Se connecter / S'enregistrer
Votre question

Mon PC est infecté besoin d'aide pour raport HijackThis

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
18 Mai 2008 15:53:16

Bonjour

Depuit quelque jours j'ai remarqué que mon PC ne se comporté plus normalement je vous explique


- Je ne peut plus lancer de jeu via steam
- De temps en temps l'occupation de mon cpu monte a 30% alors que je ne fait rien de particulier et aucun procesus dans le gestionaire de taches windows n'utilise 30 % du cpu
- Mon pc tourne au ralenti et de temps en temps un message de windows me disant que windows explorer ne repond plus est qu'il faut le redemaré
- Je ne peut plus allé sur internet avec firefox ou internet exploreur car il sont d'une lenteur terrible je suis oblige d'utilisé safari



J'ai fait :

- Scan kaspersky il ma trouver des trojan et me l'ai a effacé (notament Monder.gen )
- scan Spybot qui me trouve vundo/virtumon et qui me l'efface mé quand je refait un scan il y est toujour
- Et maintenant j'ai fait un scan HijackThis mé je ne comprent pas tout et j'ai besoin de votre aide pour le dechifré ( si dessous )


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:24, on 18/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Fraps\fraps.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ZSSnp211.EXE
C:\Windows\Domino.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\RivaTuner v2.09\RivaTuner.exe
C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\explorer.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.atcomet.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {04D3CAF1-9165-4019-BE1E-FAE9827C4812} - C:\Windows\system32\oPiJARKa.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\Windows\system32\jkkhgFWO.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {1d78d7c4-4a1e-90fb-7d34-9fcaa50068d6} - {6d86005a-acf9-43d7-bf09-e1a44c7d87d1} - C:\Windows\system32\jxhkgpxy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /T
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkhgFWO.dll,#1
O4 - HKLM\..\Run: [BMdbc1b824] Rundll32.exe "C:\Windows\system32\gvgkcooj.dll",s
O4 - HKLM\..\Run: [d8f28bb8] rundll32.exe "C:\Windows\system32\khrkmmyy.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - C:p rogram... Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - C:p rogram... Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - C:p rogram... Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:p rogram... Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com...
O18 - Protocol: bw+0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 22302 bytes


Merci d'avance pour les ames charitable qui voudrais bien m'aider

Autres pages sur : infecte besoin aide raport hijackthis

a b 8 Sécurité
18 Mai 2008 18:02:01

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    Anonyme
    18 Mai 2008 18:12:47

    ComboFix 08-05-15.3 - Guillaume 2008-05-18 16:41:04.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1165 [GMT 2:00]
    Endroit: C:\Users\Guillaume\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\System32\aKRAJiPo.ini
    C:\Windows\System32\aKRAJiPo.ini2
    C:\Windows\system32\erwseosn.exe
    C:\Windows\system32\hesbagdd.exe
    C:\Windows\System32\jebwdvys.ini
    C:\Windows\system32\mtxakhve.exe
    C:\Windows\system32\onpayhbq.ini
    C:\Windows\system32\ousgvkvp.ini
    C:\Windows\system32\qnapvmmw.exe
    C:\Windows\system32\rpwkdlkl.exe
    C:\Windows\system32\ukrylnky.ini
    C:\Windows\system32\uxwthxlq.exe
    C:\Windows\system32\yymmkrhk.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-18 17:06 . 2008-05-18 17:06 345 --ahs---- C:\Windows\System32\aKRAJiPo.ini2
    2008-05-18 17:06 . 2008-05-18 17:06 345 --ahs---- C:\Windows\System32\aKRAJiPo.ini
    2008-05-18 17:05 . 2008-05-12 14:00 57,344 --a------ C:\Windows\System32\cbXOHWOe.dll
    2008-05-18 17:05 . 2008-05-18 17:05 294 ---hs---- C:\Windows\System32\yymmkrhk.ini
    2008-05-17 19:56 . 2008-05-17 19:56 116,224 --------- C:\Windows\System32\khrkmmyy.dll
    2008-05-17 18:49 . 2008-05-17 18:49 125,952 --a------ C:\Windows\System32\gvgkcooj.dll
    2008-05-17 13:43 . 2008-05-17 13:43 54,156 --ah----- C:\Windows\QTFont.qfn
    2008-05-17 13:43 . 2008-05-17 13:43 1,409 --a------ C:\Windows\QTFont.for
    2008-05-16 18:47 . 2008-05-16 18:47 125,952 --a------ C:\Windows\System32\bhxsrxps.dll
    2008-05-16 18:44 . 2008-05-16 18:45 125,952 --a------ C:\Windows\System32\dsftbkao.dll
    2008-05-15 18:59 . 2008-05-15 18:59 133,120 --a------ C:\Windows\System32\jxhkgpxy.dll
    2008-05-15 18:45 . 2008-05-15 18:45 133,120 --a------ C:\Windows\System32\plmkqybs.dll
    2008-05-15 15:19 . 2008-05-15 15:19 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-15 14:22 . 2008-05-15 14:22 134,144 --a------ C:\Windows\System32\xxgwwbhh.dll
    2008-05-14 17:55 . 2008-05-14 17:55 <REP> d-------- C:\Program Files\Uniblue
    2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\Users\All Users\WindowsSearch
    2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\ProgramData\WindowsSearch
    2008-05-13 21:20 . 2008-05-13 21:21 133,632 --a------ C:\Windows\System32\hcmyegww.dll
    2008-05-13 21:18 . 2008-05-13 21:19 123,392 --a------ C:\Windows\System32\cbxhvcra.dll
    2008-05-13 18:45 . 2008-05-17 17:20 307 --a------ C:\Windows\wininit.ini
    2008-05-13 18:20 . 2008-05-13 21:17 706 ---hs---- C:\Windows\System32\qjpqtkcv.ini
    2008-05-13 18:17 . 2008-05-13 18:17 131,584 --a------ C:\Windows\System32\ufrqmeuw.dll
    2008-05-13 18:02 . 2008-05-13 19:37 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000002.regtrans-ms
    2008-05-13 18:02 . 2008-05-18 16:55 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000001.regtrans-ms
    2008-05-13 18:02 . 2008-05-18 16:55 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TM.blf
    2008-05-12 14:05 . 2008-05-12 14:06 371,712 --------- C:\Windows\System32\oPiJARKa.dll
    2008-05-11 18:32 . 2008-05-11 18:32 316 --a------ C:\Windows\game.ini
    2008-05-11 18:09 . 2008-05-13 18:01 <REP> d-------- C:\Program Files\id Software
    2008-05-10 18:48 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Audacity
    2008-05-10 00:35 . 2008-05-10 00:35 <REP> d-------- C:\Program Files\GoldWave
    2008-05-10 00:18 . 2008-05-13 18:01 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Audacity
    2008-05-10 00:18 . 2008-05-10 00:18 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
    2008-05-10 00:11 . 2008-05-10 00:11 <REP> d-------- C:\Program Files\DigitalSoundPlanet
    2008-05-10 00:10 . 1998-02-06 21:37 299,520 --a------ C:\Windows\uninst.exe
    2008-05-10 00:06 . 2008-05-10 00:06 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\streamripper
    2008-05-10 00:03 . 2008-05-10 00:03 <REP> d-------- C:\Program Files\Streamripper
    2008-05-03 23:35 . 2008-05-03 23:49 <REP> d-------- C:\Program Files\LcdStudio
    2008-05-03 23:26 . 2008-05-03 23:26 <REP> d-------- C:\Program Files\RivaTuner v2.09
    2008-05-03 14:56 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe
    2008-05-03 14:56 . 1998-04-13 14:02 69,632 --a------ C:\Windows\TWUNK_32.728
    2008-05-03 14:56 . 1998-04-13 14:02 48,560 --a------ C:\Windows\TWUNK_16.728
    2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Users\All Users\Real
    2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\Users\All Users\TrackMania
    2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\ProgramData\TrackMania
    2008-04-29 19:02 . 2008-04-29 19:02 180,575 --a------ C:\acadminidump.dmp
    2008-04-29 17:47 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\AutoCAD 2008
    2008-04-29 17:45 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\Common Files\Autodesk Shared
    2008-04-29 17:45 . 2008-04-29 17:45 <REP> d-------- C:\Program Files\Autodesk
    2008-04-26 19:01 . 2008-04-26 19:00 691,545 --a------ C:\Windows\unins000.exe
    2008-04-26 19:01 . 2008-04-26 19:01 2,541 --a------ C:\Windows\unins000.dat
    2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Users\All Users\Skyline
    2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\ProgramData\Skyline
    2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Program Files\Skyline
    2008-04-22 18:35 . 2008-04-22 18:35 <REP> d-------- C:\Program Files\Apple Software Update

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-18 15:06 --------- d-----w C:\ProgramData\Kaspersky Lab
    2008-05-18 15:05 --------- d---a-w C:\ProgramData\TEMP
    2008-05-18 15:01 126,508,064 --sha-w C:\Windows\system32\drivers\fidbox.dat
    2008-05-18 14:55 1,695,284 --sha-w C:\Windows\system32\drivers\fidbox.idx
    2008-05-18 12:21 --------- d-----w C:\Program Files\SpeedFan
    2008-05-16 21:30 --------- d-----w C:\Program Files\Steam
    2008-05-15 16:46 --------- d-----w C:\Program Files\Rumble Box
    2008-05-15 04:41 --------- d-----w C:\Program Files\Windows Mail
    2008-05-14 14:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-05-13 16:01 --------- d-----w C:\Program Files\Codemasters
    2008-05-11 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-11 16:33 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-05-11 16:33 22,328 ----a-w C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys
    2008-05-10 09:50 --------- d-----w C:\Program Files\Common Files\Steam
    2008-05-03 13:11 1,248 --sha-w C:\wdhfao30.sys
    2008-05-03 12:56 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-04-29 15:59 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Autodesk
    2008-04-29 15:59 --------- d-----w C:\ProgramData\Autodesk
    2008-04-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-22 18:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\OpenOffice.org2
    2008-04-22 16:43 --------- d-----w C:\Program Files\Safari
    2008-04-17 19:06 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
    2008-04-17 19:06 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
    2008-04-16 19:21 --------- d-----w C:\Program Files\Google
    2008-04-13 09:56 --------- d-----w C:\Program Files\Yahoo!
    2008-04-13 09:56 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
    2008-04-13 09:41 --------- d-----w C:\Program Files\FlashGet
    2008-04-04 17:09 --------- d-----w C:\Users\Guillaume\AppData\Roaming\teamspeak2
    2008-04-04 09:57 --------- d-----w C:\Program Files\iTunes
    2008-04-04 09:57 --------- d-----w C:\Program Files\iPod
    2008-04-04 09:55 --------- d-----w C:\Program Files\QuickTime
    2008-03-29 14:30 --------- d-----w C:\Program Files\TeamSpeak3
    2008-03-24 15:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Apple Computer
    2008-03-22 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-03-18 17:56 --------- d-----w C:\ProgramData\NVIDIA
    2008-03-18 17:54 174 --sha-w C:\Program Files\desktop.ini
    2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Sidebar
    2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Journal
    2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Defender
    2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Collaboration
    2008-03-18 17:45 --------- d-----w C:\Program Files\Windows Calendar
    2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14370F76-7676-44A2-AD11-93A31C5FC9FC}]
    2008-05-12 14:00 57344 --a------ C:\Windows\system32\cbXOHWOe.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d86005a-acf9-43d7-bf09-e1a44c7d87d1}]
    2008-05-15 18:59 133120 --a------ C:\Windows\system32\jxhkgpxy.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F636577-C87B-4C23-9A98-B31389445D1E}]
    2008-05-12 14:06 371712 --------- C:\Windows\system32\oPiJARKa.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-01 18:27 32768]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-01-08 12:25 2124088]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
    "MSServer"="C:\Windows\system32\cbXOHWOe.dll" [2008-05-12 14:00 57344]
    "SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
    "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "ZSSnp211"="C:\Windows\ZSSnp211.exe" [2007-03-06 10:25 49152]
    "Domino"="C:\Windows\Domino.exe" [2007-03-06 10:25 49152]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
    "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
    "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 18:32 1261568]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-04 12:02 92704]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-04 12:02 8530464]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-04 12:02 88608]
    "RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]
    "d8f28bb8"="C:\Windows\system32\khrkmmyy.dll" [2008-05-17 19:56 116224]
    "BMdbc1b824"="C:\Windows\system32\gvgkcooj.dll" [2008-05-17 18:49 125952]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-01 18:27:52 450560]
    SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{14370F76-7676-44A2-AD11-93A31C5FC9FC}"= C:\Windows\system32\cbXOHWOe.dll [2008-05-12 14:00 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= i420vfw.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\oPiJARKa

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3012532108-3653173252-843021523-1000]
    "EnableNotificationsRef"=dword:00000002

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1A269090-57FC-4253-BBE1-2A398A0B0912}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{FAEE4CEE-9FFF-4DF6-AE7A-888984A4C724}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{7733464C-02F9-44FA-ACEC-2E07D136E2AF}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{D4AFD5C5-BE92-4002-8A67-269E795BC8F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "TCP Query User{83D9B4F1-BF61-41A6-B082-BAE8E03857AD}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "UDP Query User{A7D1D972-B99C-4505-873D-ED6CF46CB3EE}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "{0601BAB7-D10F-46A7-B44D-F77EF81B576C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{665F0B99-293D-4C8C-BEBE-0A8AD835D2C0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{2B3146E0-9C59-4290-907C-459FE04D12FF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{A6A7AEA9-26A5-402F-BF8D-5E89A23DB57E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{EDBF1396-D198-464C-9000-E0236F702461}"= UDP:8958:BitComet 8958 TCP
    "{BCE3D636-472B-4B03-8AE4-E6A331808BF3}"= TCP:8958:BitComet 8958 UDP
    "{11E36DE5-6F19-43AE-91F9-367D0C637F46}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
    "{2578D77B-07AC-439A-B1BB-890CC6B937E6}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
    "{73E310F9-4DA7-4C49-BBB9-E3A16B1CF442}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{75BE34DF-F4C9-4821-86E1-A6E4C3A21BB7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{AA7F1AE8-5D0F-4DEB-AC66-1A28E455E24A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{4AA080EC-AAF4-4E08-92F6-96DAC426FA91}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{DE00E99C-06C1-4F70-AFEF-B9743D036550}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{C6593E5D-49AF-4856-B290-BD0492698FF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{85302E47-603C-4D32-9073-4FB744F3E49D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{8831510A-D4C4-449B-B388-D59153E98B68}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{2BD2189C-9478-46C6-ADEF-DB582AA0AFE1}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
    "{FB07C9E5-58D5-46C5-95CA-77E32BFA2405}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
    "{021C1600-E779-4400-98EC-2D1405CCCD22}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{EB671C70-C506-4D46-AB64-DC6D7F5357E1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{256EEC85-33F9-42E8-B9CB-8905558ABC3B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{8819B311-A2E5-483A-9C9C-0F009B2E1F5B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{2142FF64-4960-4855-A012-1751AC559D2A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{832B12AC-C5F0-4B35-BBEF-64A2483CEE4F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{B07605A1-BE31-40E5-8468-4D853CECCC8E}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{17EBD14B-BFF4-495F-A9E8-0D8F59AE2898}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{E5726EE3-0AFB-4C7B-B0CE-A12DF5C4C92E}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{5F1E3062-8F24-431F-8CBC-B9E30A1F396D}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{2804DECC-0976-4B9D-9937-8D9DECA92E1F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{CDF6B369-5185-427A-B45A-01D02760A8D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{F64FC4F2-32AF-4778-8FE6-D5D81014B815}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{6132CDFB-4C42-4D1F-A1B4-B5C4AA5939FE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{0B62F929-5C04-4D9F-A4D4-018DE589555D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
    "{5A8BF9D2-02ED-4303-938D-486B15387C01}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
    "{9DA8FBB6-89CF-4C38-8B62-5D265F07405E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
    "{3B6CA7A4-CD81-4CF7-A979-260626D3EF09}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
    R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
    R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-12 00:31]
    R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-12 00:31]
    R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 16:46]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
    R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-12 00:31]
    R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-12 00:31]
    R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 00:44]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-04-03 04:32]
    R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
    S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-09 11:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4392e102-5aeb-11dc-8abe-001bfc4f16ae}]
    \shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
    \shell\dinstall\command - F:\Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88cf2ca-58d0-11dc-ad78-806e6f6e6963}]
    \shell\AutoRun\command - D:\.\Bin\Assetup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-13 16:02:57 C:\Windows\Tasks\At1.job"
    - C:\Windows\widupdate.exe
    "2008-05-13 16:02:57 C:\Windows\Tasks\At2.job"
    - C:\Windows\dr.exe
    "2008-05-13 16:02:57 C:\Windows\Tasks\At3.job"
    - C:\Windows\patcher.exe
    "2008-05-13 16:02:57 C:\Windows\Tasks\At4.job"
    - C:\Windows\dr.exe
    "2008-05-18 15:05:31 C:\Windows\Tasks\RtlVistaStart.job"
    - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    "2008-05-17 18:12:52 C:\Windows\Tasks\User_Feed_Synchronization-{B88CB541-93A9-40AD-9E12-9DFB1460494C}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-18 17:05:58
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...


    C:\Windows\TEMP\TMP0000002F53E72EF5356303C3 524288 bytes executable
    C:\Users\Guillaume\AppData\Local\eMule\config\server_met.old 25530 bytes

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 2

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\Windows\system32\winlogon.exe
    -> C:\Windows\system32\cbXOHWOe.dll

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Windows\system32\khrkmmyy.dll
    -> C:\Windows\system32\gvgkcooj.dll
    -> C:\Windows\system32\oPiJARKa.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Windows\System32\PnkBstrA.exe
    C:\Windows\System32\PnkBstrB.exe
    C:\Fraps\fraps.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\RivaTuner v2.09\RivaTuner.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\VSSVC.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-18 17:13:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-18 15:13:26

    Pre-Run: 50,705,195,008 octets libres
    Post-Run: 67,569,651,712 octets libres

    323 --- E O F --- 2008-05-17 09:13:03

    Contenus similaires
    Anonyme
    18 Mai 2008 18:15:06

    Je l'avait deja fait avant que tu ne me le demande
    a b 8 Sécurité
    18 Mai 2008 19:10:09

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Anonyme
    18 Mai 2008 19:49:59

    La aussi j'avait deja lancer le scan avant que tu ne me le dise mais il vient juste de finir voila se qu'il me dit me dit

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 762

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 230734
    Temps écoulé: 1 hour(s), 49 minute(s), 32 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 8
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\Windows\System32\khrkmmyy.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\Windows\System32\oPiJARKa.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\Windows\System32\cbXOHWOe.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f636577-c87b-4c23-9a98-b31389445d1e} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{9f636577-c87b-4c23-9a98-b31389445d1e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d8f28bb8 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMdbc1b824 (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opijarka -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opijarka -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Windows\System32\khrkmmyy.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\System32\yymmkrhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\oPiJARKa.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Windows\System32\aKRAJiPo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\aKRAJiPo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Windows\System32\cbXOHWOe.dll (Trojan.Agent) -> Delete on reboot.
    C:\Windows\System32\qraxdxal.dll (Trojan.Agent) -> Delete on reboot.
    C:\Windows\System32\cbxhvcra.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


    j'ai eu le message me disant de redémaré se que j'ai fait
    Anonyme
    18 Mai 2008 19:55:58

    Ca y est je peut de nouveau surfe avec firefox et je peut lancer des jeu avec steam

    mon pc semble etre redevenu comme avant

    Merci de ton aide
    a b 8 Sécurité
    18 Mai 2008 21:37:48

    Refais un scan Combofix.
    Anonyme
    19 Mai 2008 22:11:04

    voila mon dernier scan combofix

    ComboFix 08-05-15.3 - Guillaume 2008-05-19 18:57:34.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.740 [GMT 2:00]
    Endroit: C:\Downloads\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\balclhwj.exe

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-18 17:30 . 2008-05-18 17:30 122,556 --ah----- C:\Windows\System32\mlfcache.dat
    2008-05-18 17:21 . 2008-05-18 17:21 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Malwarebytes
    2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-05-18 17:20 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
    2008-05-18 17:19 . 2008-05-18 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-18 17:19 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-05-18 17:16 . 2008-05-18 19:27 124,928 --------- C:\Windows\System32\qraxdxal.dll
    2008-05-18 17:05 . 2008-05-18 19:27 57,344 --------- C:\Windows\System32\cbXOHWOe.dll
    2008-05-17 19:56 . 2008-05-18 19:27 116,224 --------- C:\Windows\System32\khrkmmyy.dll
    2008-05-17 18:49 . 2008-05-17 18:49 125,952 --a------ C:\Windows\System32\gvgkcooj.dll
    2008-05-17 13:43 . 2008-05-19 18:42 54,156 --ah----- C:\Windows\QTFont.qfn
    2008-05-17 13:43 . 2008-05-17 13:43 1,409 --a------ C:\Windows\QTFont.for
    2008-05-16 18:47 . 2008-05-16 18:47 125,952 --a------ C:\Windows\System32\bhxsrxps.dll
    2008-05-16 18:44 . 2008-05-16 18:45 125,952 --a------ C:\Windows\System32\dsftbkao.dll
    2008-05-15 18:59 . 2008-05-15 18:59 133,120 --a------ C:\Windows\System32\jxhkgpxy.dll
    2008-05-15 18:45 . 2008-05-15 18:45 133,120 --a------ C:\Windows\System32\plmkqybs.dll
    2008-05-15 15:19 . 2008-05-15 15:19 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-15 14:22 . 2008-05-15 14:22 134,144 --a------ C:\Windows\System32\xxgwwbhh.dll
    2008-05-14 17:55 . 2008-05-14 17:55 <REP> d-------- C:\Program Files\Uniblue
    2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\Users\All Users\WindowsSearch
    2008-05-13 21:36 . 2008-05-13 21:36 <REP> d-------- C:\ProgramData\WindowsSearch
    2008-05-13 21:20 . 2008-05-13 21:21 133,632 --a------ C:\Windows\System32\hcmyegww.dll
    2008-05-13 18:45 . 2008-05-17 17:20 307 --a------ C:\Windows\wininit.ini
    2008-05-13 18:20 . 2008-05-13 21:17 706 ---hs---- C:\Windows\System32\qjpqtkcv.ini
    2008-05-13 18:17 . 2008-05-13 18:17 131,584 --a------ C:\Windows\System32\ufrqmeuw.dll
    2008-05-13 18:02 . 2008-05-13 19:37 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000002.regtrans-ms
    2008-05-13 18:02 . 2008-05-19 19:31 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000001.regtrans-ms
    2008-05-13 18:02 . 2008-05-19 19:31 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TM.blf
    2008-05-12 14:05 . 2008-05-18 19:27 371,712 --------- C:\Windows\System32\oPiJARKa.dll
    2008-05-11 18:32 . 2008-05-11 18:32 316 --a------ C:\Windows\game.ini
    2008-05-11 18:09 . 2008-05-13 18:01 <REP> d-------- C:\Program Files\id Software
    2008-05-10 18:48 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Audacity
    2008-05-10 00:35 . 2008-05-10 00:35 <REP> d-------- C:\Program Files\GoldWave
    2008-05-10 00:18 . 2008-05-13 18:01 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Audacity
    2008-05-10 00:18 . 2008-05-10 00:18 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
    2008-05-10 00:11 . 2008-05-10 00:11 <REP> d-------- C:\Program Files\DigitalSoundPlanet
    2008-05-10 00:10 . 1998-02-06 21:37 299,520 --a------ C:\Windows\uninst.exe
    2008-05-10 00:06 . 2008-05-10 00:06 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\streamripper
    2008-05-10 00:03 . 2008-05-10 00:03 <REP> d-------- C:\Program Files\Streamripper
    2008-05-03 23:35 . 2008-05-03 23:49 <REP> d-------- C:\Program Files\LcdStudio
    2008-05-03 23:26 . 2008-05-03 23:26 <REP> d-------- C:\Program Files\RivaTuner v2.09
    2008-05-03 14:56 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe
    2008-05-03 14:56 . 1998-04-13 14:02 69,632 --a------ C:\Windows\TWUNK_32.728
    2008-05-03 14:56 . 1998-04-13 14:02 48,560 --a------ C:\Windows\TWUNK_16.728
    2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Users\All Users\Real
    2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\Users\All Users\TrackMania
    2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\ProgramData\TrackMania
    2008-04-29 19:02 . 2008-04-29 19:02 180,575 --a------ C:\acadminidump.dmp
    2008-04-29 17:47 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\AutoCAD 2008
    2008-04-29 17:45 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\Common Files\Autodesk Shared
    2008-04-29 17:45 . 2008-04-29 17:45 <REP> d-------- C:\Program Files\Autodesk
    2008-04-26 19:01 . 2008-04-26 19:00 691,545 --a------ C:\Windows\unins000.exe
    2008-04-26 19:01 . 2008-04-26 19:01 2,541 --a------ C:\Windows\unins000.dat
    2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Users\All Users\Skyline
    2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\ProgramData\Skyline
    2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Program Files\Skyline
    2008-04-22 18:35 . 2008-04-22 18:35 <REP> d-------- C:\Program Files\Apple Software Update

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-19 17:33 126,710,560 --sha-w C:\Windows\system32\drivers\fidbox.dat
    2008-05-19 17:32 --------- d---a-w C:\ProgramData\TEMP
    2008-05-19 17:31 1,698,044 --sha-w C:\Windows\system32\drivers\fidbox.idx
    2008-05-19 16:47 --------- d-----w C:\Program Files\Steam
    2008-05-19 16:42 --------- d-----w C:\Program Files\SpeedFan
    2008-05-19 16:31 --------- d-----w C:\ProgramData\Kaspersky Lab
    2008-05-15 16:46 --------- d-----w C:\Program Files\Rumble Box
    2008-05-15 04:41 --------- d-----w C:\Program Files\Windows Mail
    2008-05-14 14:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-05-13 16:01 --------- d-----w C:\Program Files\Codemasters
    2008-05-11 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-11 16:33 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-05-11 16:33 22,328 ----a-w C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys
    2008-05-10 09:50 --------- d-----w C:\Program Files\Common Files\Steam
    2008-05-03 13:11 1,248 --sha-w C:\wdhfao30.sys
    2008-05-03 12:56 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-04-29 15:59 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Autodesk
    2008-04-29 15:59 --------- d-----w C:\ProgramData\Autodesk
    2008-04-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-22 18:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\OpenOffice.org2
    2008-04-22 16:43 --------- d-----w C:\Program Files\Safari
    2008-04-17 19:06 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
    2008-04-17 19:06 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
    2008-04-16 19:21 --------- d-----w C:\Program Files\Google
    2008-04-13 09:56 --------- d-----w C:\Program Files\Yahoo!
    2008-04-13 09:56 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
    2008-04-13 09:41 --------- d-----w C:\Program Files\FlashGet
    2008-04-04 17:09 --------- d-----w C:\Users\Guillaume\AppData\Roaming\teamspeak2
    2008-04-04 09:57 --------- d-----w C:\Program Files\iTunes
    2008-04-04 09:57 --------- d-----w C:\Program Files\iPod
    2008-04-04 09:55 --------- d-----w C:\Program Files\QuickTime
    2008-03-29 14:30 --------- d-----w C:\Program Files\TeamSpeak3
    2008-03-24 15:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Apple Computer
    2008-03-22 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-03-18 17:54 174 --sha-w C:\Program Files\desktop.ini
    2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-18_17.11.35.86 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-18 14:56:26 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-19 17:32:16 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-05-18 14:56:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-05-19 17:32:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-05-18 15:05:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-19 17:33:20 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-05-18 15:06:25 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-19 17:33:20 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-05-18 15:05:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-18 15:05:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-19 16:29:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-18 15:05:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-18 15:02:07 104,742 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-05-19 16:35:37 104,742 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-05-18 15:02:07 127,798 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-05-19 16:35:37 127,798 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-05-18 15:02:07 595,308 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-05-19 16:35:37 595,308 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-05-18 15:02:07 678,730 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-05-19 16:35:37 678,730 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-05-18 15:07:33 8,228 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
    + 2008-05-19 17:35:09 8,474 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
    - 2008-05-18 15:07:30 98,438 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-19 17:35:08 98,696 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-18 09:41:43 47,912 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-05-19 16:31:26 48,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d86005a-acf9-43d7-bf09-e1a44c7d87d1}]
    2008-05-15 18:59 133120 --a------ C:\Windows\system32\jxhkgpxy.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-01 18:27 32768]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-01-08 12:25 2124088]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
    "SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
    "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "ZSSnp211"="C:\Windows\ZSSnp211.exe" [2007-03-06 10:25 49152]
    "Domino"="C:\Windows\Domino.exe" [2007-03-06 10:25 49152]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
    "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
    "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 18:32 1261568]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-04 12:02 92704]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-04 12:02 8530464]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-04 12:02 88608]
    "RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-01 18:27:52 450560]
    SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= i420vfw.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3012532108-3653173252-843021523-1000]
    "EnableNotificationsRef"=dword:00000002

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1A269090-57FC-4253-BBE1-2A398A0B0912}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{FAEE4CEE-9FFF-4DF6-AE7A-888984A4C724}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{7733464C-02F9-44FA-ACEC-2E07D136E2AF}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{D4AFD5C5-BE92-4002-8A67-269E795BC8F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "TCP Query User{83D9B4F1-BF61-41A6-B082-BAE8E03857AD}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "UDP Query User{A7D1D972-B99C-4505-873D-ED6CF46CB3EE}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "{0601BAB7-D10F-46A7-B44D-F77EF81B576C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{665F0B99-293D-4C8C-BEBE-0A8AD835D2C0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{2B3146E0-9C59-4290-907C-459FE04D12FF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{A6A7AEA9-26A5-402F-BF8D-5E89A23DB57E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{EDBF1396-D198-464C-9000-E0236F702461}"= UDP:8958:BitComet 8958 TCP
    "{BCE3D636-472B-4B03-8AE4-E6A331808BF3}"= TCP:8958:BitComet 8958 UDP
    "{11E36DE5-6F19-43AE-91F9-367D0C637F46}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
    "{2578D77B-07AC-439A-B1BB-890CC6B937E6}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
    "{73E310F9-4DA7-4C49-BBB9-E3A16B1CF442}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{75BE34DF-F4C9-4821-86E1-A6E4C3A21BB7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{AA7F1AE8-5D0F-4DEB-AC66-1A28E455E24A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{4AA080EC-AAF4-4E08-92F6-96DAC426FA91}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{DE00E99C-06C1-4F70-AFEF-B9743D036550}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{C6593E5D-49AF-4856-B290-BD0492698FF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{85302E47-603C-4D32-9073-4FB744F3E49D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{8831510A-D4C4-449B-B388-D59153E98B68}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{2BD2189C-9478-46C6-ADEF-DB582AA0AFE1}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
    "{FB07C9E5-58D5-46C5-95CA-77E32BFA2405}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
    "{021C1600-E779-4400-98EC-2D1405CCCD22}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{EB671C70-C506-4D46-AB64-DC6D7F5357E1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{256EEC85-33F9-42E8-B9CB-8905558ABC3B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{8819B311-A2E5-483A-9C9C-0F009B2E1F5B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{2142FF64-4960-4855-A012-1751AC559D2A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{832B12AC-C5F0-4B35-BBEF-64A2483CEE4F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{B07605A1-BE31-40E5-8468-4D853CECCC8E}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{17EBD14B-BFF4-495F-A9E8-0D8F59AE2898}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{E5726EE3-0AFB-4C7B-B0CE-A12DF5C4C92E}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{5F1E3062-8F24-431F-8CBC-B9E30A1F396D}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{2804DECC-0976-4B9D-9937-8D9DECA92E1F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{CDF6B369-5185-427A-B45A-01D02760A8D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{F64FC4F2-32AF-4778-8FE6-D5D81014B815}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{6132CDFB-4C42-4D1F-A1B4-B5C4AA5939FE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{0B62F929-5C04-4D9F-A4D4-018DE589555D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
    "{5A8BF9D2-02ED-4303-938D-486B15387C01}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
    "{9DA8FBB6-89CF-4C38-8B62-5D265F07405E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
    "{3B6CA7A4-CD81-4CF7-A979-260626D3EF09}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
    R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
    R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-12 00:31]
    R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-12 00:31]
    R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 16:46]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
    R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-12 00:31]
    R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-12 00:31]
    R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 00:44]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-04-03 04:32]
    R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
    S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-09 11:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4392e102-5aeb-11dc-8abe-001bfc4f16ae}]
    \shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
    \shell\dinstall\command - F:\Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88cf2ca-58d0-11dc-ad78-806e6f6e6963}]
    \shell\AutoRun\command - D:\.\Bin\Assetup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-13 16:02:57 C:\Windows\Tasks\At1.job"
    - C:\Windows\widupdate.exe
    "2008-05-13 16:02:57 C:\Windows\Tasks\At2.job"
    - C:\Windows\dr.exe
    "2008-05-13 16:02:57 C:\Windows\Tasks\At3.job"
    - C:\Windows\patcher.exe
    "2008-05-13 16:02:57 C:\Windows\Tasks\At4.job"
    - C:\Windows\dr.exe
    "2008-05-19 17:32:44 C:\Windows\Tasks\RtlVistaStart.job"
    - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    "2008-05-18 18:52:33 C:\Windows\Tasks\User_Feed_Synchronization-{B88CB541-93A9-40AD-9E12-9DFB1460494C}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-19 19:33:31
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Windows\System32\PnkBstrA.exe
    C:\Windows\System32\PnkBstrB.exe
    C:\Fraps\fraps.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-19 19:43:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-19 17:42:59

