[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

Rouk76 · le 2 février 2009

Désolé, je m'y suis surement mal pris alors ><

Et bien j'ai installé Hijack sur mon PC et voici mon rapport.

Serait-il possible de me dire les cases a cocher et a supprimer.

Merci beaucoup.

snooky · le 2 février 2009

Un souci particulier ?

Rouk76 · le 2 février 2009

Oui, le PC lag pas mal et sur le net j'ai des fenêtres de pub intempestive.

snooky · le 2 février 2009

Coche et Fix checked toutes les lignes 04 avec Hijackthis .

Redémarre le pc .

Lance Clean v2.0 , procédure 1 ( vise ma signature )

Redémarre le pc .

Lance MBAM et supprime tout ce qui est trouvé :

http://www.malwarebytes.org/mbam.php

Lance ComboFix , et poste le rapport créé :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

matt30-bis · le 7 février 2009

Bonjour, Antivir me detecte le virus Tr/Agent.job. Jai beau lui dire de le déplacer en quarantaine ou de le supprimer, il revient à chaque fois, j'ai également fait un scan avec MAM. Il m'a trouvé la même chose, j'ai demandé à ce qui le supprime mais c'est toujours là.

noisette m'a dit de poster mon rapport ici, ce que je fais.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:28:21, on 07/02/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Users\Mathias\AppData\Roaming\MICROS~1\logman.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Mathias\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Mathias\Desktop\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr&source=iglk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=C:\Users\Mathias\AppData\Roaming\MICROS~1\logman.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Mathias\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate1c987c7b322b263) (gupdate1c987c7b322b263) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

--

End of file - 5828 bytes

Merci pour l'aide que tu pourras m'apporter.

snooky · le 7 février 2009

Redémarre en mode sans échec et lance une analyse complète avec MBAM , supprime e qu'il troue .

Indique dans ta réponse le chemin du trojan sur le disque .

Lance à nouveau ComboFix et poste le rapport.

Redémarre ensuite en mode normal.

snooky · le 7 février 2009

Télécharge et lance Dr Web Cureit > ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

Après l'analyse rapide , sélectionne l'analyse complète .

Poste le rapport créé.

Fait ensuite ceci > http://www.malekal.com/Trojan_Agent_iob.php

matt30-bis · le 7 février 2009

MBAM n'a rien trouvé.

Rapport ComboFix :

ComboFix 09-02-06.02 - Mathias 2009-02-07 17:13:02.2 - NTFSx86 MINIMAL

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3326.2588 [GMT 1:00]

Lancé depuis: c:\users\Mathias\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-07 au 2009-02-07 ))))))))))))))))))))))))))))))))))))

.

Pas de nouveau fichier créé dans ce laps de temps

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-07 09:58 --------- d-----w c:\users\Mathias\AppData\Roaming\uTorrent

2009-02-07 09:02 --------- d-----w c:\users\Mathias\AppData\Roaming\AIMP

2009-02-06 21:41 --------- d-----w c:\programdata\Electronic Arts

2009-02-06 21:23 --------- d-----w c:\programdata\Google Updater

2009-02-06 16:30 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-06 16:30 --------- d-----w c:\program files\Electronic Arts

2009-02-06 16:29 --------- d-----w c:\program files\Common Files\InstallShield

2009-02-06 16:12 81,920 ----a-w c:\users\Mathias\AppData\Roaming\sessmgr.exe

2009-02-06 16:12 81,920 ----a-w c:\users\Mathias\AppData\Roaming\rsvp.exe

2009-02-06 16:12 81,920 ----a-w c:\users\Mathias\AppData\Roaming\mstinit.exe

2009-02-06 16:12 81,920 ----a-w c:\users\Mathias\AppData\Roaming\mqtgsvc.exe

2009-02-06 16:12 81,920 ----a-w c:\users\Mathias\AppData\Roaming\clipsrv.exe

2009-02-06 16:12 81,920 ----a-w c:\users\Mathias\AppData\Roaming\cisvc.exe

2009-02-05 19:27 --------- d-----w c:\program files\Google

2009-02-05 17:16 --------- d-----w c:\users\Mathias\AppData\Roaming\Convivea

2009-02-04 17:26 --------- d-----w c:\program files\PDFCreator

2009-02-03 11:49 410,984 ----a-w c:\windows\System32\deploytk.dll

2009-02-03 11:49 --------- d-----w c:\program files\Java

2009-02-01 15:43 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

2009-02-01 14:16 --------- d-----w c:\program files\Remove Empty Directories

2009-02-01 13:59 319,488 ----a-w c:\windows\HideWin.exe

2009-02-01 13:59 319,456 ----a-w c:\windows\DIFxAPI.dll

2009-01-31 11:22 --------- d-----w c:\program files\JKDefrag v3.36

2009-01-29 19:12 --------- d-----w c:\program files\Opera

2009-01-26 18:17 --------- d-----w c:\program files\directx

2009-01-23 11:47 --------- d-----w c:\users\Mathias\AppData\Roaming\DAEMON Tools Pro

2009-01-21 17:16 --------- d-----w c:\program files\AIMP2

2009-01-15 17:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-14 07:15 4,235,776 ----a-w c:\windows\system32\drivers\atikmdag.sys

2009-01-14 06:55 --------- d-----w c:\program files\Windows Mail

2009-01-14 05:03 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll

2009-01-14 05:02 159,744 ----a-w c:\windows\System32\atitmmxx.dll

2009-01-14 05:01 43,520 ----a-w c:\windows\System32\ati2edxx.dll

2009-01-14 05:01 348,160 ----a-w c:\windows\System32\atipdlxx.dll

2009-01-14 05:01 286,720 ----a-w c:\windows\System32\Ati2evxx.dll

2009-01-14 05:01 274,432 ----a-w c:\windows\System32\Oemdspif.dll

2009-01-14 04:59 729,088 ----a-w c:\windows\System32\Ati2evxx.exe

2009-01-14 04:50 2,345,472 ----a-w c:\windows\System32\atidxx32.dll

2009-01-14 04:44 3,963,392 ----a-w c:\windows\System32\atiumdag.dll

2009-01-14 04:22 4,765,696 ----a-w c:\windows\System32\atiumdva.dll

2009-01-14 04:08 50,688 ----a-w c:\windows\System32\amdpcom32.dll

2009-01-14 04:07 122,880 ----a-w c:\windows\System32\atiadlxx.dll

2009-01-14 03:59 11,247,616 ----a-w c:\windows\System32\atioglxx.dll

2009-01-14 03:50 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2009-01-14 02:54 57,344 ----a-w c:\windows\System32\amdcalrt.dll

2009-01-14 02:53 53,248 ----a-w c:\windows\System32\amdcalcl.dll

2009-01-14 02:51 3,239,936 ----a-w c:\windows\System32\amdcaldd.dll

2009-01-12 19:03 --------- d-----w c:\program files\SystemRequirementsLab

2009-01-10 17:59 --------- d-----w c:\programdata\Media Center Programs

2009-01-09 21:04 --------- d-----w c:\program files\ATI

2009-01-09 12:33 --------- d-----w c:\program files\Lavalys

2009-01-09 12:30 --------- d-----w c:\programdata\ATI

2009-01-09 12:26 --------- d-----w c:\program files\ATI Technologies

2009-01-04 13:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf

2009-01-03 12:37 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-01-02 17:13 --------- d-----w c:\program files\CCleaner

2009-01-02 17:09 --------- d-----w c:\program files\K-Lite Codec Pack

2009-01-02 13:12 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf

2009-01-02 13:11 --------- d-----w c:\program files\Microsoft Xbox 360 Accessories

2009-01-01 20:52 130,208 ------r c:\windows\bwUnin-8.1.1.87-8876480SL.exe

2009-01-01 11:51 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe

2009-01-01 11:51 --------- d-----w c:\users\Mathias\AppData\Roaming\Logitech

2009-01-01 11:51 --------- d-----w c:\program files\Common Files\Logishrd

2009-01-01 11:50 --------- d-----w c:\program files\Logitech

2009-01-01 11:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2009-01-01 11:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2009-01-01 11:48 --------- d-----w c:\users\Mathias\AppData\Roaming\InstallShield

2009-01-01 11:48 --------- d-----w c:\programdata\Logitech

2009-01-01 11:47 --------- d-----w c:\programdata\LogiShrd

2009-01-01 11:45 --------- d-----w c:\program files\Common Files\Logitech

2008-12-31 18:50 1,700,352 ----a-w c:\windows\System32\gdiplus.dll

2008-12-31 18:50 1,060,864 ----a-w c:\windows\System32\mfc71.dll

2008-12-31 18:41 --------- d--h--r c:\users\Mathias\AppData\Roaming\SecuROM

2008-12-31 18:41 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE

2008-12-31 18:37 107,888 ----a-w c:\windows\System32\CmdLineExt.dll

2008-12-31 16:52 --------- d-----w c:\program files\RocketDock

2008-12-31 15:14 --------- d-----w c:\program files\Microsoft.NET

2008-12-31 15:11 --------- d-----w c:\users\Mathias\AppData\Roaming\DAEMON Tools Lite

2008-12-30 22:55 --------- d-----w c:\program files\Quicksys

2008-12-30 22:52 --------- d-----w c:\users\Mathias\AppData\Roaming\SumatraPDF

2008-12-30 22:51 --------- d-----w c:\program files\SumatraPDF

2008-12-30 22:07 --------- d-----w c:\users\Mathias\AppData\Roaming\InfraRecorder

2008-12-30 22:07 --------- d-----w c:\program files\InfraRecorder

2008-12-30 21:53 --------- d-----w c:\users\Mathias\AppData\Roaming\DAEMON Tools

2008-12-30 21:52 --------- d-----w c:\programdata\DAEMON Tools Lite

2008-12-30 21:52 --------- d-----w c:\program files\DAEMON Tools Lite

2008-12-30 21:49 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2008-12-30 21:15 --------- d-----w c:\users\Mathias\AppData\Roaming\Malwarebytes

2008-12-30 21:15 --------- d-----w c:\programdata\Malwarebytes

2008-12-30 21:07 --------- d-----w c:\programdata\Avira

2008-12-30 21:07 --------- d-----w c:\program files\Avira

2008-12-30 21:00 --------- d-----w c:\program files\Media Player Classic

2008-12-30 20:59 --------- d-----w c:\users\Mathias\AppData\Roaming\Media Player Classic

2008-12-30 20:58 --------- d-----w c:\program files\IZArc

2008-12-30 20:31 --------- d-----w c:\program files\NETGEAR

2008-12-30 20:27 --------- d-----w c:\users\Mathias\AppData\Roaming\ATI

2008-12-30 20:25 --------- d-----w c:\program files\Common Files\ATI Technologies

2008-12-30 20:20 --------- d-----w c:\program files\Marvell

.

((((((((((((((((((((((((((((( SnapShot@2009-02-07_15.38.43,19 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-02-07 14:28:23 151,552 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-02-07 15:58:30 151,552 ----a-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2009-02-07 14:38:25 151,552 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-07 15:58:25 151,552 ----a-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2009-02-07 14:32:14 101,052 ----a-w c:\windows\System32\perfc009.dat

+ 2009-02-07 15:51:56 100,640 ----a-w c:\windows\System32\perfc009.dat

- 2009-02-07 14:32:15 123,350 ----a-w c:\windows\System32\perfc00C.dat

+ 2009-02-07 15:51:56 122,972 ----a-w c:\windows\System32\perfc00C.dat

- 2009-02-07 14:32:14 586,980 ----a-w c:\windows\System32\perfh009.dat

+ 2009-02-07 15:51:56 586,568 ----a-w c:\windows\System32\perfh009.dat

- 2009-02-07 14:32:15 669,328 ----a-w c:\windows\System32\perfh00C.dat

+ 2009-02-07 15:51:56 668,580 ----a-w c:\windows\System32\perfh00C.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Google Update"="c:\users\Mathias\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-31 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 148888]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-01-01 91440]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-01 809488]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-09-14 1695744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{FE192C99-F762-4C67-A785-5F3A41D8DF62}d:\\téléchargement\\emule\\emule.exe"= UDP:d:\téléchargement\emule\emule.exe:eMule

"UDP Query User{692464F3-7913-4E21-9CAF-3AB30118CAA5}d:\\téléchargement\\emule\\emule.exe"= TCP:d:\téléchargement\emule\emule.exe:eMule

"{A0E7E796-1336-4536-A8D7-54B1C9BA7263}"= UDP:d:\jeux\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{4B9AB4D9-3443-4B49-965A-D4AB1DFF511E}"= TCP:d:\jeux\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club

"{CCD649DA-2F00-4967-9AD1-46E7D3851D4C}"= UDP:d:\jeux\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"{2DEFF54C-ED98-4FBE-9319-C05EB6478BA2}"= TCP:d:\jeux\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV

"TCP Query User{B2158CE8-CE96-4310-9239-F66D838D77F2}d:\\jeux\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:d:\jeux\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"UDP Query User{EE3280B1-D7AE-4203-A78A-9A3C3F5E0BA5}d:\\jeux\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:d:\jeux\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV

"{EBF77E48-737F-45CE-BED0-231E1F279A32}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{984D7E41-3872-45CD-98F5-9BF642AF7676}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{DC96EF1A-9B8E-4A25-8058-2802DCEF1C3E}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{5D56120D-D172-4CEB-B342-4B7545CAC497}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{F1C33631-2EF5-4F42-825C-AAFE1430902D}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{B1AF75A4-161C-4522-A072-F85DDC9F0217}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"TCP Query User{583738C4-BC3C-4FB4-B68A-CE146F866456}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser

"UDP Query User{FFBF7DB4-1604-4F83-9307-11D6E540DCF1}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser

"{54E1C3CE-3BDB-4334-838C-05773BF8753F}"= UDP:d:\téléchargement\µTorrent\uTorrent.exe:µTorrent (TCP-In)

"{D684A30E-C1CB-4907-B0D3-26F8A29F4F8B}"= TCP:d:\téléchargement\µTorrent\uTorrent.exe:µTorrent (UDP-In)

"{06DB5605-32B3-4F20-B88E-1147F7D46722}"= UDP:d:\jeux\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box

"{199CB686-7667-48FC-9026-589C095A4210}"= TCP:d:\jeux\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box

"{95714B72-F3EE-473D-AB8E-16EB882F299B}"= UDP:d:\jeux\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box

"{154B4EBB-FDD7-4E54-BC9B-2D37B646DC4F}"= TCP:d:\jeux\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box

"{E0F3CC28-90B4-41F5-9AC4-D1594BC76BF6}"= UDP:d:\jeux\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box

"{E127B845-0CB9-497F-9E4B-5D0364DACA86}"= TCP:d:\jeux\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box

"TCP Query User{ED445966-C75A-4471-8064-7BA0EA651A49}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

"UDP Query User{0A2E0582-ACBC-40A3-82F3-7EE3D6AA30D2}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [2008-07-22 151592]

S2 gupdate1c987c7b322b263;Google Update Service (gupdate1c987c7b322b263);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]

S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [2008-12-31 48128]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v3.sys [2008-12-30 227328]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ECACHE

*Deregistered* - sptd

.

Contenu du dossier 'Tâches planifiées'

2009-02-07 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 20:21]

2009-02-07 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 20:26]

2009-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-192886970-665670061-1568562545-1000.job

- c:\users\Mathias\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 11:24]

.

- - - - ORPHELINS SUPPRIMES - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/ig?hl=fr&source=iglk

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-07 17:14:42

Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(632)

c:\program files\Microsoft Office\OFFICE11\msohev.dll

.

Heure de fin: 2009-02-07 17:15:12

ComboFix-quarantined-files.txt 2009-02-07 16:15:10

ComboFix2.txt 2009-02-07 14:39:46

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Après-CF: 111,402,901,504 octets libres

222 --- E O F --- 2009-02-02 11:24:42