Sujet Précédent Sujet Suivant

VIRUS impossible à supprimer - log hijackthis

Fermé
the_dagon Messages postés 7 Date d'inscription mardi 6 mai 2008 Statut Membre Dernière intervention 10 novembre 2009 - 6 mai 2008 à 02:13
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 10 mai 2008 à 14:46
Bonjour,

si quelqu'un pourrait m'aider, je suis visiblement infecté par un virus, qui essaye de m'installer virtumondo sans arret.

j'ai trouvé des entrées rundll32 qui lancent des DLL dans un répertoire temporaire, mais pas moyen de le virer, ils se régénèrent immédiatement...

Voici 4 H que je suis dessus, si quelqu'un pouvait m'aider, je suis COMPLETEMENT déséspéré et à 2 doigts du reformatage.

MERCI

ci après le log hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 01:58:33, on 06/05/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\AI Remote\AiRc.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\vVX1000.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dagon\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ai Remote Help] "C:\Program Files\ASUS\AI Remote\AiRc.exe"
O4 - HKLM\..\Run: [ASUS ASAP USB] C:\Program Files\ASUS\ASAP\asapusb.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\urqRLdCU.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\geBrpqnN.dll,c
O4 - HKCU\..\Run: [BMa7c7656e] Rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\jjxksxgu.dll",s
O4 - HKCU\..\Run: [a4f456f2] rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\hbqshafk.dll",b
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
A voir également:

10 réponses

Réponse 1 / 10
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
6 mai 2008 à 12:02
Salut

Désactive les logiciels de protection (Antivirus, Antispywares) puis :

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.
1
Réponse 2 / 10
jean_louis_57 Messages postés 1351 Date d'inscription dimanche 13 avril 2008 Statut Membre Dernière intervention 12 février 2020 81
6 mai 2008 à 05:18
bonjour

ton anti virus c'est quoi


regarde la

http://www.commentcamarche.net/forum/affich 4589985 se debarrasser de virtumonde

se-debarrasser-de-virtumonde
0
the_dagon
6 mai 2008 à 07:57
J'utilise NOD32, ça se voit sur le log ;-)

Pourtant celui-ci ne voit RIEN au scan, mis à part virtumondo quand il est en mode surveillance, qu'il détruit au fur et à mesure qu'il est régénéré (toutes les 5 mn, quoi).

Pourtant le virus/trojan est bien là.
J'ai les 4 process rundll qui réapparaissent tout seuls dans la base de registre, même si je les supprime dans l'onglet /RUN de la base de registre :
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\urqRLdCU.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\geBrpqnN.dll,c
O4 - HKCU\..\Run: [BMa7c7656e] Rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\jjxksxgu.dll",s
O4 - HKCU\..\Run: [a4f456f2] rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\hbqshafk.dll",b

Bien évidemment impossible de virer les fichiers, et tant que je n'ai pas identifié le process qui les créé, c'est peine perdue !!!
0
Réponse 3 / 10
the_dagon Messages postés 7 Date d'inscription mardi 6 mai 2008 Statut Membre Dernière intervention 10 novembre 2009
6 mai 2008 à 13:33
Merci de ta réponse.

Bon, avant d'avoir ta réponse j'avais enlevé les 4 entrées/fichiers louches avec hijackthis, ils ne sont pas réapparus, ni sur le disk dur, ni à priori dans le registry :
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\urqRLdCU.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\geBrpqnN.dll,c
O4 - HKCU\..\Run: [BMa7c7656e] Rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\jjxksxgu.dll",s
O4 - HKCU\..\Run: [a4f456f2] rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\hbqshafk.dll",b

J'ai ensuite lancé combofix (nod32 tournait cependant et a viré un fichier eicar.txt, détecté comme un virus). Combofix m'a supprimé un fichier dans %appdata/roaming/inst.exe

(log ci joint)

J'ai ensuite lancé hijackthis.

GRAND MERCI pour ton temps et tes connaissances. A ton avis le système est-il propre maintenant ?

voici les deux logs :

COMBOFIX :

ComboFix 08-05-01.3 - Dagon 2008-05-06 13:10:52.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1151 [GMT 2:00]
Endroit: C:\Users\Dagon\Desktop\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Dagon\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))))))))
.

2008-05-06 08:28 . 2008-05-06 08:28 0 --ah----- C:\ntuser.dat.LOG2
2008-05-06 08:28 . 2008-05-06 08:28 0 --ah----- C:\ntuser.dat.LOG1
2008-05-06 08:28 . 2008-05-06 08:28 0 --a------ C:\ntuser.dat
2008-05-06 01:47 . 2008-05-06 01:47 <REP> d-------- C:\VundoFix Backups
2008-05-03 11:09 . 2008-05-03 11:09 <REP> d-------- C:\Program Files\Bonjour
2008-05-03 11:05 . 2008-05-03 11:05 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-03 10:41 . 2008-05-03 10:53 <REP> d-------- C:\Program Files\Macromedia
2008-05-03 10:41 . 2008-05-03 10:53 <REP> d-------- C:\Program Files\Common Files\Macromedia
2008-05-03 10:01 . 2008-05-03 10:01 <REP> d-------- C:\Windows\Logo Design Studio Pro
2008-05-03 10:01 . 2008-05-03 10:04 <REP> d-------- C:\Program Files\Logo Design Studio Pro
2008-05-01 21:11 . 2008-05-01 21:11 <REP> d-------- C:\Windows\nvidia icons
2008-05-01 21:09 . 2008-05-01 21:09 <REP> d-------- C:\NVIDIA
2008-04-29 13:30 . 2008-04-29 13:30 <REP> d-------- C:\ProgramData\Futuremark
2008-04-29 13:26 . 2008-04-29 13:26 <REP> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-29 13:25 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-04-29 13:25 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-04-29 13:25 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-04-29 13:25 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-04-29 13:25 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-04-29 13:25 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-04-21 20:27 . 2008-04-21 20:27 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-15 20:43 . 2008-04-15 20:43 <REP> d-------- C:\Users\Dagon\AppData\Roaming\Ubisoft
2008-04-13 11:31 . 2008-04-13 11:31 <REP> d-------- C:\Users\Dagon\AppData\Roaming\Thinstall
2008-04-12 10:26 . 2008-04-12 10:26 <REP> d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-04-11 22:21 . 2008-05-06 13:14 54,760 --a------ C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-04-11 22:21 . 2008-05-06 13:14 54,760 --a------ C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-04-11 22:21 . 2008-05-06 13:14 788 --a------ C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-04-11 22:20 . 2008-04-11 22:20 87 -rah----- C:\Windows\ctfile.rfc
2008-04-06 12:50 . 2008-04-06 12:50 <REP> d-------- C:\ProgramData\vsosdk
2008-04-06 10:19 . 2004-05-04 11:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-04-06 10:19 . 2006-05-20 16:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-04-06 10:19 . 2006-05-11 19:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-04-06 10:19 . 2006-09-29 12:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-04-06 10:19 . 2006-09-29 12:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-04-06 10:19 . 2006-09-29 12:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-04-06 10:19 . 2007-03-18 20:37 65,602 --a------ C:\Windows\System32\cook3260.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 23:25 --------- d-----w C:\Program Files\LogMeIn
2008-05-03 12:39 1,786 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-05-03 09:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-01 19:14 --------- d-----w C:\ProgramData\NVIDIA
2008-04-29 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 11:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 11:26 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-22 06:53 27,672 ----a-r C:\Windows\system32\drivers\Entech.sys
2008-04-21 15:51 442,368 ----a-w C:\Windows\System32\nvuninst.exe
2008-04-20 12:35 --------- d-----w C:\ProgramData\Media Center Programs
2008-04-12 08:25 --------- d-----w C:\ProgramData\Creative
2008-04-11 20:22 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-04-11 20:22 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-04-10 20:16 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 21:10 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 11:41 --------- d-----w C:\Users\Dagon\AppData\Roaming\Vso
2008-04-06 11:41 --------- d-----w C:\Program Files\vso
2008-04-06 08:19 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-04-06 08:19 47,360 ----a-w C:\Users\Dagon\AppData\Roaming\pcouffin.sys
2008-04-06 08:13 81,920 ----a-w C:\Users\Dagon\AppData\Roaming\ezpinst.exe
2008-04-03 20:23 --------- d-----w C:\Program Files\7-Zip
2008-03-29 20:13 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-29 13:57 --------- d-----w C:\Program Files\Creative
2008-03-25 16:48 --------- d-----w C:\Program Files\Avi2Dvd
2008-03-25 14:26 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-24 21:12 --------- d---a-w C:\ProgramData\TEMP
2008-03-23 18:16 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-23 18:11 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-23 08:50 --------- d-----w C:\Program Files\SyncBackSE
2008-03-08 14:32 --------- d-----w C:\Program Files\Java
2008-03-07 11:31 --------- d-----w C:\Program Files\EditPlus 2
2008-03-07 11:23 --------- d-----w C:\Program Files\Windows Live
2008-03-07 11:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-07 11:22 --------- d-----w C:\ProgramData\WLInstaller
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-25 07:41 72,728 ----a-w C:\Windows\System32\CTHWIUT.DLL
2008-02-25 07:41 566,296 ----a-w C:\Windows\System32\CTSBLFX.DLL
2008-02-25 07:41 329,240 ----a-w C:\Windows\System32\CTEDSPSY.DLL
2008-02-25 07:41 286,232 ----a-w C:\Windows\System32\CTEDSPFX.DLL
2008-02-25 07:41 174,104 ----a-w C:\Windows\System32\CTEAPSFX.DLL
2008-02-25 07:41 170,520 ----a-w C:\Windows\System32\CT20XUT.DLL
2008-02-25 07:41 134,680 ----a-w C:\Windows\System32\CTEDSPIO.DLL
2008-02-25 07:41 100,888 ----a-w C:\Windows\System32\CTERFXFX.DLL
2008-02-25 07:41 1,323,544 ----a-w C:\Windows\System32\CTEXFIFX.DLL
2008-02-25 07:40 98,328 ----a-w C:\Windows\System32\COMMONFX.DLL
2008-02-25 07:40 551,960 ----a-w C:\Windows\System32\CTAUDFX.DLL
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-20 19:00 43,520 ----a-w C:\Windows\System32\CTBurst.dll
2008-02-20 18:59 86,016 ----a-w C:\Windows\System32\ctcoinst.dll
2008-02-20 18:59 34,816 ----a-w C:\Windows\System32\a3d.dll
2008-02-20 18:59 27,648 ----a-w C:\Windows\System32\ac3api.dll
2008-02-20 18:59 163,840 ----a-w C:\Windows\System32\ctdvinst.dll
2008-02-20 18:55 969,216 ----a-w C:\Windows\System32\CTxfispi.exe
2008-02-20 18:55 43,520 ----a-w C:\Windows\System32\Ctxfireg.exe
2008-02-20 18:55 10,752 ----a-w C:\Windows\System32\Ct20xspi.dll
2008-02-20 18:49 110,080 ----a-w C:\Windows\System32\ctemupia.dll
2008-02-20 18:47 49,152 ----a-w C:\Windows\System32\ctdproxy.dll
2008-02-20 18:47 46,592 ----a-w C:\Windows\System32\ctasio.dll
2008-02-20 18:47 174,592 ----a-w C:\Windows\System32\ct_oal.dll
2008-02-20 18:47 17,920 ----a-w C:\Windows\System32\ctedasio.dll
2008-02-20 18:46 69,120 ----a-w C:\Windows\System32\ctosuser.dll
2008-02-20 18:46 64,512 ----a-w C:\Windows\System32\piaproxy.dll
2008-02-20 18:46 6,144 ----a-w C:\Windows\System32\sfman32.dll
2008-02-20 18:46 13,312 ----a-w C:\Windows\System32\regplib.exe
2008-02-20 18:46 104,448 ----a-w C:\Windows\System32\sfms32.dll
2008-02-20 18:44 5,120 ----a-w C:\Windows\System32\ENLOCSTR.EXE
2008-02-20 18:44 10,240 ----a-w C:\Windows\System32\KILLAPPS.EXE
2008-02-20 18:43 32,768 ----a-w C:\Windows\System32\devreg.dll
2008-02-20 18:43 28,672 ----a-w C:\Windows\System32\MIDIDEF.EXE
2008-02-16 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-02-16 17:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-02-16 17:28 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-02-16 17:08 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-02-16 17:08 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2007-06-16 15:41 495,041,289 ----a-w C:\Users\Public\setup_fbi_faces3.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 11:42 53341]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"Ai Remote Help"="C:\Program Files\ASUS\AI Remote\AiRc.exe" [2007-01-19 14:24 3347456]
"ASUS ASAP USB"="C:\Program Files\ASUS\ASAP\asapusb.exe" [2007-01-10 11:55 384512]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22 1132056]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 19:45 1169776]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 19:57 1945960]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 19:49 149024]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 16:54 774168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 17:48 275800]
"VX1000"="C:\Windows\vVX1000.exe" [2006-12-05 15:38 707360]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-08-10 08:16 151552]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"CTXFIREG"="CTxfiReg.exe" [2008-02-20 20:55 43520 C:\Windows\System32\Ctxfireg.exe]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 18:10 180224]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 16:05 1410304]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 11:20 63048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\Windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\Windows\System32\Ctxfihlp.exe]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-04-23 10:41 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-04-23 10:41 92704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="C:\Windows\system32\READREG /SILENT /FAIL=1" [ ]
"CtxfiReg"="CTXFIREG.exe" [2008-02-20 20:55 43520 C:\Windows\System32\Ctxfireg.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{78E3D726-34C9-46D8-832B-B952ACB2DBAC}C:\\program files\\globalscape\\cuteftp\\cutftp32.exe"= UDP:C:\program files\globalscape\cuteftp\cutftp32.exe:Winsock FTP Client
"UDP Query User{ED419FC9-423B-4E8B-9D1F-FDC3394E4960}C:\\program files\\globalscape\\cuteftp\\cutftp32.exe"= TCP:C:\program files\globalscape\cuteftp\cutftp32.exe:Winsock FTP Client
"TCP Query User{509F58A8-74E2-4EFC-A43C-509B3F992F5E}D:\\programs\\btrl demo\\fs2_open_3_6_9.exe"= UDP:D:\programs\btrl demo\fs2_open_3_6_9.exe:FreeSpace
"UDP Query User{25E091C3-FF44-4D32-BD17-C6E355588A7B}D:\\programs\\btrl demo\\fs2_open_3_6_9.exe"= TCP:D:\programs\btrl demo\fs2_open_3_6_9.exe:FreeSpace
"TCP Query User{8DC7CFE1-D7EE-409F-BEA0-101CAEB49446}C:\\users\\dagon\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\dagon\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{CE8618BF-0817-4828-8292-CBB84A8EA625}C:\\users\\dagon\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\dagon\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{35A7BCEB-B46D-4478-87BD-57D9DE800A67}"= D:\Programs\Command & Conquer 3\RetailExe\1.3\cnc3game.dat:Command & Conquer 3 Les guerres du Tiberium™
"TCP Query User{0E5322A3-E068-49DC-B9D3-085765435E64}D:\\programs\\defcon\\defcon.exe"= UDP:D:\programs\defcon\defcon.exe:Defcon
"UDP Query User{3D1D15D8-C4F1-4D58-9B8B-9E8CC4369039}D:\\programs\\defcon\\defcon.exe"= TCP:D:\programs\defcon\defcon.exe:Defcon
"TCP Query User{2DC4C4A6-080A-435D-8859-1E6795A3A405}D:\\programs\\company of heroes\\reliccoh.exe"= UDP:D:\programs\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{FD354DCB-640A-48C6-B291-4CD2CDD771C1}D:\\programs\\company of heroes\\reliccoh.exe"= TCP:D:\programs\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{609456EF-4087-48A1-A322-A8EE13837B84}C:\\users\\dagon\\desktop\\vlc-0.8.4a-crazy\\vlc.exe"= UDP:C:\users\dagon\desktop\vlc-0.8.4a-crazy\vlc.exe:vlc.exe
"UDP Query User{30771ED8-6138-40B5-9678-E4E58B100A9C}C:\\users\\dagon\\desktop\\vlc-0.8.4a-crazy\\vlc.exe"= TCP:C:\users\dagon\desktop\vlc-0.8.4a-crazy\vlc.exe:vlc.exe
"TCP Query User{31DB9D20-3DD1-478C-8723-56F0EAA66153}D:\\programs\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= UDP:D:\programs\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{CEDE86E0-A543-4C38-BA2D-EA8E053CF003}D:\\programs\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= TCP:D:\programs\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"{43AC3EF9-8D5F-44EC-B9C4-69272B8160C9}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{9FD296F2-2F49-4D33-88BB-6648D5BDA86A}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{697FA4CF-94C9-4B4A-8567-E852439C17FD}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{D26A9EB6-185F-4756-BC69-9326612B3331}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{D168018F-D776-41CF-A48E-E202DFBDB9F8}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{CD77D913-EF2C-4E18-8429-8FE0907ECA06}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{165C482C-7DAE-4DAD-978A-EF6382CE8BC0}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{49603F64-5249-423B-AA2D-74E60721C39F}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{F287C935-AB6A-4A74-9223-EAB4069DD8D3}"= UDP:D:\Programs\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{CD82428E-6EAC-4044-B330-0B83C3D66729}"= TCP:D:\Programs\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{C4F02E5A-F246-426B-A847-7F686457D838}"= UDP:D:\Programs\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{28F24696-EB59-4580-B891-136736A2D70F}"= TCP:D:\Programs\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{8DE54A15-06E6-4571-8816-4468E5DDD204}"= UDP:D:\Programs\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{3D5F4718-56AF-426A-8957-376193C48CA7}"= TCP:D:\Programs\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{C78FF5C6-E921-4835-9D35-C95D43ACE433}"= UDP:D:\Programs\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{814928EC-2E5D-4847-A1DC-79DF9A68DDD1}"= TCP:D:\Programs\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{C8CAA159-730D-4564-A4FA-90DEBAF66EF4}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{D73D28BB-23CE-4D60-8D0A-AEED018FBADE}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{646DF6D6-F4EA-4F1A-9965-CF146E533C9F}D:\\programs\\star trek legacy\\legacy.exe"= UDP:D:\programs\star trek legacy\legacy.exe:Star Trek Legacy
"UDP Query User{D3A965E4-E8B8-4B95-AAEF-A4158CBAE3BA}D:\\programs\\star trek legacy\\legacy.exe"= TCP:D:\programs\star trek legacy\legacy.exe:Star Trek Legacy
"{6D792524-29E0-4678-AC43-8FD0DA98E1BE}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{07A7F200-6192-4BF0-8F09-93B54B053229}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{B386B480-67AB-4B95-BFD8-D2A329180C27}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6A3F322C-52B3-4F79-B9A0-9C7550E7AF90}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{3A5A4E16-63F5-4AC4-B116-A3EBA115D747}C:\\program files\\xi\\netxfer\\nettransport.exe"= UDP:C:\program files\xi\netxfer\nettransport.exe:NetXfer Download Manager
"UDP Query User{F4DE6B96-FEB4-416E-A9C1-BFB501B8805D}C:\\program files\\xi\\netxfer\\nettransport.exe"= TCP:C:\program files\xi\netxfer\nettransport.exe:NetXfer Download Manager
"TCP Query User{5054E55A-C352-4F61-87A0-1EBA7872CAAD}D:\\programs\\ultima online kingdom reborn\\uokr.exe"= UDP:D:\programs\ultima online kingdom reborn\uokr.exe:UOKR
"UDP Query User{DC96CF59-9691-4602-ACB1-5264BFA6902A}D:\\programs\\ultima online kingdom reborn\\uokr.exe"= TCP:D:\programs\ultima online kingdom reborn\uokr.exe:UOKR
"TCP Query User{66156255-BE65-4E48-9C0C-4FA9EA791514}C:\\program files\\homeplayer1.5.1.2\\homeplayer.exe"= UDP:C:\program files\homeplayer1.5.1.2\homeplayer.exe:HomePlayer
"UDP Query User{27973476-644E-4678-931E-3439FEAB77D0}C:\\program files\\homeplayer1.5.1.2\\homeplayer.exe"= TCP:C:\program files\homeplayer1.5.1.2\homeplayer.exe:HomePlayer
"TCP Query User{C30ADD88-0CD3-4BB3-80CB-64B61BB62F23}D:\\programs\\le seigneur des anneaux online\\lotroclient.exe"= UDP:D:\programs\le seigneur des anneaux online\lotroclient.exe:lotroclient.exe
"UDP Query User{6F554C8B-7FE1-4056-B462-5A9DE2DBE970}D:\\programs\\le seigneur des anneaux online\\lotroclient.exe"= TCP:D:\programs\le seigneur des anneaux online\lotroclient.exe:lotroclient.exe
"TCP Query User{6C280CEE-07BE-4714-AB50-1EE6596E54C5}D:\\programs\\command & conquer 3\\retailexe\\1.5\\cnc3game.dat"= UDP:D:\programs\command & conquer 3\retailexe\1.5\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{16C22C09-8DEF-47A8-83B9-87A62B0F0321}D:\\programs\\command & conquer 3\\retailexe\\1.5\\cnc3game.dat"= TCP:D:\programs\command & conquer 3\retailexe\1.5\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"{04CA52D7-32B4-4788-A804-01E8C8230FB7}"= UDP:443:ooVoo TCP port 443
"{52D888F6-1A22-4954-87F5-684A09015593}"= Disabled:TCP:443:UDP port 443 ooVoo
"{BDDBCF8D-AAE4-4311-9FB4-D87A8BC15B63}"= Disabled:UDP:37674:TCP port 37674 ooVoo
"{FADAF416-1708-4E22-9537-DB015E33696E}"= Disabled:TCP:37674:UDP port 37674 ooVoo
"{439D1568-F8E2-47E7-90B7-6B61344F1EE9}"= Disabled:TCP:37675:UDP port 37675 ooVoo
"TCP Query User{B04F39AD-CB13-4FCD-89D7-2F9C5F141BAD}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{9AF15683-54FD-4EA1-82F3-C12F35D0D9D0}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"TCP Query User{1ACCD41C-C5ED-47B4-991F-AFB5475A0C3A}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{16E4A98B-FB84-41B5-82C9-D03A877C2687}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{0A082EDD-8240-4619-90E9-7E81AF3D7D3A}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{AE4E957C-2564-4736-B9D7-925DE1960DBF}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{C21A5AF2-C400-4F24-90AB-CF8C58FE9B88}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8010115E-C7BF-4027-8336-BD4CEB9C81C7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{2EDE8E70-A373-42B7-BD43-A130BCA0A485}C:\\users\\dagon\\desktop\\emule0.48a\\emule0.48a\\emule.exe"= UDP:C:\users\dagon\desktop\emule0.48a\emule0.48a\emule.exe:emule.exe
"UDP Query User{FEAB418B-6E4B-4D98-BF68-136FD71F3462}C:\\users\\dagon\\desktop\\emule0.48a\\emule0.48a\\emule.exe"= TCP:C:\users\dagon\desktop\emule0.48a\emule0.48a\emule.exe:emule.exe
"{FAFB319D-21A3-4DBD-8B8D-416E57101A10}"= UDP:D:\Programs\Neverwinter 2\nwn2main.exe:Neverwinter Nights 2 Main
"{96635206-F455-444D-BA4C-A849E2E6678D}"= TCP:D:\Programs\Neverwinter 2\nwn2main.exe:Neverwinter Nights 2 Main
"{2E7BF82F-3E1D-4D7B-ACD3-1A88A5EB6E0C}"= UDP:D:\Programs\Neverwinter 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{ABFA8DA8-4155-4EC9-A497-DF889A37E40B}"= TCP:D:\Programs\Neverwinter 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{A9940AA3-E75F-410B-9A7E-803DA8BF52BB}"= UDP:D:\Programs\Neverwinter 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{583282F8-4FC6-4C30-8E44-9B26A121D40B}"= TCP:D:\Programs\Neverwinter 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{63A20BEB-9B1D-4950-B001-4AD78BCB0068}"= UDP:D:\Programs\Neverwinter 2\nwn2server.exe:Neverwinter Nights 2 Server
"{D523DDC2-5774-4686-8587-FAAB59EECB7D}"= TCP:D:\Programs\Neverwinter 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{3E118099-98BB-4722-9183-D5C9D369E40E}C:\\users\\dagon\\appdata\\local\\temp\\temp1_wakeonlanmonitor.zip\\wakeonlanmonitor.exe"= UDP:C:\users\dagon\appdata\local\temp\temp1_wakeonlanmonitor.zip\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"UDP Query User{0FF48EFE-4374-4C90-8769-82B7B540EEFB}C:\\users\\dagon\\appdata\\local\\temp\\temp1_wakeonlanmonitor.zip\\wakeonlanmonitor.exe"= TCP:C:\users\dagon\appdata\local\temp\temp1_wakeonlanmonitor.zip\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"TCP Query User{51DABAB3-6D4D-4F1A-92C1-536C61B49AE7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C846E717-6187-4AE5-9242-17EB6DD8E118}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{7C4031E8-C316-4B5B-B8CD-D0CEC4B0A8FC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2D65652B-CC18-4DAA-BAB1-F19CFC63A688}D:\\programs\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= UDP:D:\programs\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{BD1002EC-B0D4-4D8A-9396-7FCDA5F424DC}D:\\programs\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= TCP:D:\programs\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{DFE755A7-BD8F-4215-AFCA-3A6B65CFD968}C:\\users\\dagon\\desktop\\wakeonlanmonitor\\wakeonlanmonitor.exe"= UDP:C:\users\dagon\desktop\wakeonlanmonitor\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"UDP Query User{585408B9-4AEC-4546-A420-2A2E71BE6BAA}C:\\users\\dagon\\desktop\\wakeonlanmonitor\\wakeonlanmonitor.exe"= TCP:C:\users\dagon\desktop\wakeonlanmonitor\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"TCP Query User{F960351A-053E-4B58-AB7A-19594A28C6F1}C:\\users\\dagon\\desktop\\aocp20080410.exe"= UDP:C:\users\dagon\desktop\aocp20080410.exe:aocp20080410.exe
"UDP Query User{8893F83E-6A4D-4884-927A-9DB4CE15ED05}C:\\users\\dagon\\desktop\\aocp20080410.exe"= TCP:C:\users\dagon\desktop\aocp20080410.exe:aocp20080410.exe
"{E2458890-CF74-4EDE-8867-1858EAC70117}"= UDP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{368B0BE1-531A-4A9C-AE16-057E4111C0DF}"= TCP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{70C3F2F1-4A0D-4A77-ACB2-639FC6533DCD}"= UDP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{75A73E70-5C26-461D-A858-3E24FA28E12F}"= TCP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{97FCF7AD-3E69-4258-8A37-875E785DAF5C}"= UDP:D:\Programs\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{6B353752-F9C2-47E2-89AA-9FB139482854}"= TCP:D:\Programs\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-11-14 16:06]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 11:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-09-12 11:20]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 14:13]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-15 16:24]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2006-12-05 15:39]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" []
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" [2008-04-12 10:26]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\Windows\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\Windows\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\Windows\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2007-12-23 18:07]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f0dc1e-ca9d-11db-a77d-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-25 15:15:59 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-05 23:35:25 C:\Windows\Tasks\User_Feed_Synchronization-{9AC6BA22-0B14-4BFB-BB4F-B6FF187594CA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 13:15:47
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\Windows\System32\PSIService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-06 13:22:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-06 11:21:54

Pre-Run: 42,294,087,680 octets libres
Post-Run: 44,043,112,448 octets libres

352 --- E O F --- 2008-05-02 09:30:43







--------------------
HIJACKTHIS :
---------------------






Logfile of HijackThis v1.99.1
Scan saved at 13:28:13, on 06/05/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\AI Remote\AiRc.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\vVX1000.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\Dagon\Desktop\hijackthis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ai Remote Help] "C:\Program Files\ASUS\AI Remote\AiRc.exe"
O4 - HKLM\..\Run: [ASUS ASAP USB] C:\Program Files\ASUS\ASAP\asapusb.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
0
Réponse 4 / 10
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
6 mai 2008 à 18:19
Ok.

Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur Démarrer Online-Scanner

- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail.
- Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Configurer le contrôle des ActiveX

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
the_dagon Messages postés 7 Date d'inscription mardi 6 mai 2008 Statut Membre Dernière intervention 10 novembre 2009
6 mai 2008 à 19:03
incompatible vista...
0
Réponse 6 / 10
the_dagon Messages postés 7 Date d'inscription mardi 6 mai 2008 Statut Membre Dernière intervention 10 novembre 2009
9 mai 2008 à 21:01
comme dit dans mon post précédent, kaspersky en online scanner n'est pas compatible vista... que puis-je utiliser d'autre ?

Au vu du log HijackThis et Combofix, le système est-il propre maintenant ?

merci pour tout !
0
Réponse 7 / 10
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
10 mai 2008 à 11:12
Salut.

Oui. :-)
Des problèmes en particulier?

Sinon, tu me disais que le démarrage était lent?

A+
0
Réponse 8 / 10
nkd Messages postés 73 Date d'inscription jeudi 24 avril 2008 Statut Membre Dernière intervention 21 mai 2010 7
10 mai 2008 à 11:15
As tu un anti virus?Si oui,c koi,le mets tu a jour de temps à autre ou active la mise à jour automatique,essaie de faire un scan en ligne
0
Réponse 9 / 10
the_dagon Messages postés 7 Date d'inscription mardi 6 mai 2008 Statut Membre Dernière intervention 10 novembre 2009
10 mai 2008 à 13:13
Oui le démarrage est à priori assez lent depuis cette infection, et pourtant je n'ai pas des tonnes d'applis en démarrage, d'après msconfig.

Mon antivirus est NOD32 qui est mis à jour automatiquement tous les jours.

Bon, je défragmenterai d'ici là.

quoiqu'il en soit, les instructions de Regis59 (hijackthis + combofix) semblent avoir tout résolu au niveau de l'infection.

MERCI !
0
Réponse 10 / 10
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 320
10 mai 2008 à 14:46
Salut

Pour le démarrage, Fais démarrer < tous les programmes < démarrage

Tu as quelque chose la?

A+
0

Discussions similaires

Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses