Rapport hijackthis

dliardet -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:44:23, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/content/public/choosecountry.aspx?c=us&l=en&s=gen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - http://www.eserver.com/downloads/citrix/plugins/activex/wfica.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D17501F3-7F87-4AFA-B7FB-963E8F0152EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O21 - SSODL: jGnnL - {701B4D5E-DAB1-E7F4-5014-331C81A3A981} - C:\WINDOWS\system32\vqa.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service a2freeRasAutogusvc (a2freeRasAutogusvc) - Unknown owner - C:\WINDOWS\
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0DcomLaunch (FontCache3.0.0.0DcomLaunch) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 FontCache3.0.0.0ose (FontCache3.0.0.0ose) - Unknown owner - C:\WINDOWS\
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Google Updater Service gusvcDcomLaunch (gusvcDcomLaunch) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de l'iPod iPodNtLmSsp (iPodNtLmSsp) - Unknown owner - C:\WINDOWS\
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Affichage des messages MessengerNlaAppMgmt (MessengerNlaAppMgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: NLA (Network Location Awareness) NlaAppMgmt (NlaAppMgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: NLA (Network Location Awareness) Nlaidsvc (Nlaidsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: NLA (Network Location Awareness) Nlaidsvc Nlaidsvcupnphost (Nlaidsvcupnphost) - Unknown owner - C:\WINDOWS\
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutogusvc (RasAutogusvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoPolicyAgent (RasAutoPolicyAgent) - Unknown owner - C:\WINDOWS\
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance RDSessMgrAlerter (RDSessMgrAlerter) - Unknown owner - C:\WINDOWS\
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance RDSessMgrAlerter RDSessMgrAlerterRasMan (RDSessMgrAlerterRasMan) - Unknown owner - C:\WINDOWS\
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance RDSessMgrdmserver (RDSessMgrdmserver) - Unknown owner - C:\WINDOWS\
O23 - Service: Appel de procédure distante (RPC) RpcSsCryptSvc (RpcSsCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: QoS RSVP RSVPGoogleDesktopManager (RSVPGoogleDesktopManager) - Unknown owner - C:\WINDOWS\
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Téléphonie TapiSrvMSDTC (TapiSrvMSDTC) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Messenger Sharing Folders USN Journal Reader usnjsvcclr_optimization_v2.0.50727_32 (usnjsvcclr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Driver Foundation - User-mode Driver Framework WudfSvcNla (WudfSvcNla) - Unknown owner - C:\WINDOWS\

--
End of file - 26218 bytes
Configuration: Windows XP
Firefox 3.0.1

2 réponses

  1. combo
     
    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    -Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. risque de figer l'ordi

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    !\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordi (plantage complet)

    ::Si combofix demande a faire mise a jour tu refuse
    ::Si combofix detecte quelque chose et de demande a redemarer tu accepte
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      salut a vous pour suivre
      0
      1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537 > benurrr Messages postés 9766 Statut Contributeur sécurité
         
        Bonjour,

        pour suivre aussi.
        0
  2. dliardet
     
    ComboFix 08-08-29.02 - David Liardet 2008-08-30 2:28:56.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1537 [GMT 2:00]
    Endroit: C:\Documents and Settings\David Liardet\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\David Liardet\Application Data\rhctm7j0en2p
    C:\Documents and Settings\Lili Dos Santos\Cookies\lili_dos_santos@ehg-swisscom.hitbox[2].txt
    C:\Program Files\GamesBar\oberontb.dll
    C:\WINDOWS\system32\blphcpm7j0en2p.scr
    C:\WINDOWS\system32\phcpm7j0en2p.bmp
    C:\WINDOWS\SYSTEM32\VEdLTvut.ini
    C:\WINDOWS\SYSTEM32\VEdLTvut.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-28 15:27 . 2008-08-28 15:39 96,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
    2008-08-28 15:27 . 2008-08-28 15:39 87,855 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
    2008-08-28 15:26 . 2008-08-28 15:26 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-08-28 15:26 . 2008-08-30 13:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-08-28 15:26 . 2008-08-30 06:59 3,368,992 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
    2008-08-28 15:26 . 2008-08-30 06:59 507,936 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
    2008-08-28 15:26 . 2008-08-30 06:59 27,400 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
    2008-08-28 15:26 . 2008-08-30 06:59 2,816 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx
    2008-08-26 15:22 . 2008-08-26 15:22 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
    2008-08-26 15:22 . 2008-08-26 15:22 <REP> d-------- C:\Documents and Settings\David Liardet\Application Data\Malwarebytes
    2008-08-26 15:12 . 2008-08-26 15:22 <REP> d-------- C:\WINDOWS\LastGood(2)
    2008-08-23 15:24 . 2008-08-30 13:15 <REP> d-------- C:\Documents and Settings\David Liardet\Application Data\OpenOffice.org2
    2008-08-23 15:18 . 2008-08-23 15:18 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-08-23 12:49 . 2008-08-26 15:22 <REP> d-------- C:\Program Files\PC Connectivity Solution
    2008-08-23 12:49 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys
    2008-08-23 12:49 . 2008-08-23 12:49 0 --a------ C:\WINDOWS\nsreg.dat
    2008-08-22 23:23 . 2008-08-26 15:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-22 23:23 . 2008-08-22 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-22 23:23 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-08-22 23:23 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-08-22 23:08 . 2008-08-22 23:08 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-21 20:22 . 2008-08-28 12:46 <REP> d-------- C:\Program Files\a-squared Free
    2008-08-17 19:00 . 2008-08-28 12:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-08-17 19:00 . 2008-08-28 15:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-17 18:21 . 2008-08-17 18:21 32 --a-s---- C:\WINDOWS\SYSTEM32\3897972993.dat
    2008-08-17 18:17 . 2008-08-23 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-08-17 18:17 . 2008-08-17 18:17 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-07-16 11:04 . 2008-08-28 13:10 <REP> d-------- C:\Program Files\Yahoo!
    2008-07-16 11:04 . 2008-07-16 11:04 <REP> d-------- C:\Program Files\CCleaner
    2008-07-16 10:50 . 2005-05-23 13:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-07-16 10:50 . 2005-05-23 13:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-07-16 10:50 . 2005-05-23 13:00 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-07-16 10:50 . 2005-05-23 13:00 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-07-16 10:50 . 2005-05-23 13:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-07-16 10:50 . 2005-05-23 13:00 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-07-16 10:50 . 2005-05-23 13:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-07-16 10:50 . 2007-08-16 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Teleca
    2008-07-16 10:50 . 2007-08-16 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
    2008-07-16 10:50 . 2005-05-23 13:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
    2008-07-16 10:50 . 2007-07-08 14:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Desperate Housewives
    2008-07-16 10:50 . 2008-08-26 15:25 <REP> d-------- C:\Documents and Settings\Administrateur

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-30 00:29 --------- d-----w C:\Program Files\GamesBar
    2008-08-28 18:13 --------- d-----w C:\Documents and Settings\Lili Dos Santos\Application Data\Skype
    2008-08-28 13:39 58,368 ----a-w C:\WINDOWS\SYSTEM32\spoolsv.exe
    2008-08-28 13:39 509,952 ----a-w C:\WINDOWS\SYSTEM32\winlogon.exe
    2008-08-28 13:39 16,896 ----a-w C:\WINDOWS\SYSTEM32\svchost.exe
    2008-08-28 13:39 14,336 ----a-w C:\WINDOWS\SYSTEM32\lsass.exe
    2008-08-28 13:39 110,080 ----a-w C:\WINDOWS\SYSTEM32\services.exe
    2008-08-28 13:39 1,039,360 ----a-w C:\WINDOWS\explorer.exe
    2008-08-28 11:06 --------- d-----w C:\Program Files\Gamenext
    2008-08-26 13:24 --------- d-----w C:\Program Files\World of Warcraft (privé)
    2008-08-25 13:18 --------- d-----w C:\Program Files\World of Warcraft
    2008-08-23 13:17 --------- d-----w C:\Program Files\Java
    2008-08-23 10:51 --------- d-----w C:\Program Files\Nokia
    2008-08-23 10:51 --------- d-----w C:\Program Files\Fichiers communs\Nokia
    2008-08-23 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
    2008-08-18 14:58 --------- d-----w C:\Documents and Settings\Lili Dos Santos\Application Data\scrfunkamok
    2008-08-18 14:52 --------- d-----w C:\Documents and Settings\David Liardet\Application Data\scrfunkamok
    2008-08-18 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
    2008-08-17 17:44 --------- d-----w C:\Program Files\BearShare
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
    2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
    2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2008-06-23 09:21 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
    2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
    2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
    2008-05-07 05:38 90,624 ----a-w C:\WINDOWS\SYSTEM32\nmwcdcls.dll
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
    2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
    2008-05-01 14:31 331,776 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
    .

    ------- Sigcheck -------

    2008-08-28 15:39 16896 a8fb150e88a67da58410b7e28ad52e8c C:\WINDOWS\SYSTEM32\svchost.exe

    2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
    2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2004-08-05 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
    2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
    2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
    2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
    2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
    2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys

    2008-08-28 15:39 509952 68f89dcb80b45660aee06bf1fe353b49 C:\WINDOWS\SYSTEM32\winlogon.exe

    md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

    2008-08-28 15:39 110080 e063b61a9466b0cf8a3a68316bd85877 C:\WINDOWS\SYSTEM32\services.exe

    2008-08-28 15:39 14336 0c4a26a14d5812484d8a3c834bbd47ab C:\WINDOWS\SYSTEM32\lsass.exe

    2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2004-08-05 13:00 57856 b4ef928e4fad79364a80acba6d999934 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
    2008-08-28 15:39 58368 3513a57ec257df60f641d20031acb383 C:\WINDOWS\SYSTEM32\spoolsv.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-26 23:29 36864]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 17:41 68856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54 57344]
    "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 15:25 1011712]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 18:49 49152]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960]
    "LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 21:53 1838592]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "NoDispScrSavPage"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "jGnnL"= {701B4D5E-DAB1-E7F4-5014-331C81A3A981} - C:\WINDOWS\system32\vqa.dll [2007-04-16 17:53 32768]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbb65.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winet18.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff25.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingg00.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhv06.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winii23.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkd16.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winli76.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintw03.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winus13.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwj78.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HD Publishing\\Joint Task Force\\jtf.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
    "C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader
    "6112:TCP"= 6112:TCP:Blizzard Downloader

    R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
    R2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 19:07]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
    S0 Winbb65;Winbb65;C:\WINDOWS\system32\Drivers\Winbb65.sys []
    S0 Winet18;Winet18;C:\WINDOWS\system32\Drivers\Winet18.sys []
    S0 Winff25;Winff25;C:\WINDOWS\system32\Drivers\Winff25.sys []
    S0 Wingg00;Wingg00;C:\WINDOWS\system32\Drivers\Wingg00.sys []
    S0 Winhv06;Winhv06;C:\WINDOWS\system32\Drivers\Winhv06.sys []
    S0 Winii23;Winii23;C:\WINDOWS\system32\Drivers\Winii23.sys []
    S0 Winkd16;Winkd16;C:\WINDOWS\system32\Drivers\Winkd16.sys []
    S0 Winli76;Winli76;C:\WINDOWS\system32\Drivers\Winli76.sys []
    S0 Wintw03;Wintw03;C:\WINDOWS\system32\Drivers\Wintw03.sys []
    S0 Winus13;Winus13;C:\WINDOWS\system32\Drivers\Winus13.sys []
    S0 Winwj78;Winwj78;C:\WINDOWS\system32\Drivers\Winwj78.sys []
    S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 04:17]
    S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0220ff4-4ef4-11db-a566-00123f30285f}]
    \Shell\AutoRun\command - F:\setupSNK.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

    2005-06-29 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1117227390.job
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 01:46]

    2008-08-29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBAB188B-CE11-4665-A1AD-6E8635453E7F}.job
    - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    HKLM-Run-LFAgent - (no file)
    Notify-WinCtrl32 - (no file)

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\David Liardet\Application Data\Mozilla\Firefox\Profiles\ha6mbk7c.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ch/
    FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-30 13:11:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a2freeRasAutogusvc]
    "ImagePath"="ð%€|\18Ï\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0DcomLaunch]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0ose]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcDcomLaunch]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPodNtLmSsp]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MessengerNlaAppMgmt]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaAppMgmt]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nlaidsvc]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nlaidsvcupnphost]
    "ImagePath"="ð%€|ÀÍ\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutogusvc]
    "ImagePath"="ð%€|¨Í\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoPolicyAgent]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrAlerter]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrAlerterRasMan]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrdmserver]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSsCryptSvc]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVPGoogleDesktopManager]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrvMSDTC]
    "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvcclr_optimization_v2.0.50727_32]
    "ImagePath"="ð%€|XÍ\[u]0[/u]9 srv"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvcNla]
    "ImagePath"="ð%€|¨Í\[u]0[/u]9 srv"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\SYSTEM32\ati2evxx.exe
    C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\QuickCam10\COCIManager.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\SYSTEM32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
    C:\WINDOWS\SYSTEM32\IMAPI.EXE
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-30 13:19:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-30 11:19:41

    Pre-Run: 86,592,061,440 octets libres
    Post-Run: 87,004,753,920 octets libres

    344 --- E O F --- 2008-08-29 23:04:06
    0