    Pre-Run: 67,181,989,888 octets libres
    Post-Run: 66,794,627,072 octets libres

    315 --- E O F --- 2008-05-17 09:13:03

    a b 8 Sécurité
    20 Mai 2008 12:31:29

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Windows\System32\cbXOHWOe.dll
    C:\Windows\System32\khrkmmyy.dll
    C:\Windows\System32\gvgkcooj.dll
    C:\Windows\System32\bhxsrxps.dll
    C:\Windows\System32\dsftbkao.dll
    C:\Windows\System32\jxhkgpxy.dll
    C:\Windows\System32\plmkqybs.dll
    C:\Windows\System32\xxgwwbhh.dll
    C:\Windows\System32\hcmyegww.dll
    C:\Windows\System32\qjpqtkcv.ini
    C:\Windows\System32\ufrqmeuw.dll
    C:\Windows\System32\oPiJARKa.dll

    Folder::
    C:\Users\All Users\WindowsSearch
    C:\ProgramData\WindowsSearch

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d86005a-acf9-43d7-bf09-e1a44c7d87d1}]


    Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


    Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    Anonyme
    20 Mai 2008 19:15:05

    Re

    alors j'ai desactivé kaspersky j'ai fait se que tu ma ecrit ( le pc na pas redémarré )

    le raport combofix


    ComboFix 08-05-15.3 - Guillaume 2008-05-20 18:32:48.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1225 [GMT 2:00]
    Endroit: C:\Downloads\ComboFix.exe
    Command switches used :: C:\Downloads\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Windows\System32\bhxsrxps.dll
    C:\Windows\System32\cbXOHWOe.dll
    C:\Windows\System32\dsftbkao.dll
    C:\Windows\System32\gvgkcooj.dll
    C:\Windows\System32\hcmyegww.dll
    C:\Windows\System32\jxhkgpxy.dll
    C:\Windows\System32\khrkmmyy.dll
    C:\Windows\System32\oPiJARKa.dll
    C:\Windows\System32\plmkqybs.dll
    C:\Windows\System32\qjpqtkcv.ini
    C:\Windows\System32\ufrqmeuw.dll
    C:\Windows\System32\xxgwwbhh.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\ProgramData\WindowsSearch
    C:\Windows\System32\bhxsrxps.dll
    C:\Windows\System32\cbXOHWOe.dll
    C:\Windows\System32\dsftbkao.dll
    C:\Windows\System32\gvgkcooj.dll
    C:\Windows\System32\hcmyegww.dll
    C:\Windows\System32\jxhkgpxy.dll
    C:\Windows\System32\khrkmmyy.dll
    C:\Windows\System32\oPiJARKa.dll
    C:\Windows\System32\plmkqybs.dll
    C:\Windows\System32\qjpqtkcv.ini
    C:\Windows\System32\ufrqmeuw.dll
    C:\Windows\System32\xxgwwbhh.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-20 18:31 . 2008-05-20 18:31 <REP> d-------- C:\327882R2FWJFW
    2008-05-18 17:30 . 2008-05-18 17:30 122,556 --ah----- C:\Windows\System32\mlfcache.dat
    2008-05-18 17:21 . 2008-05-18 17:21 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Malwarebytes
    2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-05-18 17:20 . 2008-05-18 17:20 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-05-18 17:20 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
    2008-05-18 17:19 . 2008-05-18 17:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-18 17:19 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-05-18 17:16 . 2008-05-18 19:27 124,928 --------- C:\Windows\System32\qraxdxal.dll
    2008-05-15 15:19 . 2008-05-15 15:19 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-14 17:55 . 2008-05-14 17:55 <REP> d-------- C:\Program Files\Uniblue
    2008-05-13 18:45 . 2008-05-17 17:20 307 --a------ C:\Windows\wininit.ini
    2008-05-13 18:02 . 2008-05-13 19:37 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000002.regtrans-ms
    2008-05-13 18:02 . 2008-05-19 22:20 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TMContainer00000000000000000001.regtrans-ms
    2008-05-13 18:02 . 2008-05-19 22:20 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{43d95c75-2100-11dd-b0f2-001bfc4f16ae}.TM.blf
    2008-05-11 18:32 . 2008-05-11 18:32 316 --a------ C:\Windows\game.ini
    2008-05-11 18:09 . 2008-05-13 18:01 <REP> d-------- C:\Program Files\id Software
    2008-05-10 18:48 . 2008-05-10 18:48 <REP> d-------- C:\Program Files\Audacity
    2008-05-10 00:35 . 2008-05-10 00:35 <REP> d-------- C:\Program Files\GoldWave
    2008-05-10 00:18 . 2008-05-13 18:01 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\Audacity
    2008-05-10 00:18 . 2008-05-10 00:18 <REP> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
    2008-05-10 00:11 . 2008-05-10 00:11 <REP> d-------- C:\Program Files\DigitalSoundPlanet
    2008-05-10 00:10 . 1998-02-06 21:37 299,520 --a------ C:\Windows\uninst.exe
    2008-05-10 00:06 . 2008-05-10 00:06 <REP> d-------- C:\Users\Guillaume\AppData\Roaming\streamripper
    2008-05-10 00:03 . 2008-05-10 00:03 <REP> d-------- C:\Program Files\Streamripper
    2008-05-03 23:35 . 2008-05-03 23:49 <REP> d-------- C:\Program Files\LcdStudio
    2008-05-03 23:26 . 2008-05-03 23:26 <REP> d-------- C:\Program Files\RivaTuner v2.09
    2008-05-03 14:56 . 1997-04-18 11:49 298,496 --a------ C:\Windows\unin040c.exe
    2008-05-03 14:56 . 1998-04-13 14:02 69,632 --a------ C:\Windows\TWUNK_32.728
    2008-05-03 14:56 . 1998-04-13 14:02 48,560 --a------ C:\Windows\TWUNK_16.728
    2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Users\All Users\Real
    2008-05-01 14:12 . 2008-05-01 14:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\Users\All Users\TrackMania
    2008-04-29 21:23 . 2008-04-29 21:30 <REP> d-------- C:\ProgramData\TrackMania
    2008-04-29 19:02 . 2008-04-29 19:02 180,575 --a------ C:\acadminidump.dmp
    2008-04-29 17:47 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\AutoCAD 2008
    2008-04-29 17:45 . 2008-04-29 17:52 <REP> d-------- C:\Program Files\Common Files\Autodesk Shared
    2008-04-29 17:45 . 2008-04-29 17:45 <REP> d-------- C:\Program Files\Autodesk
    2008-04-26 19:01 . 2008-04-26 19:00 691,545 --a------ C:\Windows\unins000.exe
    2008-04-26 19:01 . 2008-04-26 19:01 2,541 --a------ C:\Windows\unins000.dat
    2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Users\All Users\Skyline
    2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\ProgramData\Skyline
    2008-04-24 16:07 . 2008-04-24 16:07 <REP> d-------- C:\Program Files\Skyline
    2008-04-22 18:35 . 2008-04-22 18:35 <REP> d-------- C:\Program Files\Apple Software Update

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-20 16:35 126,882,592 --sha-w C:\Windows\system32\drivers\fidbox.dat
    2008-05-20 15:29 --------- d-----w C:\Program Files\Steam
    2008-05-20 15:27 --------- d-----w C:\Program Files\SpeedFan
    2008-05-20 15:26 --------- d-----w C:\ProgramData\Kaspersky Lab
    2008-05-20 15:24 --------- d---a-w C:\ProgramData\TEMP
    2008-05-19 20:20 1,699,028 --sha-w C:\Windows\system32\drivers\fidbox.idx
    2008-05-15 16:46 --------- d-----w C:\Program Files\Rumble Box
    2008-05-15 04:41 --------- d-----w C:\Program Files\Windows Mail
    2008-05-14 14:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-05-13 16:01 --------- d-----w C:\Program Files\Codemasters
    2008-05-11 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-11 16:33 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
    2008-05-11 16:33 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
    2008-05-11 16:33 22,328 ----a-w C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys
    2008-05-11 16:33 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
    2008-05-10 09:50 --------- d-----w C:\Program Files\Common Files\Steam
    2008-05-03 13:11 1,248 --sha-w C:\wdhfao30.sys
    2008-05-03 12:56 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-04-29 15:59 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Autodesk
    2008-04-29 15:59 --------- d-----w C:\ProgramData\Autodesk
    2008-04-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-04-22 18:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\OpenOffice.org2
    2008-04-22 16:43 --------- d-----w C:\Program Files\Safari
    2008-04-17 19:06 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
    2008-04-17 19:06 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
    2008-04-16 19:21 --------- d-----w C:\Program Files\Google
    2008-04-13 09:56 --------- d-----w C:\Program Files\Yahoo!
    2008-04-13 09:56 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
    2008-04-13 09:41 --------- d-----w C:\Program Files\FlashGet
    2008-04-04 17:09 --------- d-----w C:\Users\Guillaume\AppData\Roaming\teamspeak2
    2008-04-04 09:57 --------- d-----w C:\Program Files\iTunes
    2008-04-04 09:57 --------- d-----w C:\Program Files\iPod
    2008-04-04 09:55 --------- d-----w C:\Program Files\QuickTime
    2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
    2008-03-29 14:30 --------- d-----w C:\Program Files\TeamSpeak3
    2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
    2008-03-24 15:47 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Apple Computer
    2008-03-22 09:14 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-03-18 17:54 174 --sha-w C:\Program Files\desktop.ini
    2008-03-18 17:32 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-03-18 17:32 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-03-18 16:42 47,560 ----a-w C:\Windows\System32\SPReview.exe
    2008-03-18 16:42 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
    2008-03-08 15:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2008-03-06 15:23 442,368 ----a-w C:\Windows\System32\nvuninst.exe
    2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
    2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
    2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
    2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
    2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
    2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
    2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
    2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
    2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
    2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
    2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot_2008-05-19_19.41.48.81 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-19 17:32:16 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-20 15:24:21 67,584 --s-a-w C:\Windows\bootstat.dat
    - 2008-05-19 17:32:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-05-20 15:24:21 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-20 15:25:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-20 15:25:58 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-05-19 17:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-20 16:35:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    - 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-20 15:24:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-19 16:29:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-20 15:24:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-05-19 16:29:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-20 15:24:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-19 16:35:37 104,742 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-05-19 17:38:38 104,742 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-05-19 16:35:37 127,798 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-05-19 17:38:38 127,798 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-05-19 16:35:37 595,308 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-05-19 17:38:38 595,308 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-05-19 16:35:37 678,730 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-05-19 17:38:38 678,730 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-05-19 17:35:09 8,474 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
    + 2008-05-20 15:26:19 8,628 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3012532108-3653173252-843021523-1000_UserData.bin
    - 2008-05-19 17:35:08 98,696 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-20 15:26:19 98,766 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-19 16:31:26 48,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-05-20 15:26:17 48,316 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-09-01 18:27 32768]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-01-08 12:25 2124088]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 00:36 2153472 C:\Windows\System32\oobefldr.dll]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
    "eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
    "SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
    "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "ZSSnp211"="C:\Windows\ZSSnp211.exe" [2007-03-06 10:25 49152]
    "Domino"="C:\Windows\Domino.exe" [2007-03-06 10:25 49152]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
    "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
    "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 18:32 1261568]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-03-04 12:02 92704]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-03-04 12:02 8530464]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-03-04 12:02 88608]
    "RivaTuner"="C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" [2008-04-28 20:25 24576]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-01 18:27:52 450560]
    SetPointII.lnk - C:\Program Files\Logitech\SetPoint II\SetpointII.exe [2007-08-30 19:13:06 319488]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "LogonHoursAction"= 2 (0x2)
    "DontDisplayLogonHoursWarnings"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= i420vfw.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3012532108-3653173252-843021523-1000]
    "EnableNotificationsRef"=dword:00000002

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1A269090-57FC-4253-BBE1-2A398A0B0912}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{FAEE4CEE-9FFF-4DF6-AE7A-888984A4C724}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{7733464C-02F9-44FA-ACEC-2E07D136E2AF}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "{D4AFD5C5-BE92-4002-8A67-269E795BC8F5}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
    "TCP Query User{83D9B4F1-BF61-41A6-B082-BAE8E03857AD}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "UDP Query User{A7D1D972-B99C-4505-873D-ED6CF46CB3EE}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
    "{0601BAB7-D10F-46A7-B44D-F77EF81B576C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{665F0B99-293D-4C8C-BEBE-0A8AD835D2C0}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
    "{2B3146E0-9C59-4290-907C-459FE04D12FF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{A6A7AEA9-26A5-402F-BF8D-5E89A23DB57E}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{EDBF1396-D198-464C-9000-E0236F702461}"= UDP:8958:BitComet 8958 TCP
    "{BCE3D636-472B-4B03-8AE4-E6A331808BF3}"= TCP:8958:BitComet 8958 UDP
    "{11E36DE5-6F19-43AE-91F9-367D0C637F46}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
    "{2578D77B-07AC-439A-B1BB-890CC6B937E6}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
    "{73E310F9-4DA7-4C49-BBB9-E3A16B1CF442}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{75BE34DF-F4C9-4821-86E1-A6E4C3A21BB7}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:o rb
    "{AA7F1AE8-5D0F-4DEB-AC66-1A28E455E24A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{4AA080EC-AAF4-4E08-92F6-96DAC426FA91}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:o rbTray
    "{DE00E99C-06C1-4F70-AFEF-B9743D036550}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{C6593E5D-49AF-4856-B290-BD0492698FF1}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:o rbIR
    "{85302E47-603C-4D32-9073-4FB744F3E49D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{8831510A-D4C4-449B-B388-D59153E98B68}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:o rb Stream Client
    "{2BD2189C-9478-46C6-ADEF-DB582AA0AFE1}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
    "{FB07C9E5-58D5-46C5-95CA-77E32BFA2405}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
    "{021C1600-E779-4400-98EC-2D1405CCCD22}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{EB671C70-C506-4D46-AB64-DC6D7F5357E1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{256EEC85-33F9-42E8-B9CB-8905558ABC3B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{8819B311-A2E5-483A-9C9C-0F009B2E1F5B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
    "{2142FF64-4960-4855-A012-1751AC559D2A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{832B12AC-C5F0-4B35-BBEF-64A2483CEE4F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
    "{B07605A1-BE31-40E5-8468-4D853CECCC8E}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{17EBD14B-BFF4-495F-A9E8-0D8F59AE2898}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{E5726EE3-0AFB-4C7B-B0CE-A12DF5C4C92E}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{5F1E3062-8F24-431F-8CBC-B9E30A1F396D}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{2804DECC-0976-4B9D-9937-8D9DECA92E1F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{CDF6B369-5185-427A-B45A-01D02760A8D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{F64FC4F2-32AF-4778-8FE6-D5D81014B815}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{6132CDFB-4C42-4D1F-A1B4-B5C4AA5939FE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{0B62F929-5C04-4D9F-A4D4-018DE589555D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
    "{5A8BF9D2-02ED-4303-938D-486B15387C01}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
    "{9DA8FBB6-89CF-4C38-8B62-5D265F07405E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
    "{3B6CA7A4-CD81-4CF7-A979-260626D3EF09}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
    R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
    R1 KS0108;KS0108;C:\Program Files\LcdStudio\ks0108.sys [2006-02-12 00:31]
    R1 LC7981;LC7981;C:\Program Files\LcdStudio\LC7981.sys [2006-02-12 00:31]
    R1 n3900;n3900;C:\Program Files\LcdStudio\n3900.sys [2006-08-08 16:46]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-02 10:57]
    R1 SED133x;SED133x;C:\Program Files\LcdStudio\SED133x.sys [2006-02-12 00:31]
    R1 T6963C;T6963C;C:\Program Files\LcdStudio\T6963c.sys [2006-02-12 00:31]
    R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 00:44]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-04-03 04:32]
    R3 yukonwlh;Pilote miniport NDIS6.0 pour contrôleur Ethernet Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 09:30]
    S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-09 11:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4392e102-5aeb-11dc-8abe-001bfc4f16ae}]
    \shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
    \shell\dinstall\command - F:\Directx\dxsetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f88cf2ca-58d0-11dc-ad78-806e6f6e6963}]
    \shell\AutoRun\command - D:\.\Bin\Assetup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-13 16:02:57 C:\Windows\Tasks\At1.job"
    - C:\Windows\widupdate.exe
    "2008-05-13 16:02:57 C:\Windows\Tasks\At2.job"
    - C:\Windows\dr.exe
    "2008-05-13 16:02:57 C:\Windows\Tasks\At3.job"
    - C:\Windows\patcher.exe
    "2008-05-13 16:02:57 C:\Windows\Tasks\At4.job"
    - C:\Windows\dr.exe
    "2008-05-20 15:28:06 C:\Windows\Tasks\RtlVistaStart.job"
    - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
    "2008-05-19 19:33:30 C:\Windows\Tasks\User_Feed_Synchronization-{B88CB541-93A9-40AD-9E12-9DFB1460494C}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-20 18:35:56
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-20 18:37:11
    ComboFix-quarantined-files.txt 2008-05-20 16:36:41

    Pre-Run: 64,288,026,624 octets libres
    Post-Run: 64,185,815,040 octets libres

    328 --- E O F --- 2008-05-17 09:13:03











    et le rapport Hijackthis



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:06:59, on 20/05/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Fraps\fraps.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\ZSSnp211.EXE
    C:\Windows\Domino.EXE
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Logitech\SetPoint II\SetpointII.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\RivaTuner v2.09\RivaTuner.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
    C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
    O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /T
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: SetPointII.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bw+0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 21128 bytes

    a b 8 Sécurité
    20 Mai 2008 19:18:46

    Re,

    Supprime :
    C:\Windows\System32\qraxdxal.dll
    Anonyme
    20 Mai 2008 20:46:42

    avec Hijackthis ou simplemant par windows

    j'espére que t'est sur de ton cout je te fait comfiance ^^
    a b 8 Sécurité
    21 Mai 2008 15:04:00

    Via Windows ;) 
    21 Mai 2008 21:05:29

    re

    c moi j'ai supprime le fichier comme tu ma dit mais depuis je c pas ce qui c passer mais mon compte c effacé et on dirait pareil pour mon compte steam :??:  :(  :( 

    donc je pense que c lié

    si tu pourait m'aider sinon je :cry:  :cry:  :cry: 
    21 Mai 2008 21:36:42

    c bon c'est réparé j'ai fait une restauration systeme ouff
    je me suis fait peur
    a b 8 Sécurité
    22 Mai 2008 13:14:07

    Reposte un rapport Hijackthis pour voir.
    22 Mai 2008 17:18:43

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:20:22, on 22/05/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Fraps\fraps.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Windows\ZSSnp211.EXE
    C:\Windows\Domino.EXE
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Logitech\SetPoint II\SetpointII.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\RivaTuner v2.09\RivaTuner.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
    C:\Program Files\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\TeamSpeak3\TeamSpeak.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: {1d78d7c4-4a1e-90fb-7d34-9fcaa50068d6} - {6d86005a-acf9-43d7-bf09-e1a44c7d87d1} - C:\Windows\system32\jxhkgpxy.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe
    O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.09\RivaTunerWrapper.exe" /T
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: SetPointII.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: bw+0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {A35FE914-0BDC-4B94-9831-C0F2427E42F1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 21344 bytes
    a b 8 Sécurité
    22 Mai 2008 17:46:54

    Refais un scan Combofix :/ 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS