\vfig
    2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Windows\System32\bco
    2008-09-07 09:04 . 2008-09-07 09:04 <REP> d-------- C:\Temp\dax41
    2008-09-07 09:04 . 2008-09-07 18:25 <REP> d-------- C:\Temp
    2008-09-07 09:04 . 2008-09-07 09:04 392,529 --a------ C:\Temp\tw70v.exe
    2008-08-26 00:37 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
    2008-08-26 00:37 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
    2008-08-26 00:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
    2008-08-26 00:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
    2008-08-26 00:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
    2008-08-26 00:37 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
    2008-08-26 00:37 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
    2008-08-26 00:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
    2008-08-26 00:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-08-24 13:03 . 2008-08-24 13:03 <REP> d-------- C:\Program Files\AviSynth 2.5
    2008-08-16 18:11 . 2008-08-16 18:11 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-08-14 13:32 . 2008-08-14 13:32 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-14 03:03 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-08-14 00:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-08-14 00:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-08-14 00:44 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
    2008-08-14 00:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
    2008-08-14 00:44 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
    2008-08-09 08:37 . 2008-08-09 08:37 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe
    2008-08-09 08:37 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll
    2008-08-09 08:37 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-07 18:11 --------- d-----w C:\Program Files\Avast4
    2008-09-07 10:48 --------- d-----w C:\Program Files\Windows Live
    2008-09-07 10:38 --------- d---a-w C:\ProgramData\TEMP
    2008-09-07 09:24 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\LimeWire
    2008-08-24 11:03 --------- d-----w C:\Program Files\Red Kawa
    2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-16 16:16 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-14 01:10 --------- d-----w C:\Program Files\Windows Mail
    2008-08-14 01:04 --------- d-----w C:\ProgramData\Microsoft Help
    2008-08-09 06:37 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-08-04 11:45 --------- d-----w C:\Program Files\YesMessenger
    2008-08-01 06:21 --------- d-----w C:\Program Files\iTunes
    2008-08-01 06:20 --------- d-----w C:\Program Files\iPod
    2008-07-30 14:17 --------- d-----w C:\Users\Alexandre Perrottet\AppData\Roaming\Roxio
    2008-07-30 14:13 --------- d-----w C:\Program Files\Roxio
    2008-07-30 14:13 --------- d-----w C:\Program Files\Common Files\Roxio Shared
    2008-07-30 14:12 66,000 ----a-w C:\Windows\system32\drivers\Cdr4vsd.sys
    2008-07-30 14:12 57,344 ----a-w C:\Windows\uneng.exe
    2008-07-30 14:12 27,388 ----a-w C:\Windows\system32\drivers\cdralwnt.sys
    2008-07-30 14:12 --------- d-----w C:\Program Files\directx
    2008-07-30 14:12 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
    2008-07-30 14:11 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
    2008-07-13 18:31 --------- d-----w C:\Users\Double Kebab\AppData\Roaming\Apple Computer
    2008-07-11 05:21 --------- d-----w C:\Program Files\Common Files\Logishrd
    2008-07-11 05:17 --------- d-----w C:\ProgramData\Logitech
    2008-07-11 05:17 --------- d-----w C:\ProgramData\LogiShrd
    2008-07-11 05:17 --------- d-----w C:\Program Files\Logitech
    2008-07-08 16:43 --------- d-----w C:\Program Files\Google
    2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\Windows\System32\bco ----

    2008-09-07 08:27 162870 --a------ C:\Windows\System32\bco\QS2214v3.exe

    ---- Directory of C:\Windows\System32\vfig ----



    ((((((((((((((((((((((((((((( snapshot@2008-09-07_18.32.12.34 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-09-07 16:28:03 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-09-07 18:49:12 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    - 2008-09-07 16:29:08 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-09-07 18:49:12 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-09-07 18:50:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-09-07 16:28:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-09-07 18:50:10 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-09-07 16:28:07 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-09-07 18:50:10 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-09-07 16:21:24 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-09-07 18:09:54 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-09-07 18:09:54 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2008-09-07 08:13:21 101,896 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-09-07 18:22:00 101,896 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-09-07 08:13:21 124,228 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-09-07 18:22:00 124,228 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-09-07 08:13:21 589,884 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-09-07 18:22:00 589,884 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-09-07 08:13:21 672,084 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-09-07 18:22:00 672,084 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-09-07 08:41:14 9,070 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
    + 2008-09-07 18:50:54 9,770 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-605348069-2642834285-2355576018-1001_UserData.bin
    - 2008-09-07 08:41:12 50,804 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-09-07 18:50:54 51,038 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-08-04 13:22:34 45,086 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-09-07 18:18:07 45,444 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 178968]
    "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
    "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\Windows\KHALMNPR.Exe]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-11 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-15 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=lxsion.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    --a------ 2008-01-19 00:33 125952 C:\Windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2005-02-16 23:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    --a------ 2007-04-18 17:01 65536 c:\hp\support\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1001]
    "EnableNotificationsRef"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-605348069-2642834285-2355576018-1002]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E25F0AC6-4C65-4C3B-B508-924C29D84F96}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{A298A96C-E2E7-438B-8661-1763E5D7F3C7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
    "{B901AF5F-11C8-458F-8754-B80E42D455F1}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{F4B67E82-3A39-46B4-BA74-B936C065CDD3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
    "{ABCDF7FE-106C-41EC-A4D0-F31CF0449408}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{26E99000-D2D7-46CC-AAA1-1598CDA70D51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
    "{47492A9D-E144-448F-960B-A4DDCFD6FC02}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
    "{BB295072-FBAB-4FC0-841F-447A8BF161AC}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
    "{28AFE757-0871-4529-BD35-E80759DBE808}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{204BE8E7-7CDE-4578-8911-E794A13AA669}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{BA04BD17-094C-4498-8027-A5C9ABB7DC07}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{510ABD91-CB88-4B63-AEB5-953AE006552C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{BF2D090D-81D6-491D-959D-50C8036B8C26}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{3757E564-3A19-44B3-A4DA-E4950B965991}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{1EA24D7C-1C9A-44DE-A82A-6D93B3A5A8E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{77A185AA-7369-4422-A235-74EBFB0593D5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{29ABE26E-1964-40A2-A8A3-71B6711D3A0C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{42C16EF2-23A8-47D0-93AA-68512572B0E6}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{45DB1ED8-F43A-4BE1-BC94-350377241918}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "{A7274694-E340-4F42-96B1-0CAA687EB777}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "TCP Query User{3D2A536F-10A6-478E-BC4A-14D7D8FD6DDF}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "UDP Query User{EB3050F3-657B-47DA-B747-A5F5BB7B1AB5}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "TCP Query User{BF09B13E-E4BF-4447-AC4B-D7DC81BEF6AD}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{2AFC0708-AE4C-4229-A271-1D441D8A58A5}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{74188BCE-74F4-4CAF-B497-680869F13699}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{580BBE7D-85F5-41C8-8BFE-F6F1491E859A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "UDP Query User{399E89F8-AD03-431C-977D-7E7AA041D369}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "TCP Query User{539F476A-F663-431B-ABC3-E54D4BD3BC0C}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
    "UDP Query User{83A7E275-2109-42E4-B12B-C4FE47F0BAB0}C:\\users\\alexandre perrottet\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\alexandre perrottet\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
    "TCP Query User{3160FA58-4FA3-48CE-8063-7DEB4085D978}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= UDP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
    "UDP Query User{1BD20539-9BC9-453D-8C81-3F683BC623C2}C:\\program files\\nero\\nero8\\nero mediahome\\nmmediaserver.exe"= TCP:C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe:Nero MediaHome
    "TCP Query User{BDAB9E03-C6FF-45DC-B4D4-767D2B27732A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
    "UDP Query User{8986C12A-DC79-40E9-B6D4-C19AE41A4888}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
    "{EF422B85-E22A-4E54-8869-C3362FE4DCA8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{DD571031-7D5F-4844-A64D-55DE4D7FC759}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{B325F871-F4FC-48FE-A41B-B47C87F36E86}C:\\program files\\screamer radio\\screamer.exe"= UDP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "UDP Query User{159BFFCF-7AE9-4649-B7C5-B972CF8C935B}C:\\program files\\screamer radio\\screamer.exe"= TCP:C:\program files\screamer radio\screamer.exe:Screamer Radio
    "TCP Query User{467DBE13-6F53-4D99-892E-F16BF4EC24EA}C:\\windows\\ccalc.exe"= UDP:C:\windows\ccalc.exe:mIRC
    "UDP Query User{11EC18B3-73F3-4604-9F40-B40F130049DE}C:\\windows\\ccalc.exe"= TCP:C:\windows\ccalc.exe:mIRC
    "{E19C01EA-2583-44EA-84FE-2A03ED556F90}"= UDP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "{22417789-1ABF-461E-884F-7B03C6C8432D}"= TCP:C:\Program Files\NetAppel\NetAppel.exe:NetAppel
    "TCP Query User{154ACB29-97E4-4CC4-BAA0-073C89CC0913}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{4FBF8AE7-CEA6-4FD3-9DB5-9C8F78CCF3A3}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "{41C2D404-48D6-4F59-AE9E-4881E8D7BB32}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{957C0670-BF10-42C2-87F5-88E1A2FC4E00}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{ABEEF77A-31D9-4939-8A3C-D07C9EF6E51F}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{144E56D7-A3E8-4CE9-89F3-0A83140975D9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{F6EF7BA2-E1D5-4164-812A-1EDF80FCD0E5}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{D90EE791-26D7-4D52-98B7-FCBD9291EC5C}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
    "{5CD2FBF5-AF23-44FB-B7A5-5CB2C7C8BB10}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{99670711-C3F5-4929-A960-021D35EDD049}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{EDF98F5D-E296-49C3-9C43-EF35F8D6E0BD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{80096D32-D3CC-4602-905D-C72AEBD0100E}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{DECDA17F-05A1-4108-BAE5-E2CD261DFA60}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{2F74FC76-33C8-477F-9AAA-93575609C07D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{89D5E405-6FDA-489B-8D35-DA0D2612C617}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{EA4EEBD6-5970-4F3F-97C3-3477D8F323FF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{7C9CD70C-71A8-495F-98C3-084880C76493}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-03-21 368736]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
    R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
    R2 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-08 493200]
    R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 2769408]
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-04-20 265216]
    S0 Cdr4vsd;Cdr4vsd;C:\Windows\system32\drivers\Cdr4vsd.sys [2008-07-30 66000]
    S1 Cdralwnt;Cdralwnt;C:\Windows\system32\drivers\Cdralwnt.sys [2008-07-30 27388]
    S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-09 355584]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-07 20:49:19
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.0.cs
    C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.cmdline
    C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.dll
    C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.err
    C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.out
    C:\Users\Alexandre Perrottet\AppData\Local\Temp\hzodk1nn.tmp

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 6

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\System32\audiodg.exe
    C:\Windows\System32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\System32\schtasks.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Windows\System32\wercon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Windows\ehome\ehrecvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    C:\Windows\System32\wbem\WMIADAP.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\Sprite6.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-07 20:53:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-07 18:53:45
    ComboFix2.txt 2008-09-07 18:07:19
    ComboFix3.txt 2008-09-07 16:33:21

    Pre-Run: 423,096,418,304 octets libres
    Post-Run: 423,503,523,840 octets libres

    331 --- E O F --- 2008-09-02 19:50:13
    7 Septembre 2008 21:09:00

    hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:04:17, on 07.09.2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\system32\schtasks.exe
    C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\system32\WerCon.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Alexandre Perrottet\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A218RR6S\HiJackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: lxsion.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

    --
    End of file - 10620 bytes
    8 Septembre 2008 10:26:03

    Hello Angel Dark,

    Peux-tu encore juste me confirmer si maintenant tout est OK ou si je dois prendre encore d'autres mesures ?

    Merci encore infiniment pour ton aide précieuse !

    a b 8 Sécurité
    8 Septembre 2008 17:00:53

    Re,

    Supprime ces dossiers :
    C:\Windows\System32\vfig
    C:\Windows\System32\bco
    8 Septembre 2008 20:09:43

    ils sont supprimés
    et maintenant?
    a b 8 Sécurité
    8 Septembre 2008 20:55:56

    Tu as encore des soucis ?
    a b 8 Sécurité
    9 Septembre 2008 12:52:12

    Bon surf :) 
    9 Septembre 2008 12:58:35

    Merci encore pour ta précieuse aide !!!
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS