ComboFix 08-06-05.3 - Guillaume 2008-06-06 18:35:19.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2269 [GMT 2:00] Endroit: C:\Users\Guillaume\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\aWoLCrRk.dll C:\Windows\system32\dwgjfgcd.ini C:\Windows\System32\kRrCLoWa.ini C:\Windows\System32\kRrCLoWa.ini2 C:\Windows\System32\SCIkSAHk.ini C:\Windows\System32\SCIkSAHk.ini2 C:\Windows\system32\uotdhahy.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))))))) . 2008-06-06 14:11 . 2008-06-06 14:11 d-------- C:\VundoFix Backups 2008-06-06 12:23 . 2008-06-06 12:23 2,560 --a------ C:\Windows\_MSRSTRT.EXE 2008-06-06 12:22 . 2008-06-06 12:22 d-------- C:\Program Files\WTASK 2008-06-06 11:59 . 2008-06-06 18:41 d-------- C:\Users\Guillaume\.rainlendar2 2008-06-06 11:59 . 2008-06-06 11:59 d-------- C:\Program Files\Rainlendar2 2008-06-06 11:45 . 2008-06-06 12:24 d-------- C:\Program Files\Taskbar Hide 2008-06-06 02:03 . 2008-06-06 02:03 96,192 --a------ C:\Windows\System32\gvreohjn.dll 2008-06-06 02:03 . 2008-06-06 18:41 766 ---hs---- C:\Windows\System32\njhoervg.ini 2008-06-06 02:02 . 2008-06-06 02:02 96,192 --a------ C:\Windows\System32\fhyegyyi.dll 2008-06-06 02:02 . 2008-06-06 01:59 354 --ahs---- C:\Windows\System32\iyygeyhf.ini 2008-06-05 21:24 . 2008-06-05 21:24 d-------- C:\Program Files\Stardock 2008-06-05 21:24 . 2008-06-05 21:24 d-------- C:\Program Files\Common Files\Stardock 2008-06-05 20:49 . 2008-06-05 20:49 d-------- C:\Program Files\RocketDock 2008-06-05 20:30 . 2008-06-05 20:30 d-------- C:\Program Files\Xio 2008-06-05 20:29 . 2008-06-05 20:29 d-------- C:\Users\Guillaume\AppData\Roaming\Xion 2008-06-05 18:36 . 2008-06-05 18:36 d-------- C:\Program Files\Soulseek 2008-06-03 01:24 . 2008-06-03 01:24 d-------- C:\Program Files\AviSynth 2.5 2008-06-03 00:49 . 2008-06-03 00:49 d-------- C:\Users\Guillaume\AppData\Roaming\River Past G5 2008-06-03 00:49 . 2008-06-03 01:50 d-------- C:\Users\All Users\River Past G5 2008-06-03 00:49 . 2008-06-03 01:50 d-------- C:\ProgramData\River Past G5 2008-06-03 00:49 . 2008-06-03 01:09 d-------- C:\Program Files\Common Files\River Past 2008-05-31 23:16 . 2008-05-31 23:16 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-28 08:36 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 08:36 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-27 22:14 . 2008-06-03 01:38 341,240,180 --a------ C:\Windows\MEMORY.DMP 2008-05-25 22:30 . 2008-05-25 22:30 d-------- C:\Users\Guillaume\AppData\Roaming\Publish Providers 2008-05-24 17:38 . 2008-05-24 17:38 d-------- C:\Program Files\Trend Micro 2008-05-24 17:20 . 2008-05-24 17:20 d-------- C:\Program Files\CCleaner 2008-05-19 01:01 . 2008-06-06 00:48 364 --a------ C:\Windows\wininit.ini 2008-05-18 23:39 . 2008-05-18 23:19 152,576 --a------ C:\Windows\System32\SPWizUI.dll 2008-05-18 23:39 . 2008-05-18 23:19 47,560 --a------ C:\Windows\System32\SPReview.exe 2008-05-18 23:25 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe 2008-05-18 23:25 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll 2008-05-18 23:24 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-05-18 23:24 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll 2008-05-18 23:24 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll 2008-05-18 23:22 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-05-18 23:19 . 2008-05-18 23:39 327,680 --a------ C:\Windows\SPInstall.etl 2008-05-18 23:19 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe 2008-05-18 20:35 . 2008-05-18 20:35 d-------- C:\Users\Guillaume\AppData\Roaming\Sony 2008-05-18 20:31 . 2008-05-25 22:27 d-------- C:\Program Files\Sony 2008-05-13 19:06 . 2006-05-26 12:57 31,232 --a------ C:\Windows\System32\zgate.dll 2008-05-13 19:05 . 2002-12-05 18:58 1,388,544 --a------ C:\Windows\System32\MSVBVM6N.DLL 2008-05-13 19:05 . 2004-03-09 01:00 1,081,616 --a------ C:\Windows\System32\MSCOMCTL2.OCX 2008-05-13 19:05 . 1998-06-24 02:00 369,696 --a------ C:\Windows\System32\COMCT332.OCX 2008-05-13 19:05 . 2007-03-18 00:57 209,608 --a------ C:\Windows\System32\TABCTL32.OCX 2008-05-13 19:05 . 2004-06-25 21:20 140,288 --a------ C:\Windows\System32\COMDLG32.OCX 2008-05-13 19:05 . 2007-03-18 00:58 109,248 --a------ C:\Windows\System32\MSWINSCK.OCX 2008-05-12 23:07 . 2008-05-13 01:06 d-------- C:\Windows\System32\Adobe 2008-05-11 19:36 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll 2008-05-11 13:43 . 2008-05-11 20:31 d-------- C:\Users\Guillaume\AppData\Roaming\Download Manager . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 16:40 --------- d-----w C:\Program Files\Steam 2008-06-06 16:38 110,636,320 --sha-w C:\Windows\system32\drivers\fidbox.dat 2008-06-06 16:38 1,441,328 --sha-w C:\Windows\system32\drivers\fidbox.idx 2008-06-06 10:57 --------- d-----w C:\Users\Guillaume\AppData\Roaming\mIRC 2008-06-06 10:57 --------- d-----w C:\Program Files\mIRC 2008-06-06 10:26 --------- d-----w C:\ProgramData\Kaspersky Lab 2008-06-05 23:59 --------- d-----w C:\ProgramData\NVIDIA 2008-06-05 21:41 --------- d-----w C:\Program Files\Common Files\Steam 2008-06-02 23:54 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Skype 2008-06-02 22:01 --------- d-----w C:\Users\Guillaume\AppData\Roaming\skypePM 2008-06-02 20:20 --------- d-----w C:\Users\Guillaume\AppData\Roaming\FileZilla 2008-05-29 16:42 88,774 ----a-w C:\Windows\system32\drivers\klick.dat 2008-05-28 15:39 96,966 ----a-w C:\Windows\system32\drivers\klin.dat 2008-05-28 13:19 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys 2008-05-25 20:30 --------- d-----w C:\Program Files\Steinberg 2008-05-18 22:05 174 --sha-w C:\Program Files\desktop.ini 2008-05-18 21:58 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-18 21:58 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-18 21:58 --------- d-----w C:\Program Files\Windows Mail 2008-05-18 21:58 --------- d-----w C:\Program Files\Windows Journal 2008-05-18 21:58 --------- d-----w C:\Program Files\Windows Defender 2008-05-18 21:58 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-18 21:58 --------- d-----w C:\Program Files\Windows Calendar 2008-05-18 18:30 --------- d-----w C:\Program Files\Sony Setup 2008-05-17 20:53 --------- d-----w C:\Users\Guillaume\AppData\Roaming\uTorrent 2008-05-16 01:02 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-13 16:54 --------- d-----w C:\Program Files\eMule 2008-05-12 12:01 --------- d-----w C:\ProgramData\FLEXnet 2008-05-11 22:43 --------- d-----w C:\Program Files\LimeWire 2008-05-11 22:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-11 22:38 --------- d-----w C:\Users\Guillaume\AppData\Roaming\LimeWire 2008-05-01 18:18 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Propellerhead Software 2008-04-28 17:28 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Snapfish 2008-04-23 22:03 --------- d-----w C:\Program Files\Java 2008-04-23 13:35 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-04-23 13:26 --------- d-----w C:\Program Files\MSBuild 2008-04-23 13:26 --------- d-----w C:\Program Files\Microsoft Works 2008-04-23 13:25 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-23 13:22 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-04-20 16:01 --------- d-----w C:\Users\Guillaume\AppData\Roaming\OpenOffice.org2 2008-04-20 12:28 --------- d-----w C:\Program Files\Notepad++ 2008-04-19 23:36 --------- d-----w C:\Users\Guillaume\AppData\Roaming\Notepad++ 2008-04-19 20:50 --------- d-----w C:\Program Files\FileZilla FTP Client 2008-04-19 16:43 --------- d-----w C:\Users\Guillaume\AppData\Roaming\InstallShield Installation Information 2008-04-13 17:44 --------- d-----w C:\Program Files\EasyPHP 2.0b1 2008-04-13 14:33 --------- d-----w C:\Program Files\Guitar Pro 5 2008-04-13 13:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-11 12:05 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-03-03 17:02 22,328 ----a-w C:\Users\Guillaume\AppData\Roaming\PnkBstrK.sys 2008-02-13 16:00 32 ----a-w C:\Users\All Users\ezsid.dat 2008-02-13 16:00 32 ----a-w C:\ProgramData\ezsid.dat 2008-02-03 19:40 675 ----a-w C:\Users\Guillaume\AppData\Roaming\waver_2.95.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "Steam"="c:\program files\steam\steam.exe" [2008-03-30 18:13 1271032] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 14:45 133576] "Taskbar Hide"="C:\PROGRA~1\TASKBA~1\TaskBar.exe" [ ] "Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 12:23 1365504] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 16:36 178712] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 13:27 4702208 C:\Windows\RtHDVCpl.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Diamondback"="C:\Program Files\Razer\Diamondback\razerhid.exe" [2007-02-14 12:15 147456] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920] "4ef57929"="C:\Windows\system32\gvreohjn.dll" [2008-06-06 02:03 96192] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-26 17:53 218376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ] C:\Users\Guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-06-05 21:24:16 3450608] RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-06-05 20:49:01 495616] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Users^Guillaume^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk] path=C:\Users\Guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Guillaume^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk] path=C:\Users\Guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk backup=C:\Windows\pss\Stardock ObjectDock.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-03-01 00:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] --a------ 2005-10-23 01:00 385024 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{C13862A4-F2EE-4907-97CF-FB7E34D73810}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{1C3C1F2F-24B8-401B-AE24-05AF554BAF3A}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "{8FF7B4CB-5B8D-40BA-9DCB-2B7267EE468C}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "{2C88EAF4-EE7E-4305-829A-24C19A1EBDEA}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{47C1DEEC-B0D1-41E7-8607-B3F1ECD9334E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{4B12BBBE-1107-4576-B3CF-0262D7FB077B}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{C209AB61-A323-4F4A-8180-13F0B0D2DA9D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{0C373167-59D7-4139-A774-AA41FBCC8346}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{4CEF8803-7CD7-42BB-9A6D-82D568F4A559}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{EC5139B3-F13A-4317-803D-5AC7A792425C}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{887D334E-B331-4FF3-A460-606F89C42111}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{A09353C8-543B-4B6B-BAE7-73ECDC722758}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{F0B2750A-9CCE-45EF-8915-BB1517E719EB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{DD65914D-FBE8-4A8F-9E5C-E4D46EA741ED}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{31FC4DBB-CA71-44A6-B26C-523AE861A02F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{A0519F41-FE4D-4F59-A449-BC03C3C23705}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{0E8743BF-420B-484B-A3D7-294838678A93}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{0922FC96-5F5D-4282-9416-ADB086954B23}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{6037F354-B344-4E64-8B19-9AD77D0F8721}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{5D2F77D9-FDEA-43FB-86AD-7493E8AD0722}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{19C9EE20-47D9-4661-A61D-19207BEC72C2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 15:59] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43] R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athru6.sys [2007-05-16 19:43] R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 21:08] R3 Razerlow;Razerlow USB Filter Driver;C:\Windows\system32\Drivers\Razerlow.sys [2005-04-24 23:43] S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 21:05] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-05 20:39] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ca50e3a-e245-11dc-8b28-001d92001f20}] \shell\AutoRun\command - K:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4badad9-baa3-11dc-a724-001d92001f20}] \shell\AutoRun\command - I:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 18:41:05 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\Users\Guillaume\AppData\Local\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1243 bytes hidden from API Scan termin‚ avec succŠs Les fichiers cach‚s: 1 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\RocketDock\RocketDock.dll -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll -> C:\Windows\system32\gvreohjn.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MagicTune Premium\MagicTuneEngine.exe C:\Windows\System32\PnkBstrA.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\Razer\Diamondback\razertra.exe C:\Program Files\Razer\Diamondback\razerofa.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-06 18:50:42 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-06 16:50:30 Pre-Run: 613,052,973,056 octets libres Post-Run: 612,981,952,512 octets libres 281 --- E O F --- 2008-05-29 16:26:47