Trojan win32 vundo.gen!BC
shaiko Messages postés 106 Date d'inscription Statut Membre Dernière intervention -
jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention - 30 avril 2009 à 16:08
jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention - 30 avril 2009 à 16:08
A voir également:
- Trojan b901 system32 win config 34
- Ms config - Guide
- Connaitre sa config pc - Guide
- Win rar - Télécharger - Compression & Décompression
- Forum Windows 10
- Forum Virus
32 réponses
slt,
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Salut jlpjlp,
merci de venir m'aider, c'est cool
Voici le rapport log
Logfile of random's system information tool 1.06 (written by random/random)
Run by LOULOU at 2009-04-08 13:23:03
Microsoft® Windows Vista™ Édition Familiale Service Pack 1
System drive C: has 21 GB (12%) free of 180 GB
Total RAM: 2046 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:23:25 PM, on 08/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\s\LOULOU\Desktop\RSIT.exe
C:\Program Files\trend micro\LOULOU.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {091dab19-a6bb-45cf-ad42-edcbcdd6d5c6} - C:\ProgramData\wimohigi\wimohigi.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\Windows\system32\Nvl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zaduyuwibe] Rundll32.exe "C:\ProgramData\fenozano\fenozano.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Cognac] C:\s\LOULOU\AppData\Local\Temp\~tmpa.exe
O4 - HKCU\..\Run: [zaduyuwibe] Rundll32.exe "C:\ProgramData\fenozano\fenozano.dll",s
O4 - HKCU\..\Run: [Diagnostic Manager] C:\s\LOULOU\AppData\Local\Temp\2503048393.exe
O4 - HKCU\..\Run: [M21ecd6e6] Rundll32.exe "C:\ProgramData\tiyunike\tiyunike.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [zaduyuwibe] Rundll32.exe "C:\Windows\system32\wisepale.dll",s ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem ( 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] C:\Windows\TEMP\ydj6d.exe ( 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\Windows\TEMP\ydj6d.exe ( 'Default ')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = LOULOU\AppData\Local\Temp\{69F91187-803B-416A-8B25-186FFB893E10}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo er 5 Control) - http://.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoer5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/Driver/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo er 4 Control) - http://.facebook.com/controls/FacebookPhotoer3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\vosorudi.dll C:\Windows\system32\wisepale.dll c:\PROGRA~2\tiyunike\tiyunike.dll,C:\Windows\system32\miwovima.dll,C:\Windows\system32\jutofeke.dll,C:\Windows\system32\selutanu.dll,C:\ProgramData\herutoho\herutoho.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
merci de venir m'aider, c'est cool
Voici le rapport log
Logfile of random's system information tool 1.06 (written by random/random)
Run by LOULOU at 2009-04-08 13:23:03
Microsoft® Windows Vista™ Édition Familiale Service Pack 1
System drive C: has 21 GB (12%) free of 180 GB
Total RAM: 2046 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:23:25 PM, on 08/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\s\LOULOU\Desktop\RSIT.exe
C:\Program Files\trend micro\LOULOU.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {091dab19-a6bb-45cf-ad42-edcbcdd6d5c6} - C:\ProgramData\wimohigi\wimohigi.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\Windows\system32\Nvl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zaduyuwibe] Rundll32.exe "C:\ProgramData\fenozano\fenozano.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Cognac] C:\s\LOULOU\AppData\Local\Temp\~tmpa.exe
O4 - HKCU\..\Run: [zaduyuwibe] Rundll32.exe "C:\ProgramData\fenozano\fenozano.dll",s
O4 - HKCU\..\Run: [Diagnostic Manager] C:\s\LOULOU\AppData\Local\Temp\2503048393.exe
O4 - HKCU\..\Run: [M21ecd6e6] Rundll32.exe "C:\ProgramData\tiyunike\tiyunike.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [zaduyuwibe] Rundll32.exe "C:\Windows\system32\wisepale.dll",s ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem ( 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [] C:\Windows\TEMP\ydj6d.exe ( 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\Windows\TEMP\ydj6d.exe ( 'Default ')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = LOULOU\AppData\Local\Temp\{69F91187-803B-416A-8B25-186FFB893E10}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo er 5 Control) - http://.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoer5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/Driver/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo er 4 Control) - http://.facebook.com/controls/FacebookPhotoer3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\vosorudi.dll C:\Windows\system32\wisepale.dll c:\PROGRA~2\tiyunike\tiyunike.dll,C:\Windows\system32\miwovima.dll,C:\Windows\system32\jutofeke.dll,C:\Windows\system32\selutanu.dll,C:\ProgramData\herutoho\herutoho.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
vire ces tachs plannifiées qui entraine les reinfections de ton ordi
en allant dans poste de travail puis
C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
___________________________
colle un rapport avec malwarebyte (scan rapide)
__________________________
télécharge combofix (par sUBs) ici :
http://.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
en allant dans poste de travail puis
C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
___________________________
colle un rapport avec malwarebyte (scan rapide)
__________________________
télécharge combofix (par sUBs) ici :
http://.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1949
Windows 6.0.6001 Service Pack 1
08/04/2009 02:29:20 PM
mbam-log-2009-04-08 (14-29-20).txt
Type de recherche: Examen rapide
Eléments examinés: 63990
Temps écoulé: 3 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\m21ecd6e6 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zaduyuwibe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zaduyuwibe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.er) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
je redemarre comme conseillé par malwarevytes
a toute
Version de la base de données: 1949
Windows 6.0.6001 Service Pack 1
08/04/2009 02:29:20 PM
mbam-log-2009-04-08 (14-29-20).txt
Type de recherche: Examen rapide
Eléments examinés: 63990
Temps écoulé: 3 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\m21ecd6e6 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zaduyuwibe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zaduyuwibe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.er) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
je redemarre comme conseillé par malwarevytes
a toute
yo, combo fix detecte norton en activité mais je ne le trouve nulle part sur mon pc car je l'ai desinstallé il y a longtemps ...... je fais quoi ??
tu es toujours la ?? je fais comment avec combi fix alors ? il detecte norton 360, mais je ne le trouve pourtant pas dans mon ordi et j'ai bien cherché
vire les restes de norton
comme ceci
http://service1.symantec.com//INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
fais ensuite combofix
comme ceci
http://service1.symantec.com//INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
fais ensuite combofix
désolé c'est tres long, combofix a terminé, mais ensuite au moment du redemarrage ya eu un ecran bleu flippant de windows, puis l'outil de reparation du systeme s'est mis en marche ...enfin la c'est bon il a redemarré bien, mais du coup je refais un combofix car du coup le rapport ne s'est pas affiché ..a toute
voici le rapport combofix
ComboFix 09-04-04.01 - LOULOU 2009-04-08 17:03:13.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale 6.0.6001.1.1252.33.1036.18.2046.1245 [GMT 2:00]
Lancé depuis: c:\s\LOULOU\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 ))))))))))))))))))))))))))))))))))))
.
2009-04-08 16:59 . 2009-04-08 17:09 308,852,947 --a------ c:\windows\MEMORY.DMP
2009-04-08 16:41 . 2009-04-08 16:41 <REP> d-------- c:\programdata\NortonInstaller
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- C:\rsit
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- c:\program files\trend micro
2009-04-08 09:11 . 2009-04-08 09:18 <REP> d-------- c:\programdata\tiyunike
2009-04-08 09:11 . 2009-04-08 13:09 <REP> d-------- c:\programdata\linanotu
2009-04-08 09:11 . 2009-04-08 16:40 <REP> d-------- c:\programdata\fubatuzo
2009-04-07 23:09 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-04-07 23:09 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-04-07 23:09 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-04-07 23:09 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-04-07 23:09 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardl.l
2009-04-07 23:09 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-04-07 23:05 . 2009-04-07 23:05 0 --a------ c:\windows\RAVTC.TMP
2009-04-07 23:02 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-04-07 23:02 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-04-07 23:02 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-04-07 23:01 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-04-07 23:01 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-04-07 22:58 . 2009-04-07 22:58 410,984 --a------ c:\windows\System32\deploytk.dll
2009-04-07 22:57 . 2009-04-07 22:57 0 --------- c:\windows\PAVSHRB.INI
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\programdata\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-07 22:22 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-07 22:22 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-07 22:18 . 2009-04-07 22:18 28,320 --a------ c:\windows\System32\drivers\sifzbtej.sys
2009-04-06 16:25 . 2009-04-08 16:40 <REP> d-------- c:\programdata\toladeya
2009-04-05 17:58 . 2009-04-08 16:40 <REP> d-------- c:\programdata\goyipeme
2009-04-04 16:37 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mofanedo
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\wimohigi
2009-04-03 14:02 . 2009-04-08 13:06 <REP> d-------- c:\programdata\herutoho
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\fenozano
2009-04-03 14:00 . 2009-04-07 22:36 <REP> d-------- c:\programdata\zulagovi
2009-04-03 14:00 . 2009-04-08 16:40 <REP> d-------- c:\programdata\yubiwojo
2009-04-03 14:00 . 2009-04-03 14:00 <REP> d-------- c:\programdata\niyihese
2009-04-03 14:00 . 2009-04-07 22:34 <REP> d-------- c:\programdata\govegomu
2009-04-03 00:14 . 2009-04-08 16:40 <REP> d-------- c:\programdata\nojibipu
2009-04-03 00:13 . 2009-04-07 00:00 <REP> d-------- c:\s\LOULOU\AppData\Roaming\skypePM
2009-04-03 00:13 . 2009-04-03 00:13 56 --ah----- c:\programdata\ezsidmv.dat
2009-04-03 00:12 . 2009-04-03 00:12 <REP> dr------- c:\program files\Skype
2009-04-03 00:12 . 2009-04-03 00:12 <REP> d-------- c:\program files\Common Files\Skype
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\zotowuru
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\yinuyoni
2009-04-02 12:13 . 2009-04-02 12:34 <REP> d-------- c:\programdata\retegefu
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\hewalote
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\delehele
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\betakoso
2009-04-02 00:13 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mevozeha
2009-04-02 00:13 . 2009-04-07 23:45 <REP> d-------- c:\programdata\feyiloto
2009-03-11 21:08 . 2009-03-11 21:08 <REP> d-------- c:\program files\GSC Game World
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Pro
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\programdata\DAEMON Tools Lite
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-03-11 20:45 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Lite
2009-03-11 20:26 . 2009-03-11 20:26 <REP> d-------- c:\programdata\Roxio
2009-03-11 20:24 . 2009-03-11 20:26 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Roxio
2009-03-11 19:13 . 2009-03-11 19:14 <REP> d-------- c:\s\LOULOU\AppData\Roaming\SPORE
2009-03-11 19:11 . 2009-03-11 19:11 <REP> dr-h----- c:\s\LOULOU\AppData\Roaming\SecuROM
2009-03-11 10:52 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 10:52 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 10:51 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 10:51 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 20:57 --------- d-----w c:\program files\Java
2009-04-07 20:48 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-07 20:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 19:47 --------- d-----w c:\program files\CCleaner
2009-04-07 16:24 --------- d-----w c:\s\LOULOU\AppData\Roaming\uTorrent
2009-04-06 23:30 --------- d-----w c:\s\LOULOU\AppData\Roaming\Skype
2009-04-02 22:12 --------- d-----w c:\programdata\Skype
2009-03-31 21:59 223,934 ----a-w c:\s\LOULOU\AppData\Roaming\nvModes.dat
2009-03-23 15:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 11:52 --------- d-----w c:\program files\Metin2_
2009-03-12 18:38 --------- d-----w c:\program files\Windows Mail
2009-03-11 19:06 --------- d-----w c:\s\LOULOU\AppData\Roaming\DAEMON Tools
2009-03-11 18:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-11 17:03 --------- d-----w c:\program files\Electronic Arts
2009-03-01 21:25 --------- d-----w c:\programdata\Electronic Arts
2009-02-24 13:21 --------- d-----w c:\s\LOULOU\AppData\Roaming\Atari
2009-02-24 13:17 --------- d-----w c:\s\LOULOU\AppData\Roaming\Leadertech
2009-02-24 13:06 --------- d-----w c:\program files\Atari
2009-02-23 21:28 --------- d-----w c:\program files\uTorrent
2009-02-19 01:59 --------- d-----w c:\program files\Google
2009-02-17 07:54 --------- d-----w c:\program files\DivX
2009-01-20 13:24 174 --sha-w c:\program files\desktop.ini
2008-06-01 21:35 5,682 ----a-w c:\s\LOULOU\AppData\Roaming\wklnhst.dat
2007-11-14 17:11 22,328 ----a-w c:\s\LOULOU\AppData\Roaming\PnkBstrK.sys
2008-11-16 22:35 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-03 20:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-17 29744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvlDaemon"="c:\windows\system32\Nvl.dll" [2007-06-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
c:\s\LOULOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 739880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 08:33 98304 c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB7EE62E-514C-4ED2-96CC-E76742C6C8BA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6785C36-3B71-4EC6-8473-E9FD35A708F1}"= T:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{93C3FF1C-85CA-4F0A-A50F-F70534120517}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{118CEEBF-6311-4A81-A47B-F47606B5CBD3}"= Disabled:T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{316EA76B-B568-42EA-95F3-0109AB8EA870}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{88469EB4-4B06-4D20-B8A9-3BBA166C1D56}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{D9908554-A2C2-4B9F-804B-3517AF46D966}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{9BC30465-1180-4166-8D1F-0FCD7D1CC954}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{75D82640-B909-4A0C-BE49-42497CA673B2}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{5D5BEBCE-E214-4DE9-9EE1-4672F4D796F7}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{7A850012-1055-48BF-B522-6C74674AC924}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D2B1522F-CCD4-40CB-9A1C-19B827A90265}"= T:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1FB827CF-5D00-40E1-AC7C-985474FC750A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CCDDE7B3-5E87-4DAF-A244-DED7287CBE11}"= T:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EC8E278D-4838-4EE3-93BA-CBC9A0BA8AE4}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{AD8E3901-A158-4A3F-821F-C99754C2C917}"= T:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{63F025D1-B60B-4B47-A5B0-54457738B9B3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EBB36171-16AE-4355-8300-3A54AD96903C}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{B4E0DFE4-F1BB-4061-A8D3-511C451FCDF3}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5798E201-550D-4C36-93A9-53C4ABEB9803}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EDB28EC4-15E9-4D6C-92E1-F765466E9CA7}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5EDD7D17-E07C-4A2E-8DDA-474E11476220}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C3FD154C-C680-41FA-9D4C-00AF5D60BFA9}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{6D36E7FF-2BCE-4E03-BF83-B6A0A33DC36E}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{638103A7-5F79-49D7-A800-106A79F5F714}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9DA55446-CE37-42F3-A3AB-EDC9AC58E37A}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{2F1B791E-125E-4676-8BC9-C7376EF67D1C}"= T:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"T Query {AB4DA13B-A8EE-490C-B94D-DBC893B12F39}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {4701FED6-0B75-4404-AD26-7F3F6C176596}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {FCF347F4-4850-4B6E-8378-7A9C5F8DAACE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query {403422EC-0B56-49BF-AFA9-AF5C39386842}c:\\program files\\internet explorer\\iexplore.exe"= T:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"T Query {7B231355-91EC-4DF4-9B01-B2E1CFDFF4E4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query {633F1F87-CA0A-49B3-8A22-26D809151477}c:\\program files\\emule\\emule.exe"= T:c:\program files\emule\emule.exe:eMule
"T Query {6279BC70-B4A4-4A66-A19D-BCE7869E0E4E}c:\\program files\\team17\\worms armageddon\\wa.exe"= UDP:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"UDP Query {00F48F3C-6725-4589-B9EC-01832517A27C}c:\\program files\\team17\\worms armageddon\\wa.exe"= T:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"T Query {A61540CE-73E1-43CB-9DEC-BA9F868EB181}c:\\program files\\team17\\worms 2\\frontend.exe"= UDP:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"UDP Query {5A5194CB-D36F-417A-83E6-EA53C2CB85B6}c:\\program files\\team17\\worms 2\\frontend.exe"= T:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"T Query {7F40AA1D-A37D-4098-88EB-EFD8F2BBE1EF}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {F7EB5A9D-8A39-4B20-A5E0-688CAB44C1F9}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {A53B07B8-5311-41E0-A0EF-E42877139A20}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {E25A91CF-7720-4220-A0DB-1B8A9B16139B}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"{6A7A8727-9C46-4363-B2BC-F04B393E9746}"= UDP:54178:Azureus 54178 T
"{EA6E3AF1-15DC-4C8A-B2CB-FBABBBF4B571}"= T:54178:Azureus 54178 UDP
"T Query {A2D16300-ED91-487C-9D67-9013488E805B}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {14B3F83F-7556-44E2-85DE-CF36694C972D}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"T Query {19216D63-D30C-43D2-9746-D6C518AF2AF1}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= UDP:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"UDP Query {0961AA07-7C08-428F-9060-78801F99F16E}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= T:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"T Query {62357B01-BF68-4238-95A6-51339425AFBD}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {CF0B450E-B97B-4F13-ACCB-284A9D947B5B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {268C976C-DD0C-4C07-9D9E-3DCBA3A89798}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query {86F58307-0F6D-432A-9B6E-63F4BAD95F7F}c:\\windows\\system32\\dplaysvr.exe"= T:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"T Query {E6BCEB50-C2BB-4430-8607-40DC8C60425B}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query {B3423FC6-4B47-4B69-A9AB-8ED5ACC1461E}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= T:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"T Query {F2DE20D8-445E-49EE-8E1A-6E231E227523}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query {C6CE2BEB-45DB-485E-AB8D-E8797F673ABF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= T:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{B3DF7D74-8051-4962-9744-01FE9583D90F}"= UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E61208E1-7405-470E-9BBC-E0F0917C0A09}"= T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"T Query {B73D7D1E-F16B-4E4D-89DE-5F53DC65ABBC}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {3736A79C-E40B-47FA-A4DE-BA0D9F62FC3B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {AFBDCDAC-AF9B-49E3-B7BA-2BB93701C6A5}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query {0A85C32D-3C81-4A45-B95F-D29B42823984}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= T:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"{8256E9E7-A9E5-46DE-AC62-79E4D0C23F6A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C10322C9-CDDA-4817-B67C-DD28B639CE65}"= T:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D746BEDF-95CD-404E-844D-7BF0D0846D3D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A6ED5F3F-54EC-485D-A961-D89D55A8AD9D}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{29485F5D-2DFC-4AF6-981C-A75A77A5A930}"= UDP:86:BroadCam Web Server
"T Query {01CE8517-2F48-4C6A-80C6-C9A2C6F14080}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query {71186C0B-7559-4592-BB18-F1D5A7AF7290}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= T:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"T Query {796B2BA3-88EC-4BA9-AF28-B9C4B83C50A1}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query {5D1DBAD9-01F0-40FB-AEFD-5F98F99719E8}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= T:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{2B832080-D4C4-48F2-93F5-F2F6F3201887}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (T-In)
"{B189AA1A-FDC7-4A67-80BF-374CF7DAC4D3}"= T:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"T Query {03E9CCCC-2B08-4569-A462-1F9BC21107D5}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {267DCBB3-0FBD-45D4-B535-5A0EC136488A}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"{4985F146-DD4A-47C1-A756-53184DCAD5D8}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{93CE50F5-6604-454E-B759-8B05F33DB9EF}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{F20BECCB-339D-48F3-8503-CDC08787DD26}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{46C1667B-342F-4E29-B901-6DF0B5C6EEDC}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{FB9FA2DF-6440-4CB7-8934-29242926DA81}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{3CF15280-DC5B-4969-9AB0-2000057AD22D}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"T Query {95C8A65C-DEE4-4B84-BB11-3FF9E68C5581}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {45963564-7CA4-4DD1-8B54-A006626DDE0C}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"T Query {1D193859-A5F3-4231-B897-27832AB422EC}c:\\program files\\metin2_\\metin2.bin"= UDP:c:\program files\metin2_\metin2.bin:metin2.bin
"UDP Query {CFA81A6E-E4CD-421F-B3E9-99936B898C23}c:\\program files\\metin2_\\metin2.bin"= T:c:\program files\metin2_\metin2.bin:metin2.bin
"{6807E4D8-EFB9-4E6C-BD3B-8AA6FBA92E51}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{EAB1B2B1-34AE-4D29-8678-41D8F0F44B8F}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{E063BF09-18B0-49F6-9CF0-7F951E3350CA}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{C057C0CD-CE79-4393-9F0C-CD2CED382692}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{975380A9-50EE-4224-AD8D-6B2B4D7B8D98}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{E862D3AF-578E-4771-AE1F-644932B31423}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{2DB3449F-5FB7-432E-9F2E-BCEBEBD75BA5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{B6C1FA57-A689-40E6-8705-C0D79BCF6A6A}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{6E583829-3301-4128-847E-851E2B2DA779}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{5FF42E84-A5F2-4E0D-B045-EE087F8AD603}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{EEC57245-2497-497D-A186-DF4608AAD21B}"= UDP:c:\windows\System32\5wW42d14.exe:5wW42d14
"{83151526-3DF1-4D49-913E-437D125787EE}"= T:c:\windows\System32\5wW42d14.exe:5wW42d14
"{805B1508-F998-4396-BD33-E739D6C125A4}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{914AE9F4-9D1F-4F89-A8F8-5E17A1AB727E}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{5C67F97D-6A98-426E-B1B1-85316B635131}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{4168A88D-1452-47B4-BE79-DFC5C24395C9}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{D8682D4D-DEBC-4C2F-951F-16F499D342C0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4557A85A-2066-46C9-A0BA-FA95E2CEEE7D}"= UDP:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{6EE2652E-5AE9-40F2-AE99-4604845C1472}"= T:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{34F41E8F-390E-4950-8418-AD4623CAEDF8}"= UDP:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{82061BCF-225E-4552-B1AA-2135D1936CEC}"= T:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{2D586C79-B7EE-4711-996E-FD2FF878FBD5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{CE459480-564C-4F02-8A4F-9D16E42E4B8B}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{F6D32E9E-3533-45ED-850B-C386B37F0667}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{7048C1B2-FD0C-4C89-93F3-D38ADBCCD58C}"= T:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{643B49A4-60C5-440C-9A5F-1262119FBDD8}"= UDP:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F7DAF92E-3101-4D98-981E-94298B60124D}"= T:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F1BCBA2E-7F56-4205-B1C5-D4DB675C6F18}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{CFC00A38-4EE1-4FBB-A0AA-CC6E1245E986}"= T:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{C485B050-BD6B-470F-9503-884A993D6265}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{ECDBF387-3AB2-4279-B2E7-C2FF9999558F}"= T:c:\windows\System32\taskeng.exe:taskeng
"{ADE092F2-A599-47CA-86AF-4A6E999B4B40}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{A1B71AE8-6618-40D2-91C7-6A615A89E954}"= T:c:\windows\System32\winlogon.exe:winlogon
"{0FA21FA3-E919-48AC-A599-BC5ABBCD5483}"= UDP:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{527FD804-8D67-4D25-8653-4865F8BCFB6B}"= T:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{75BDDC4F-8419-4935-80E4-17434A0B43D4}"= UDP:c:\windows\System32\lsass.exe:lsass
"{EA632934-E1C6-4383-B41E-C8AE85E0BC61}"= T:c:\windows\System32\lsass.exe:lsass
"{842A5BB6-C7DC-4285-8E02-739B7BE664AE}"= UDP:c:\windows\System32\spoolsv.exe:spoolsv
"{9C64DFC3-EC16-4AF7-8475-7DE62DF5F8D3}"= T:c:\windows\System32\spoolsv.exe:spoolsv
"{C563884D-4A55-4D4E-B2E2-B0205CA7F4E3}"= UDP:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{946CA4DB-56FB-4D40-8B3A-0615AC147577}"= T:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{4456CC5F-7200-4B6C-BBC4-8EAC35F937BA}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{4DC2FDD4-F92E-4715-81D1-86BD88148202}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{0ADCE7C6-06D8-4E50-9633-2C089D3F8D2F}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{7DB979B6-141A-417A-8B7E-566E5266F663}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{8898B726-42C4-4ED2-80C4-6739134F6249}"= UDP:c:\windows\System32\wininit.exe:wininit
"{6F64A62E-75D3-4336-8992-86C981F49A1E}"= T:c:\windows\System32\wininit.exe:wininit
"{596D8D2D-9BD2-46D7-8C0B-53F63DD658B3}"= UDP:c:\windows\System32\wininit.exe:wininit
"{95F864A4-6100-4F82-A075-A6F4B019B698}"= T:c:\windows\System32\wininit.exe:wininit
"{6FB8DFCB-6528-4B6D-963A-72798E1338AE}"= UDP:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
"{D4783602-B593-4D67-A2D0-5033025F24A0}"= T:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-30 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2007-07-20 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-07-21 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-07-21 43904]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-07-21 812544]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-23 29744]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-08-08 415392]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-08-08 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-08 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-08 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-08-08 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-08 79736]
--- Autres Services/Pilotes en mémoire ---
*Deed* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{3641152b-bace-11dc-ae9e-001bfb5784a2}]
\shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ed34ba-8934-11dc-9142-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dda2a3c-3d85-11dd-9f05-001bfb5784a2}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{091dab19-a6bb-45cf-ad42-edcbcdd6d5c6} - c:\programdata\wimohigi\wimohigi.dll
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\ydj6d.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.repubblica.it/
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\s\LOULOU\AppData\Roaming\Mozilla\Firefox\Profiles\nnqj9sev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security._cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 17:10:30
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(2628)
c:\windows\system32\btmmhook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\stacsv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\conime.exe
c:\windows\System32\WerFault.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WordWeb\wweb32.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-04-08 17:17:23 - La machine a redémarré [LOULOU]
ComboFix-quarantined-files.txt 2009-04-08 15:17:19
Avant-CF: 21,595,267,072 octets libres
Après-CF: 21,362,335,744 octets libres
399 --- E O F --- 2009-04-07 21:20:27
ComboFix 09-04-04.01 - LOULOU 2009-04-08 17:03:13.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale 6.0.6001.1.1252.33.1036.18.2046.1245 [GMT 2:00]
Lancé depuis: c:\s\LOULOU\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 ))))))))))))))))))))))))))))))))))))
.
2009-04-08 16:59 . 2009-04-08 17:09 308,852,947 --a------ c:\windows\MEMORY.DMP
2009-04-08 16:41 . 2009-04-08 16:41 <REP> d-------- c:\programdata\NortonInstaller
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- C:\rsit
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- c:\program files\trend micro
2009-04-08 09:11 . 2009-04-08 09:18 <REP> d-------- c:\programdata\tiyunike
2009-04-08 09:11 . 2009-04-08 13:09 <REP> d-------- c:\programdata\linanotu
2009-04-08 09:11 . 2009-04-08 16:40 <REP> d-------- c:\programdata\fubatuzo
2009-04-07 23:09 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-04-07 23:09 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-04-07 23:09 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-04-07 23:09 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-04-07 23:09 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardl.l
2009-04-07 23:09 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-04-07 23:05 . 2009-04-07 23:05 0 --a------ c:\windows\RAVTC.TMP
2009-04-07 23:02 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-04-07 23:02 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-04-07 23:02 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-04-07 23:01 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-04-07 23:01 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-04-07 22:58 . 2009-04-07 22:58 410,984 --a------ c:\windows\System32\deploytk.dll
2009-04-07 22:57 . 2009-04-07 22:57 0 --------- c:\windows\PAVSHRB.INI
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\programdata\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-07 22:22 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-07 22:22 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-07 22:18 . 2009-04-07 22:18 28,320 --a------ c:\windows\System32\drivers\sifzbtej.sys
2009-04-06 16:25 . 2009-04-08 16:40 <REP> d-------- c:\programdata\toladeya
2009-04-05 17:58 . 2009-04-08 16:40 <REP> d-------- c:\programdata\goyipeme
2009-04-04 16:37 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mofanedo
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\wimohigi
2009-04-03 14:02 . 2009-04-08 13:06 <REP> d-------- c:\programdata\herutoho
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\fenozano
2009-04-03 14:00 . 2009-04-07 22:36 <REP> d-------- c:\programdata\zulagovi
2009-04-03 14:00 . 2009-04-08 16:40 <REP> d-------- c:\programdata\yubiwojo
2009-04-03 14:00 . 2009-04-03 14:00 <REP> d-------- c:\programdata\niyihese
2009-04-03 14:00 . 2009-04-07 22:34 <REP> d-------- c:\programdata\govegomu
2009-04-03 00:14 . 2009-04-08 16:40 <REP> d-------- c:\programdata\nojibipu
2009-04-03 00:13 . 2009-04-07 00:00 <REP> d-------- c:\s\LOULOU\AppData\Roaming\skypePM
2009-04-03 00:13 . 2009-04-03 00:13 56 --ah----- c:\programdata\ezsidmv.dat
2009-04-03 00:12 . 2009-04-03 00:12 <REP> dr------- c:\program files\Skype
2009-04-03 00:12 . 2009-04-03 00:12 <REP> d-------- c:\program files\Common Files\Skype
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\zotowuru
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\yinuyoni
2009-04-02 12:13 . 2009-04-02 12:34 <REP> d-------- c:\programdata\retegefu
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\hewalote
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\delehele
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\betakoso
2009-04-02 00:13 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mevozeha
2009-04-02 00:13 . 2009-04-07 23:45 <REP> d-------- c:\programdata\feyiloto
2009-03-11 21:08 . 2009-03-11 21:08 <REP> d-------- c:\program files\GSC Game World
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Pro
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\programdata\DAEMON Tools Lite
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-03-11 20:45 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Lite
2009-03-11 20:26 . 2009-03-11 20:26 <REP> d-------- c:\programdata\Roxio
2009-03-11 20:24 . 2009-03-11 20:26 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Roxio
2009-03-11 19:13 . 2009-03-11 19:14 <REP> d-------- c:\s\LOULOU\AppData\Roaming\SPORE
2009-03-11 19:11 . 2009-03-11 19:11 <REP> dr-h----- c:\s\LOULOU\AppData\Roaming\SecuROM
2009-03-11 10:52 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 10:52 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 10:51 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 10:51 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 20:57 --------- d-----w c:\program files\Java
2009-04-07 20:48 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-07 20:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 19:47 --------- d-----w c:\program files\CCleaner
2009-04-07 16:24 --------- d-----w c:\s\LOULOU\AppData\Roaming\uTorrent
2009-04-06 23:30 --------- d-----w c:\s\LOULOU\AppData\Roaming\Skype
2009-04-02 22:12 --------- d-----w c:\programdata\Skype
2009-03-31 21:59 223,934 ----a-w c:\s\LOULOU\AppData\Roaming\nvModes.dat
2009-03-23 15:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 11:52 --------- d-----w c:\program files\Metin2_
2009-03-12 18:38 --------- d-----w c:\program files\Windows Mail
2009-03-11 19:06 --------- d-----w c:\s\LOULOU\AppData\Roaming\DAEMON Tools
2009-03-11 18:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-11 17:03 --------- d-----w c:\program files\Electronic Arts
2009-03-01 21:25 --------- d-----w c:\programdata\Electronic Arts
2009-02-24 13:21 --------- d-----w c:\s\LOULOU\AppData\Roaming\Atari
2009-02-24 13:17 --------- d-----w c:\s\LOULOU\AppData\Roaming\Leadertech
2009-02-24 13:06 --------- d-----w c:\program files\Atari
2009-02-23 21:28 --------- d-----w c:\program files\uTorrent
2009-02-19 01:59 --------- d-----w c:\program files\Google
2009-02-17 07:54 --------- d-----w c:\program files\DivX
2009-01-20 13:24 174 --sha-w c:\program files\desktop.ini
2008-06-01 21:35 5,682 ----a-w c:\s\LOULOU\AppData\Roaming\wklnhst.dat
2007-11-14 17:11 22,328 ----a-w c:\s\LOULOU\AppData\Roaming\PnkBstrK.sys
2008-11-16 22:35 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-03 20:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-17 29744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvlDaemon"="c:\windows\system32\Nvl.dll" [2007-06-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
c:\s\LOULOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 739880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 08:33 98304 c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB7EE62E-514C-4ED2-96CC-E76742C6C8BA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6785C36-3B71-4EC6-8473-E9FD35A708F1}"= T:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{93C3FF1C-85CA-4F0A-A50F-F70534120517}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{118CEEBF-6311-4A81-A47B-F47606B5CBD3}"= Disabled:T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{316EA76B-B568-42EA-95F3-0109AB8EA870}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{88469EB4-4B06-4D20-B8A9-3BBA166C1D56}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{D9908554-A2C2-4B9F-804B-3517AF46D966}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{9BC30465-1180-4166-8D1F-0FCD7D1CC954}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{75D82640-B909-4A0C-BE49-42497CA673B2}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{5D5BEBCE-E214-4DE9-9EE1-4672F4D796F7}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{7A850012-1055-48BF-B522-6C74674AC924}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D2B1522F-CCD4-40CB-9A1C-19B827A90265}"= T:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1FB827CF-5D00-40E1-AC7C-985474FC750A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CCDDE7B3-5E87-4DAF-A244-DED7287CBE11}"= T:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EC8E278D-4838-4EE3-93BA-CBC9A0BA8AE4}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{AD8E3901-A158-4A3F-821F-C99754C2C917}"= T:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{63F025D1-B60B-4B47-A5B0-54457738B9B3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EBB36171-16AE-4355-8300-3A54AD96903C}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{B4E0DFE4-F1BB-4061-A8D3-511C451FCDF3}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5798E201-550D-4C36-93A9-53C4ABEB9803}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EDB28EC4-15E9-4D6C-92E1-F765466E9CA7}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5EDD7D17-E07C-4A2E-8DDA-474E11476220}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C3FD154C-C680-41FA-9D4C-00AF5D60BFA9}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{6D36E7FF-2BCE-4E03-BF83-B6A0A33DC36E}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{638103A7-5F79-49D7-A800-106A79F5F714}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9DA55446-CE37-42F3-A3AB-EDC9AC58E37A}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{2F1B791E-125E-4676-8BC9-C7376EF67D1C}"= T:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"T Query {AB4DA13B-A8EE-490C-B94D-DBC893B12F39}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {4701FED6-0B75-4404-AD26-7F3F6C176596}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {FCF347F4-4850-4B6E-8378-7A9C5F8DAACE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query {403422EC-0B56-49BF-AFA9-AF5C39386842}c:\\program files\\internet explorer\\iexplore.exe"= T:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"T Query {7B231355-91EC-4DF4-9B01-B2E1CFDFF4E4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query {633F1F87-CA0A-49B3-8A22-26D809151477}c:\\program files\\emule\\emule.exe"= T:c:\program files\emule\emule.exe:eMule
"T Query {6279BC70-B4A4-4A66-A19D-BCE7869E0E4E}c:\\program files\\team17\\worms armageddon\\wa.exe"= UDP:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"UDP Query {00F48F3C-6725-4589-B9EC-01832517A27C}c:\\program files\\team17\\worms armageddon\\wa.exe"= T:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"T Query {A61540CE-73E1-43CB-9DEC-BA9F868EB181}c:\\program files\\team17\\worms 2\\frontend.exe"= UDP:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"UDP Query {5A5194CB-D36F-417A-83E6-EA53C2CB85B6}c:\\program files\\team17\\worms 2\\frontend.exe"= T:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"T Query {7F40AA1D-A37D-4098-88EB-EFD8F2BBE1EF}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {F7EB5A9D-8A39-4B20-A5E0-688CAB44C1F9}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {A53B07B8-5311-41E0-A0EF-E42877139A20}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {E25A91CF-7720-4220-A0DB-1B8A9B16139B}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"{6A7A8727-9C46-4363-B2BC-F04B393E9746}"= UDP:54178:Azureus 54178 T
"{EA6E3AF1-15DC-4C8A-B2CB-FBABBBF4B571}"= T:54178:Azureus 54178 UDP
"T Query {A2D16300-ED91-487C-9D67-9013488E805B}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {14B3F83F-7556-44E2-85DE-CF36694C972D}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"T Query {19216D63-D30C-43D2-9746-D6C518AF2AF1}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= UDP:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"UDP Query {0961AA07-7C08-428F-9060-78801F99F16E}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= T:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"T Query {62357B01-BF68-4238-95A6-51339425AFBD}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {CF0B450E-B97B-4F13-ACCB-284A9D947B5B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {268C976C-DD0C-4C07-9D9E-3DCBA3A89798}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query {86F58307-0F6D-432A-9B6E-63F4BAD95F7F}c:\\windows\\system32\\dplaysvr.exe"= T:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"T Query {E6BCEB50-C2BB-4430-8607-40DC8C60425B}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query {B3423FC6-4B47-4B69-A9AB-8ED5ACC1461E}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= T:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"T Query {F2DE20D8-445E-49EE-8E1A-6E231E227523}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query {C6CE2BEB-45DB-485E-AB8D-E8797F673ABF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= T:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{B3DF7D74-8051-4962-9744-01FE9583D90F}"= UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E61208E1-7405-470E-9BBC-E0F0917C0A09}"= T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"T Query {B73D7D1E-F16B-4E4D-89DE-5F53DC65ABBC}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {3736A79C-E40B-47FA-A4DE-BA0D9F62FC3B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {AFBDCDAC-AF9B-49E3-B7BA-2BB93701C6A5}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query {0A85C32D-3C81-4A45-B95F-D29B42823984}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= T:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"{8256E9E7-A9E5-46DE-AC62-79E4D0C23F6A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C10322C9-CDDA-4817-B67C-DD28B639CE65}"= T:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D746BEDF-95CD-404E-844D-7BF0D0846D3D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A6ED5F3F-54EC-485D-A961-D89D55A8AD9D}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{29485F5D-2DFC-4AF6-981C-A75A77A5A930}"= UDP:86:BroadCam Web Server
"T Query {01CE8517-2F48-4C6A-80C6-C9A2C6F14080}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query {71186C0B-7559-4592-BB18-F1D5A7AF7290}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= T:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"T Query {796B2BA3-88EC-4BA9-AF28-B9C4B83C50A1}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query {5D1DBAD9-01F0-40FB-AEFD-5F98F99719E8}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= T:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{2B832080-D4C4-48F2-93F5-F2F6F3201887}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (T-In)
"{B189AA1A-FDC7-4A67-80BF-374CF7DAC4D3}"= T:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"T Query {03E9CCCC-2B08-4569-A462-1F9BC21107D5}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {267DCBB3-0FBD-45D4-B535-5A0EC136488A}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"{4985F146-DD4A-47C1-A756-53184DCAD5D8}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{93CE50F5-6604-454E-B759-8B05F33DB9EF}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{F20BECCB-339D-48F3-8503-CDC08787DD26}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{46C1667B-342F-4E29-B901-6DF0B5C6EEDC}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{FB9FA2DF-6440-4CB7-8934-29242926DA81}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{3CF15280-DC5B-4969-9AB0-2000057AD22D}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"T Query {95C8A65C-DEE4-4B84-BB11-3FF9E68C5581}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {45963564-7CA4-4DD1-8B54-A006626DDE0C}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"T Query {1D193859-A5F3-4231-B897-27832AB422EC}c:\\program files\\metin2_\\metin2.bin"= UDP:c:\program files\metin2_\metin2.bin:metin2.bin
"UDP Query {CFA81A6E-E4CD-421F-B3E9-99936B898C23}c:\\program files\\metin2_\\metin2.bin"= T:c:\program files\metin2_\metin2.bin:metin2.bin
"{6807E4D8-EFB9-4E6C-BD3B-8AA6FBA92E51}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{EAB1B2B1-34AE-4D29-8678-41D8F0F44B8F}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{E063BF09-18B0-49F6-9CF0-7F951E3350CA}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{C057C0CD-CE79-4393-9F0C-CD2CED382692}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{975380A9-50EE-4224-AD8D-6B2B4D7B8D98}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{E862D3AF-578E-4771-AE1F-644932B31423}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{2DB3449F-5FB7-432E-9F2E-BCEBEBD75BA5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{B6C1FA57-A689-40E6-8705-C0D79BCF6A6A}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{6E583829-3301-4128-847E-851E2B2DA779}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{5FF42E84-A5F2-4E0D-B045-EE087F8AD603}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{EEC57245-2497-497D-A186-DF4608AAD21B}"= UDP:c:\windows\System32\5wW42d14.exe:5wW42d14
"{83151526-3DF1-4D49-913E-437D125787EE}"= T:c:\windows\System32\5wW42d14.exe:5wW42d14
"{805B1508-F998-4396-BD33-E739D6C125A4}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{914AE9F4-9D1F-4F89-A8F8-5E17A1AB727E}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{5C67F97D-6A98-426E-B1B1-85316B635131}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{4168A88D-1452-47B4-BE79-DFC5C24395C9}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{D8682D4D-DEBC-4C2F-951F-16F499D342C0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4557A85A-2066-46C9-A0BA-FA95E2CEEE7D}"= UDP:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{6EE2652E-5AE9-40F2-AE99-4604845C1472}"= T:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{34F41E8F-390E-4950-8418-AD4623CAEDF8}"= UDP:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{82061BCF-225E-4552-B1AA-2135D1936CEC}"= T:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{2D586C79-B7EE-4711-996E-FD2FF878FBD5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{CE459480-564C-4F02-8A4F-9D16E42E4B8B}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{F6D32E9E-3533-45ED-850B-C386B37F0667}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{7048C1B2-FD0C-4C89-93F3-D38ADBCCD58C}"= T:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{643B49A4-60C5-440C-9A5F-1262119FBDD8}"= UDP:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F7DAF92E-3101-4D98-981E-94298B60124D}"= T:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F1BCBA2E-7F56-4205-B1C5-D4DB675C6F18}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{CFC00A38-4EE1-4FBB-A0AA-CC6E1245E986}"= T:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{C485B050-BD6B-470F-9503-884A993D6265}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{ECDBF387-3AB2-4279-B2E7-C2FF9999558F}"= T:c:\windows\System32\taskeng.exe:taskeng
"{ADE092F2-A599-47CA-86AF-4A6E999B4B40}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{A1B71AE8-6618-40D2-91C7-6A615A89E954}"= T:c:\windows\System32\winlogon.exe:winlogon
"{0FA21FA3-E919-48AC-A599-BC5ABBCD5483}"= UDP:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{527FD804-8D67-4D25-8653-4865F8BCFB6B}"= T:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{75BDDC4F-8419-4935-80E4-17434A0B43D4}"= UDP:c:\windows\System32\lsass.exe:lsass
"{EA632934-E1C6-4383-B41E-C8AE85E0BC61}"= T:c:\windows\System32\lsass.exe:lsass
"{842A5BB6-C7DC-4285-8E02-739B7BE664AE}"= UDP:c:\windows\System32\spoolsv.exe:spoolsv
"{9C64DFC3-EC16-4AF7-8475-7DE62DF5F8D3}"= T:c:\windows\System32\spoolsv.exe:spoolsv
"{C563884D-4A55-4D4E-B2E2-B0205CA7F4E3}"= UDP:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{946CA4DB-56FB-4D40-8B3A-0615AC147577}"= T:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{4456CC5F-7200-4B6C-BBC4-8EAC35F937BA}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{4DC2FDD4-F92E-4715-81D1-86BD88148202}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{0ADCE7C6-06D8-4E50-9633-2C089D3F8D2F}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{7DB979B6-141A-417A-8B7E-566E5266F663}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{8898B726-42C4-4ED2-80C4-6739134F6249}"= UDP:c:\windows\System32\wininit.exe:wininit
"{6F64A62E-75D3-4336-8992-86C981F49A1E}"= T:c:\windows\System32\wininit.exe:wininit
"{596D8D2D-9BD2-46D7-8C0B-53F63DD658B3}"= UDP:c:\windows\System32\wininit.exe:wininit
"{95F864A4-6100-4F82-A075-A6F4B019B698}"= T:c:\windows\System32\wininit.exe:wininit
"{6FB8DFCB-6528-4B6D-963A-72798E1338AE}"= UDP:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
"{D4783602-B593-4D67-A2D0-5033025F24A0}"= T:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-30 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2007-07-20 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-07-21 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-07-21 43904]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-07-21 812544]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-23 29744]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-08-08 415392]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-08-08 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-08 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-08 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-08-08 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-08 79736]
--- Autres Services/Pilotes en mémoire ---
*Deed* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{3641152b-bace-11dc-ae9e-001bfb5784a2}]
\shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ed34ba-8934-11dc-9142-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dda2a3c-3d85-11dd-9f05-001bfb5784a2}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{091dab19-a6bb-45cf-ad42-edcbcdd6d5c6} - c:\programdata\wimohigi\wimohigi.dll
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\ydj6d.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.repubblica.it/
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\s\LOULOU\AppData\Roaming\Mozilla\Firefox\Profiles\nnqj9sev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security._cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 17:10:30
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(2628)
c:\windows\system32\btmmhook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\stacsv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\conime.exe
c:\windows\System32\WerFault.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WordWeb\wweb32.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-04-08 17:17:23 - La machine a redémarré [LOULOU]
ComboFix-quarantined-files.txt 2009-04-08 15:17:19
Avant-CF: 21,595,267,072 octets libres
Après-CF: 21,362,335,744 octets libres
399 --- E O F --- 2009-04-07 21:20:27
je dois filer à mon taff, peut on reprendre la desinfection dans la soirée ou dans journée de demain ?
merci !
Nicolas
merci !
Nicolas
ps si ca peut t'interresser voici le rapport suite à l'écran bleu
Signature du problème :
Nom d’événement de problème: BlueScreen
Version du système: 6.0.6001.2.1.0.768.3
Identificateur de paramètres régionaux: 8201
Informations supplémentaires sur le problème :
BCCode: 93
B1: 0000033C
B2: 00000000
B3: 00000000
B4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1
Fichiers aidant à décrire le problème :
C:\Windows\Minidump\Mini040809-02.dmp
C:\s\LOULOU\AppData\Local\Temp\WER-54631-0.sysdata.xml
C:\s\LOULOU\AppData\Local\Temp\WERBB43.tmp.version.txt
Lire notre déclaration de confidentialité :
https://privacy.microsoft.com/fr-fr/microsoft-error-reporting-privacy-statement
Signature du problème :
Nom d’événement de problème: BlueScreen
Version du système: 6.0.6001.2.1.0.768.3
Identificateur de paramètres régionaux: 8201
Informations supplémentaires sur le problème :
BCCode: 93
B1: 0000033C
B2: 00000000
B3: 00000000
B4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1
Fichiers aidant à décrire le problème :
C:\Windows\Minidump\Mini040809-02.dmp
C:\s\LOULOU\AppData\Local\Temp\WER-54631-0.sysdata.xml
C:\s\LOULOU\AppData\Local\Temp\WERBB43.tmp.version.txt
Lire notre déclaration de confidentialité :
https://privacy.microsoft.com/fr-fr/microsoft-error-reporting-privacy-statement
Pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
c:\programdata\tiyunike
c:\programdata\linanotu
c:\programdata\fubatuzo
c:\programdata\toladeya
c:\programdata\goyipeme
c:\programdata\mofanedo
c:\programdata\wimohigi
c:\programdata\herutoho
c:\programdata\fenozano
c:\programdata\zulagovi
c:\programdata\yubiwojo
c:\programdata\niyihese
c:\programdata\govegomu
c:\programdata\nojibipu
c:\programdata\yinuyoni
c:\programdata\retegefu
c:\programdata\hewalote
c:\programdata\delehele
c:\programdata\betakoso
c:\programdata\mevozeha
c:\programdata\feyiloto
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________________________
colle un scan en ligne avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
c:\programdata\tiyunike
c:\programdata\linanotu
c:\programdata\fubatuzo
c:\programdata\toladeya
c:\programdata\goyipeme
c:\programdata\mofanedo
c:\programdata\wimohigi
c:\programdata\herutoho
c:\programdata\fenozano
c:\programdata\zulagovi
c:\programdata\yubiwojo
c:\programdata\niyihese
c:\programdata\govegomu
c:\programdata\nojibipu
c:\programdata\yinuyoni
c:\programdata\retegefu
c:\programdata\hewalote
c:\programdata\delehele
c:\programdata\betakoso
c:\programdata\mevozeha
c:\programdata\feyiloto
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________________________
colle un scan en ligne avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
ComboFix 09-04-04.01 - LOULOU 2009-04-08 21:30:54.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale 6.0.6001.1.1252.33.1036.18.2046.1305 [GMT 2:00]
Lancé depuis: c:\s\LOULOU\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\s\LOULOU\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\programdata\betakoso
c:\programdata\delehele
c:\programdata\fenozano
c:\programdata\feyiloto
c:\programdata\fubatuzo
c:\programdata\govegomu
c:\programdata\goyipeme
c:\programdata\herutoho
c:\programdata\hewalote
c:\programdata\linanotu
c:\programdata\mevozeha
c:\programdata\mofanedo
c:\programdata\niyihese
c:\programdata\nojibipu
c:\programdata\retegefu
c:\programdata\tiyunike
c:\programdata\toladeya
c:\programdata\wimohigi
c:\programdata\yinuyoni
c:\programdata\yubiwojo
c:\programdata\zulagovi
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 ))))))))))))))))))))))))))))))))))))
.
2009-04-08 16:59 . 2009-04-08 17:09 308,852,947 --a------ c:\windows\MEMORY.DMP
2009-04-08 16:41 . 2009-04-08 16:41 <REP> d-------- c:\programdata\NortonInstaller
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- C:\rsit
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- c:\program files\trend micro
2009-04-08 09:11 . 2009-04-08 09:18 <REP> d-------- c:\programdata\tiyunike
2009-04-08 09:11 . 2009-04-08 13:09 <REP> d-------- c:\programdata\linanotu
2009-04-08 09:11 . 2009-04-08 16:40 <REP> d-------- c:\programdata\fubatuzo
2009-04-07 23:09 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-04-07 23:09 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-04-07 23:09 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-04-07 23:09 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-04-07 23:09 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardl.l
2009-04-07 23:09 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-04-07 23:05 . 2009-04-07 23:05 0 --a------ c:\windows\RAVTC.TMP
2009-04-07 23:02 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-04-07 23:02 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-04-07 23:02 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-04-07 23:01 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-04-07 23:01 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-04-07 22:58 . 2009-04-07 22:58 410,984 --a------ c:\windows\System32\deploytk.dll
2009-04-07 22:57 . 2009-04-07 22:57 0 --------- c:\windows\PAVSHRB.INI
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\programdata\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-07 22:22 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-07 22:22 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-07 22:18 . 2009-04-07 22:18 28,320 --a------ c:\windows\System32\drivers\sifzbtej.sys
2009-04-06 16:25 . 2009-04-08 16:40 <REP> d-------- c:\programdata\toladeya
2009-04-05 17:58 . 2009-04-08 16:40 <REP> d-------- c:\programdata\goyipeme
2009-04-04 16:37 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mofanedo
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\wimohigi
2009-04-03 14:02 . 2009-04-08 13:06 <REP> d-------- c:\programdata\herutoho
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\fenozano
2009-04-03 14:00 . 2009-04-07 22:36 <REP> d-------- c:\programdata\zulagovi
2009-04-03 14:00 . 2009-04-08 16:40 <REP> d-------- c:\programdata\yubiwojo
2009-04-03 14:00 . 2009-04-03 14:00 <REP> d-------- c:\programdata\niyihese
2009-04-03 14:00 . 2009-04-07 22:34 <REP> d-------- c:\programdata\govegomu
2009-04-03 00:14 . 2009-04-08 16:40 <REP> d-------- c:\programdata\nojibipu
2009-04-03 00:13 . 2009-04-07 00:00 <REP> d-------- c:\s\LOULOU\AppData\Roaming\skypePM
2009-04-03 00:13 . 2009-04-03 00:13 56 --ah----- c:\programdata\ezsidmv.dat
2009-04-03 00:12 . 2009-04-03 00:12 <REP> dr------- c:\program files\Skype
2009-04-03 00:12 . 2009-04-03 00:12 <REP> d-------- c:\program files\Common Files\Skype
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\zotowuru
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\yinuyoni
2009-04-02 12:13 . 2009-04-02 12:34 <REP> d-------- c:\programdata\retegefu
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\hewalote
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\delehele
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\betakoso
2009-04-02 00:13 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mevozeha
2009-04-02 00:13 . 2009-04-07 23:45 <REP> d-------- c:\programdata\feyiloto
2009-03-11 21:08 . 2009-03-11 21:08 <REP> d-------- c:\program files\GSC Game World
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Pro
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\programdata\DAEMON Tools Lite
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-03-11 20:45 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Lite
2009-03-11 20:26 . 2009-03-11 20:26 <REP> d-------- c:\programdata\Roxio
2009-03-11 20:24 . 2009-03-11 20:26 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Roxio
2009-03-11 19:13 . 2009-03-11 19:14 <REP> d-------- c:\s\LOULOU\AppData\Roaming\SPORE
2009-03-11 19:11 . 2009-03-11 19:11 <REP> dr-h----- c:\s\LOULOU\AppData\Roaming\SecuROM
2009-03-11 10:52 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 10:52 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 10:51 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 10:51 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 20:57 --------- d-----w c:\program files\Java
2009-04-07 20:48 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-07 20:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 19:47 --------- d-----w c:\program files\CCleaner
2009-04-07 16:24 --------- d-----w c:\s\LOULOU\AppData\Roaming\uTorrent
2009-04-06 23:30 --------- d-----w c:\s\LOULOU\AppData\Roaming\Skype
2009-04-04 18:09 49,152 --sha-w c:\windows\System32\hikenuse.dll
2009-04-02 22:12 --------- d-----w c:\programdata\Skype
2009-03-31 21:59 223,934 ----a-w c:\s\LOULOU\AppData\Roaming\nvModes.dat
2009-03-23 15:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 11:52 --------- d-----w c:\program files\Metin2_
2009-03-12 18:38 --------- d-----w c:\program files\Windows Mail
2009-03-11 19:06 --------- d-----w c:\s\LOULOU\AppData\Roaming\DAEMON Tools
2009-03-11 18:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-11 17:03 --------- d-----w c:\program files\Electronic Arts
2009-03-01 21:25 --------- d-----w c:\programdata\Electronic Arts
2009-02-24 13:21 --------- d-----w c:\s\LOULOU\AppData\Roaming\Atari
2009-02-24 13:17 --------- d-----w c:\s\LOULOU\AppData\Roaming\Leadertech
2009-02-24 13:06 --------- d-----w c:\program files\Atari
2009-02-23 21:28 --------- d-----w c:\program files\uTorrent
2009-02-19 01:59 --------- d-----w c:\program files\Google
2009-02-17 07:54 --------- d-----w c:\program files\DivX
2009-01-20 13:24 174 --sha-w c:\program files\desktop.ini
2009-01-20 12:43 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-20 12:43 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-19 18:19 77,824 ----a-w c:\windows\System32\5wW42d14.exe
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-06-01 21:35 5,682 ----a-w c:\s\LOULOU\AppData\Roaming\wklnhst.dat
2007-11-14 17:11 22,328 ----a-w c:\s\LOULOU\AppData\Roaming\PnkBstrK.sys
2008-11-16 22:35 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-03 20:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-08_17.15.42.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-08 19:13:49 12,288 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.resources.dll
+ 2009-04-08 19:13:49 69,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2009-04-08 19:13:49 163,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2009-04-08 19:13:49 11,776 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll
+ 2009-04-08 19:13:49 8,192 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\3.5.0.0_fr_31bf3856ad364e35\System.ComponentModel.DataAnnotations.Resources.dll
+ 2009-04-08 19:13:50 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_fr_b77a5c561934e089\System.Core.Resources.dll
+ 2009-04-08 19:13:50 5,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.DataSetExtensions.Resources.dll
+ 2009-04-08 19:13:50 15,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Entity.Design.Resources.dll
+ 2009-04-08 19:13:50 409,600 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Entity.Resources.dll
+ 2009-04-08 19:13:48 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Linq.Resources.dll
+ 2009-04-08 19:13:48 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.Client.resources.dll
+ 2009-04-08 19:13:48 7,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.Design.resources.dll
+ 2009-04-08 19:13:48 69,632 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.resources.dll
+ 2009-04-08 19:13:48 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Management.resources\3.5.0.0_fr_b77a5c561934e089\System.DirectoryServices.Management.resources.dll
+ 2009-04-08 19:13:51 11,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Management.Instrumentation.Resources.dll
+ 2009-04-08 19:13:52 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Net.resources\3.5.0.0_fr_b03f5f7f11d50a3a\System.Net.Resources.dll
+ 2009-04-08 19:13:47 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_fr_31bf3856ad364e35\System.ServiceModel.Web.resources.dll
+ 2009-04-08 19:13:51 3,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Abstractions.Resources.dll
+ 2009-04-08 19:13:51 4,096 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.DynamicData.Design.Resources.dll
+ 2009-04-08 19:13:51 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.DynamicData.Resources.dll
+ 2009-04-08 19:13:51 11,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Design.Resources.dll
+ 2009-04-08 19:13:51 24,576 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Resources.dll
+ 2009-04-08 19:13:51 49,152 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Design.Resources.dll
+ 2009-04-08 19:13:51 634,880 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Resources.dll
+ 2009-04-08 19:13:51 7,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Routing.Resources.dll
+ 2009-04-08 19:13:52 3,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Windows.Presentation.resources.dll
+ 2009-04-08 19:13:48 102,400 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_fr_31bf3856ad364e35\System.WorkflowServices.resources.dll
+ 2009-04-08 19:13:52 8,192 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Xml.Linq.Resources.dll
+ 2008-07-31 02:18:06 198,144 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1036\cscompui.dll
+ 2008-07-31 02:18:06 275,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1036\vbc7ui.dll
+ 2008-07-31 02:18:06 17,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\DataSvcUtil.resources.dll
+ 2008-07-31 02:18:06 22,032 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\EdmGen.Resources.dll
+ 2008-07-31 02:18:06 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2008-07-31 02:18:06 4,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\Microsoft.Data.Entity.Build.Tasks.Resources.dll
+ 2008-07-31 02:18:06 46,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\MSBuild.resources.exe
+ 2008-07-31 02:15:58 27,910 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\baseline.dat
+ 2008-07-30 23:06:02 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\DeleteTemp.exe
+ 2008-07-30 23:06:02 276,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\dlmgr.dll
+ 2008-07-30 23:06:02 1,064,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\gencomp.dll
+ 2008-07-30 23:06:02 177,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\HtmlLite.dll
+ 2008-07-31 02:18:06 183,296 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\RebootStub.exe
+ 2008-07-30 23:06:02 269,304 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
+ 2008-07-30 23:08:42 133,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setupres.dll
+ 2008-07-30 23:06:02 1,364,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\SITSetup.dll
+ 2008-07-30 23:06:02 1,054,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vs_setup.dll
+ 2008-07-30 23:06:02 632,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vs70uimgr.dll
+ 2008-07-30 23:06:02 413,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vsbasereqs.dll
+ 2008-07-30 23:06:02 689,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vsscenario.dll
+ 2008-07-30 23:08:42 112,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\WapRes.dll
+ 2008-07-30 23:06:02 984,056 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\WapUI.dll
- 2009-04-08 15:10:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-08 19:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-08 15:10:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-08 19:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-08 15:10:23 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\nt.dat
+ 2009-04-08 19:10:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\nt.dat
+ 2009-04-08 19:10:29 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\nt.dat.LOG1
- 2009-04-08 15:11:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\nt.dat
+ 2009-04-08 19:10:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\nt.dat
+ 2009-04-08 19:10:24 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\nt.dat.LOG1
- 2009-04-08 15:08:33 104,940 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-08 19:13:22 104,940 ----a-w c:\windows\System32\perfc009.dat
- 2009-04-08 15:08:33 128,004 ----a-w c:\windows\System32\perfc00C.dat
+ 2009-04-08 19:13:22 128,004 ----a-w c:\windows\System32\perfc00C.dat
- 2009-04-08 15:08:33 595,506 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-08 19:13:22 595,506 ----a-w c:\windows\System32\perfh009.dat
- 2009-04-08 15:08:33 678,956 ----a-w c:\windows\System32\perfh00C.dat
+ 2009-04-08 19:13:22 678,956 ----a-w c:\windows\System32\perfh00C.dat
- 2009-04-08 15:11:50 12,298 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1611504857-4089916995-1680512414-1000_Data.bin
+ 2009-04-08 19:10:22 12,346 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1611504857-4089916995-1680512414-1000_Data.bin
- 2009-04-08 15:11:50 91,904 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-08 19:10:22 91,966 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-04-08 14:45:48 62,130 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-08 19:10:21 62,138 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-17 29744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvlDaemon"="c:\windows\system32\Nvl.dll" [2007-06-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
c:\s\LOULOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 739880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 08:33 98304 c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB7EE62E-514C-4ED2-96CC-E76742C6C8BA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6785C36-3B71-4EC6-8473-E9FD35A708F1}"= T:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{93C3FF1C-85CA-4F0A-A50F-F70534120517}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{118CEEBF-6311-4A81-A47B-F47606B5CBD3}"= Disabled:T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{316EA76B-B568-42EA-95F3-0109AB8EA870}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{88469EB4-4B06-4D20-B8A9-3BBA166C1D56}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{D9908554-A2C2-4B9F-804B-3517AF46D966}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{9BC30465-1180-4166-8D1F-0FCD7D1CC954}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{75D82640-B909-4A0C-BE49-42497CA673B2}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{5D5BEBCE-E214-4DE9-9EE1-4672F4D796F7}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{7A850012-1055-48BF-B522-6C74674AC924}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D2B1522F-CCD4-40CB-9A1C-19B827A90265}"= T:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1FB827CF-5D00-40E1-AC7C-985474FC750A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CCDDE7B3-5E87-4DAF-A244-DED7287CBE11}"= T:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EC8E278D-4838-4EE3-93BA-CBC9A0BA8AE4}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{AD8E3901-A158-4A3F-821F-C99754C2C917}"= T:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{63F025D1-B60B-4B47-A5B0-54457738B9B3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EBB36171-16AE-4355-8300-3A54AD96903C}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{B4E0DFE4-F1BB-4061-A8D3-511C451FCDF3}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5798E201-550D-4C36-93A9-53C4ABEB9803}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EDB28EC4-15E9-4D6C-92E1-F765466E9CA7}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5EDD7D17-E07C-4A2E-8DDA-474E11476220}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C3FD154C-C680-41FA-9D4C-00AF5D60BFA9}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{6D36E7FF-2BCE-4E03-BF83-B6A0A33DC36E}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{638103A7-5F79-49D7-A800-106A79F5F714}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9DA55446-CE37-42F3-A3AB-EDC9AC58E37A}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{2F1B791E-125E-4676-8BC9-C7376EF67D1C}"= T:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"T Query {AB4DA13B-A8EE-490C-B94D-DBC893B12F39}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {4701FED6-0B75-4404-AD26-7F3F6C176596}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {FCF347F4-4850-4B6E-8378-7A9C5F8DAACE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query {403422EC-0B56-49BF-AFA9-AF5C39386842}c:\\program files\\internet explorer\\iexplore.exe"= T:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"T Query {7B231355-91EC-4DF4-9B01-B2E1CFDFF4E4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query {633F1F87-CA0A-49B3-8A22-26D809151477}c:\\program files\\emule\\emule.exe"= T:c:\program files\emule\emule.exe:eMule
"T Query {6279BC70-B4A4-4A66-A19D-BCE7869E0E4E}c:\\program files\\team17\\worms armageddon\\wa.exe"= UDP:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"UDP Query {00F48F3C-6725-4589-B9EC-01832517A27C}c:\\program files\\team17\\worms armageddon\\wa.exe"= T:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"T Query {A61540CE-73E1-43CB-9DEC-BA9F868EB181}c:\\program files\\team17\\worms 2\\frontend.exe"= UDP:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"UDP Query {5A5194CB-D36F-417A-83E6-EA53C2CB85B6}c:\\program files\\team17\\worms 2\\frontend.exe"= T:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"T Query {7F40AA1D-A37D-4098-88EB-EFD8F2BBE1EF}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {F7EB5A9D-8A39-4B20-A5E0-688CAB44C1F9}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {A53B07B8-5311-41E0-A0EF-E42877139A20}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {E25A91CF-7720-4220-A0DB-1B8A9B16139B}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"{6A7A8727-9C46-4363-B2BC-F04B393E9746}"= UDP:54178:Azureus 54178 T
"{EA6E3AF1-15DC-4C8A-B2CB-FBABBBF4B571}"= T:54178:Azureus 54178 UDP
"T Query {A2D16300-ED91-487C-9D67-9013488E805B}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {14B3F83F-7556-44E2-85DE-CF36694C972D}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"T Query {19216D63-D30C-43D2-9746-D6C518AF2AF1}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= UDP:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"UDP Query {0961AA07-7C08-428F-9060-78801F99F16E}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= T:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"T Query {62357B01-BF68-4238-95A6-51339425AFBD}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {CF0B450E-B97B-4F13-ACCB-284A9D947B5B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {268C976C-DD0C-4C07-9D9E-3DCBA3A89798}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query {86F58307-0F6D-432A-9B6E-63F4BAD95F7F}c:\\windows\\system32\\dplaysvr.exe"= T:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"T Query {E6BCEB50-C2BB-4430-8607-40DC8C60425B}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query {B3423FC6-4B47-4B69-A9AB-8ED5ACC1461E}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= T:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"T Query {F2DE20D8-445E-49EE-8E1A-6E231E227523}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query {C6CE2BEB-45DB-485E-AB8D-E8797F673ABF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= T:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{B3DF7D74-8051-4962-9744-01FE9583D90F}"= UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E61208E1-7405-470E-9BBC-E0F0917C0A09}"= T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"T Query {B73D7D1E-F16B-4E4D-89DE-5F53DC65ABBC}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {3736A79C-E40B-47FA-A4DE-BA0D9F62FC3B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {AFBDCDAC-AF9B-49E3-B7BA-2BB93701C6A5}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query {0A85C32D-3C81-4A45-B95F-D29B42823984}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= T:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"{8256E9E7-A9E5-46DE-AC62-79E4D0C23F6A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C10322C9-CDDA-4817-B67C-DD28B639CE65}"= T:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D746BEDF-95CD-404E-844D-7BF0D0846D3D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A6ED5F3F-54EC-485D-A961-D89D55A8AD9D}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{29485F5D-2DFC-4AF6-981C-A75A77A5A930}"= UDP:86:BroadCam Web Server
"T Query {01CE8517-2F48-4C6A-80C6-C9A2C6F14080}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query {71186C0B-7559-4592-BB18-F1D5A7AF7290}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= T:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"T Query {796B2BA3-88EC-4BA9-AF28-B9C4B83C50A1}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query {5D1DBAD9-01F0-40FB-AEFD-5F98F99719E8}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= T:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{2B832080-D4C4-48F2-93F5-F2F6F3201887}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (T-In)
"{B189AA1A-FDC7-4A67-80BF-374CF7DAC4D3}"= T:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"T Query {03E9CCCC-2B08-4569-A462-1F9BC21107D5}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {267DCBB3-0FBD-45D4-B535-5A0EC136488A}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"{4985F146-DD4A-47C1-A756-53184DCAD5D8}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{93CE50F5-6604-454E-B759-8B05F33DB9EF}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{F20BECCB-339D-48F3-8503-CDC08787DD26}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{46C1667B-342F-4E29-B901-6DF0B5C6EEDC}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{FB9FA2DF-6440-4CB7-8934-29242926DA81}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{3CF15280-DC5B-4969-9AB0-2000057AD22D}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"T Query {95C8A65C-DEE4-4B84-BB11-3FF9E68C5581}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {45963564-7CA4-4DD1-8B54-A006626DDE0C}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"T Query {1D193859-A5F3-4231-B897-27832AB422EC}c:\\program files\\metin2_\\metin2.bin"= UDP:c:\program files\metin2_\metin2.bin:metin2.bin
"UDP Query {CFA81A6E-E4CD-421F-B3E9-99936B898C23}c:\\program files\\metin2_\\metin2.bin"= T:c:\program files\metin2_\metin2.bin:metin2.bin
"{6807E4D8-EFB9-4E6C-BD3B-8AA6FBA92E51}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{EAB1B2B1-34AE-4D29-8678-41D8F0F44B8F}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{E063BF09-18B0-49F6-9CF0-7F951E3350CA}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{C057C0CD-CE79-4393-9F0C-CD2CED382692}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{975380A9-50EE-4224-AD8D-6B2B4D7B8D98}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{E862D3AF-578E-4771-AE1F-644932B31423}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{2DB3449F-5FB7-432E-9F2E-BCEBEBD75BA5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{B6C1FA57-A689-40E6-8705-C0D79BCF6A6A}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{6E583829-3301-4128-847E-851E2B2DA779}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{5FF42E84-A5F2-4E0D-B045-EE087F8AD603}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{EEC57245-2497-497D-A186-DF4608AAD21B}"= UDP:c:\windows\System32\5wW42d14.exe:5wW42d14
"{83151526-3DF1-4D49-913E-437D125787EE}"= T:c:\windows\System32\5wW42d14.exe:5wW42d14
"{805B1508-F998-4396-BD33-E739D6C125A4}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{914AE9F4-9D1F-4F89-A8F8-5E17A1AB727E}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{5C67F97D-6A98-426E-B1B1-85316B635131}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{4168A88D-1452-47B4-BE79-DFC5C24395C9}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{D8682D4D-DEBC-4C2F-951F-16F499D342C0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4557A85A-2066-46C9-A0BA-FA95E2CEEE7D}"= UDP:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{6EE2652E-5AE9-40F2-AE99-4604845C1472}"= T:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{34F41E8F-390E-4950-8418-AD4623CAEDF8}"= UDP:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{82061BCF-225E-4552-B1AA-2135D1936CEC}"= T:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{2D586C79-B7EE-4711-996E-FD2FF878FBD5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{CE459480-564C-4F02-8A4F-9D16E42E4B8B}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{F6D32E9E-3533-45ED-850B-C386B37F0667}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{7048C1B2-FD0C-4C89-93F3-D38ADBCCD58C}"= T:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{643B49A4-60C5-440C-9A5F-1262119FBDD8}"= UDP:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F7DAF92E-3101-4D98-981E-94298B60124D}"= T:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F1BCBA2E-7F56-4205-B1C5-D4DB675C6F18}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{CFC00A38-4EE1-4FBB-A0AA-CC6E1245E986}"= T:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{C485B050-BD6B-470F-9503-884A993D6265}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{ECDBF387-3AB2-4279-B2E7-C2FF9999558F}"= T:c:\windows\System32\taskeng.exe:taskeng
"{ADE092F2-A599-47CA-86AF-4A6E999B4B40}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{A1B71AE8-6618-40D2-91C7-6A615A89E954}"= T:c:\windows\System32\winlogon.exe:winlogon
"{0FA21FA3-E919-48AC-A599-BC5ABBCD5483}"= UDP:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{527FD804-8D67-4D25-8653-4865F8BCFB6B}"= T:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{75BDDC4F-8419-4935-80E4-17434A0B43D4}"= UDP:c:\windows\System32\lsass.exe:lsass
"{EA632934-E1C6-4383-B41E-C8AE85E0BC61}"= T:c:\windows\System32\lsass.exe:lsass
"{842A5BB6-C7DC-4285-8E02-739B7BE664AE}"= UDP:c:\windows\System32\spoolsv.exe:spoolsv
"{9C64DFC3-EC16-4AF7-8475-7DE62DF5F8D3}"= T:c:\windows\System32\spoolsv.exe:spoolsv
"{C563884D-4A55-4D4E-B2E2-B0205CA7F4E3}"= UDP:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{946CA4DB-56FB-4D40-8B3A-0615AC147577}"= T:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{4456CC5F-7200-4B6C-BBC4-8EAC35F937BA}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{4DC2FDD4-F92E-4715-81D1-86BD88148202}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{0ADCE7C6-06D8-4E50-9633-2C089D3F8D2F}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{7DB979B6-141A-417A-8B7E-566E5266F663}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{8898B726-42C4-4ED2-80C4-6739134F6249}"= UDP:c:\windows\System32\wininit.exe:wininit
"{6F64A62E-75D3-4336-8992-86C981F49A1E}"= T:c:\windows\System32\wininit.exe:wininit
"{596D8D2D-9BD2-46D7-8C0B-53F63DD658B3}"= UDP:c:\windows\System32\wininit.exe:wininit
"{95F864A4-6100-4F82-A075-A6F4B019B698}"= T:c:\windows\System32\wininit.exe:wininit
"{6FB8DFCB-6528-4B6D-963A-72798E1338AE}"= UDP:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
"{D4783602-B593-4D67-A2D0-5033025F24A0}"= T:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-30 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2007-07-20 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-07-21 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-07-21 43904]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-07-21 812544]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-23 29744]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-08-08 415392]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-08-08 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-08 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-08 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-08-08 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-08 79736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{3641152b-bace-11dc-ae9e-001bfb5784a2}]
\shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ed34ba-8934-11dc-9142-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dda2a3c-3d85-11dd-9f05-001bfb5784a2}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.repubblica.it/
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\s\LOULOU\AppData\Roaming\Mozilla\Firefox\Profiles\nnqj9sev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security._cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 21:33:58
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\s\LOULOU\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(1672)
c:\windows\system32\btmmhook.dll
.
Heure de fin: 2009-04-08 21:36:52
ComboFix-quarantined-files.txt 2009-04-08 19:36:48
ComboFix2.txt 2009-04-08 15:17:24
Avant-CF: 24,823,250,944 octets libres
Après-CF: 24,784,130,048 octets libres
469 --- E O F --- 2009-04-08 19:14:05
je n'ai pas eu le tape 1 ou 2 sur combofix par contre
Microsoft® Windows Vista™ Édition Familiale 6.0.6001.1.1252.33.1036.18.2046.1305 [GMT 2:00]
Lancé depuis: c:\s\LOULOU\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\s\LOULOU\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\programdata\betakoso
c:\programdata\delehele
c:\programdata\fenozano
c:\programdata\feyiloto
c:\programdata\fubatuzo
c:\programdata\govegomu
c:\programdata\goyipeme
c:\programdata\herutoho
c:\programdata\hewalote
c:\programdata\linanotu
c:\programdata\mevozeha
c:\programdata\mofanedo
c:\programdata\niyihese
c:\programdata\nojibipu
c:\programdata\retegefu
c:\programdata\tiyunike
c:\programdata\toladeya
c:\programdata\wimohigi
c:\programdata\yinuyoni
c:\programdata\yubiwojo
c:\programdata\zulagovi
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 ))))))))))))))))))))))))))))))))))))
.
2009-04-08 16:59 . 2009-04-08 17:09 308,852,947 --a------ c:\windows\MEMORY.DMP
2009-04-08 16:41 . 2009-04-08 16:41 <REP> d-------- c:\programdata\NortonInstaller
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- C:\rsit
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- c:\program files\trend micro
2009-04-08 09:11 . 2009-04-08 09:18 <REP> d-------- c:\programdata\tiyunike
2009-04-08 09:11 . 2009-04-08 13:09 <REP> d-------- c:\programdata\linanotu
2009-04-08 09:11 . 2009-04-08 16:40 <REP> d-------- c:\programdata\fubatuzo
2009-04-07 23:09 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-04-07 23:09 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-04-07 23:09 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-04-07 23:09 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-04-07 23:09 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardl.l
2009-04-07 23:09 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-04-07 23:05 . 2009-04-07 23:05 0 --a------ c:\windows\RAVTC.TMP
2009-04-07 23:02 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-04-07 23:02 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-04-07 23:02 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-04-07 23:01 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-04-07 23:01 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-04-07 22:58 . 2009-04-07 22:58 410,984 --a------ c:\windows\System32\deploytk.dll
2009-04-07 22:57 . 2009-04-07 22:57 0 --------- c:\windows\PAVSHRB.INI
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\programdata\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-07 22:22 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-07 22:22 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-07 22:18 . 2009-04-07 22:18 28,320 --a------ c:\windows\System32\drivers\sifzbtej.sys
2009-04-06 16:25 . 2009-04-08 16:40 <REP> d-------- c:\programdata\toladeya
2009-04-05 17:58 . 2009-04-08 16:40 <REP> d-------- c:\programdata\goyipeme
2009-04-04 16:37 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mofanedo
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\wimohigi
2009-04-03 14:02 . 2009-04-08 13:06 <REP> d-------- c:\programdata\herutoho
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\fenozano
2009-04-03 14:00 . 2009-04-07 22:36 <REP> d-------- c:\programdata\zulagovi
2009-04-03 14:00 . 2009-04-08 16:40 <REP> d-------- c:\programdata\yubiwojo
2009-04-03 14:00 . 2009-04-03 14:00 <REP> d-------- c:\programdata\niyihese
2009-04-03 14:00 . 2009-04-07 22:34 <REP> d-------- c:\programdata\govegomu
2009-04-03 00:14 . 2009-04-08 16:40 <REP> d-------- c:\programdata\nojibipu
2009-04-03 00:13 . 2009-04-07 00:00 <REP> d-------- c:\s\LOULOU\AppData\Roaming\skypePM
2009-04-03 00:13 . 2009-04-03 00:13 56 --ah----- c:\programdata\ezsidmv.dat
2009-04-03 00:12 . 2009-04-03 00:12 <REP> dr------- c:\program files\Skype
2009-04-03 00:12 . 2009-04-03 00:12 <REP> d-------- c:\program files\Common Files\Skype
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\zotowuru
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\yinuyoni
2009-04-02 12:13 . 2009-04-02 12:34 <REP> d-------- c:\programdata\retegefu
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\hewalote
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\delehele
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\betakoso
2009-04-02 00:13 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mevozeha
2009-04-02 00:13 . 2009-04-07 23:45 <REP> d-------- c:\programdata\feyiloto
2009-03-11 21:08 . 2009-03-11 21:08 <REP> d-------- c:\program files\GSC Game World
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Pro
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\programdata\DAEMON Tools Lite
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-03-11 20:45 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Lite
2009-03-11 20:26 . 2009-03-11 20:26 <REP> d-------- c:\programdata\Roxio
2009-03-11 20:24 . 2009-03-11 20:26 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Roxio
2009-03-11 19:13 . 2009-03-11 19:14 <REP> d-------- c:\s\LOULOU\AppData\Roaming\SPORE
2009-03-11 19:11 . 2009-03-11 19:11 <REP> dr-h----- c:\s\LOULOU\AppData\Roaming\SecuROM
2009-03-11 10:52 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 10:52 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 10:51 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 10:51 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 20:57 --------- d-----w c:\program files\Java
2009-04-07 20:48 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-07 20:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 19:47 --------- d-----w c:\program files\CCleaner
2009-04-07 16:24 --------- d-----w c:\s\LOULOU\AppData\Roaming\uTorrent
2009-04-06 23:30 --------- d-----w c:\s\LOULOU\AppData\Roaming\Skype
2009-04-04 18:09 49,152 --sha-w c:\windows\System32\hikenuse.dll
2009-04-02 22:12 --------- d-----w c:\programdata\Skype
2009-03-31 21:59 223,934 ----a-w c:\s\LOULOU\AppData\Roaming\nvModes.dat
2009-03-23 15:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 11:52 --------- d-----w c:\program files\Metin2_
2009-03-12 18:38 --------- d-----w c:\program files\Windows Mail
2009-03-11 19:06 --------- d-----w c:\s\LOULOU\AppData\Roaming\DAEMON Tools
2009-03-11 18:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-11 17:03 --------- d-----w c:\program files\Electronic Arts
2009-03-01 21:25 --------- d-----w c:\programdata\Electronic Arts
2009-02-24 13:21 --------- d-----w c:\s\LOULOU\AppData\Roaming\Atari
2009-02-24 13:17 --------- d-----w c:\s\LOULOU\AppData\Roaming\Leadertech
2009-02-24 13:06 --------- d-----w c:\program files\Atari
2009-02-23 21:28 --------- d-----w c:\program files\uTorrent
2009-02-19 01:59 --------- d-----w c:\program files\Google
2009-02-17 07:54 --------- d-----w c:\program files\DivX
2009-01-20 13:24 174 --sha-w c:\program files\desktop.ini
2009-01-20 12:43 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-20 12:43 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-19 18:19 77,824 ----a-w c:\windows\System32\5wW42d14.exe
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-06-01 21:35 5,682 ----a-w c:\s\LOULOU\AppData\Roaming\wklnhst.dat
2007-11-14 17:11 22,328 ----a-w c:\s\LOULOU\AppData\Roaming\PnkBstrK.sys
2008-11-16 22:35 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-03 20:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-08_17.15.42.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-08 19:13:49 12,288 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.resources.dll
+ 2009-04-08 19:13:49 69,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Engine.resources.dll
+ 2009-04-08 19:13:49 163,840 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2009-04-08 19:13:49 11,776 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5.resources\3.5.0.0_fr_b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.resources.dll
+ 2009-04-08 19:13:49 8,192 ----a-w c:\windows\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations.resources\3.5.0.0_fr_31bf3856ad364e35\System.ComponentModel.DataAnnotations.Resources.dll
+ 2009-04-08 19:13:50 61,440 ----a-w c:\windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_fr_b77a5c561934e089\System.Core.Resources.dll
+ 2009-04-08 19:13:50 5,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.DataSetExtensions.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.DataSetExtensions.Resources.dll
+ 2009-04-08 19:13:50 15,872 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Entity.Design.Resources.dll
+ 2009-04-08 19:13:50 409,600 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Entity.Resources.dll
+ 2009-04-08 19:13:48 57,344 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Linq.Resources.dll
+ 2009-04-08 19:13:48 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Client.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.Client.resources.dll
+ 2009-04-08 19:13:48 7,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.Design.resources.dll
+ 2009-04-08 19:13:48 69,632 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.Services.resources\3.5.0.0_fr_b77a5c561934e089\System.Data.Services.resources.dll
+ 2009-04-08 19:13:48 36,864 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Management.resources\3.5.0.0_fr_b77a5c561934e089\System.DirectoryServices.Management.resources.dll
+ 2009-04-08 19:13:51 11,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Management.Instrumentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Management.Instrumentation.Resources.dll
+ 2009-04-08 19:13:52 28,672 ----a-w c:\windows\assembly\GAC_MSIL\System.Net.resources\3.5.0.0_fr_b03f5f7f11d50a3a\System.Net.Resources.dll
+ 2009-04-08 19:13:47 73,728 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Web.resources\3.5.0.0_fr_31bf3856ad364e35\System.ServiceModel.Web.resources.dll
+ 2009-04-08 19:13:51 3,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Abstractions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Abstractions.Resources.dll
+ 2009-04-08 19:13:51 4,096 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.DynamicData.Design.Resources.dll
+ 2009-04-08 19:13:51 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.DynamicData.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.DynamicData.Resources.dll
+ 2009-04-08 19:13:51 11,264 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.Design.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Design.Resources.dll
+ 2009-04-08 19:13:51 24,576 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Entity.resources\3.5.0.0_fr_b77a5c561934e089\System.Web.Entity.Resources.dll
+ 2009-04-08 19:13:51 49,152 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.Design.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Design.Resources.dll
+ 2009-04-08 19:13:51 634,880 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Extensions.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Extensions.Resources.dll
+ 2009-04-08 19:13:51 7,680 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Routing.resources\3.5.0.0_fr_31bf3856ad364e35\System.Web.Routing.Resources.dll
+ 2009-04-08 19:13:52 3,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Presentation.resources\3.5.0.0_fr_b77a5c561934e089\System.Windows.Presentation.resources.dll
+ 2009-04-08 19:13:48 102,400 ----a-w c:\windows\assembly\GAC_MSIL\System.WorkflowServices.resources\3.5.0.0_fr_31bf3856ad364e35\System.WorkflowServices.resources.dll
+ 2009-04-08 19:13:52 8,192 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml.Linq.resources\3.5.0.0_fr_b77a5c561934e089\System.Xml.Linq.Resources.dll
+ 2008-07-31 02:18:06 198,144 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1036\cscompui.dll
+ 2008-07-31 02:18:06 275,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\1036\vbc7ui.dll
+ 2008-07-31 02:18:06 17,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\DataSvcUtil.resources.dll
+ 2008-07-31 02:18:06 22,032 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\EdmGen.Resources.dll
+ 2008-07-31 02:18:06 163,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\Microsoft.Build.Tasks.v3.5.resources.dll
+ 2008-07-31 02:18:06 4,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\Microsoft.Data.Entity.Build.Tasks.Resources.dll
+ 2008-07-31 02:18:06 46,096 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\fr\MSBuild.resources.exe
+ 2008-07-31 02:15:58 27,910 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\baseline.dat
+ 2008-07-30 23:06:02 97,280 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\DeleteTemp.exe
+ 2008-07-30 23:06:02 276,984 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\dlmgr.dll
+ 2008-07-30 23:06:02 1,064,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\gencomp.dll
+ 2008-07-30 23:06:02 177,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\HtmlLite.dll
+ 2008-07-31 02:18:06 183,296 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\RebootStub.exe
+ 2008-07-30 23:06:02 269,304 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
+ 2008-07-30 23:08:42 133,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setupres.dll
+ 2008-07-30 23:06:02 1,364,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\SITSetup.dll
+ 2008-07-30 23:06:02 1,054,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vs_setup.dll
+ 2008-07-30 23:06:02 632,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vs70uimgr.dll
+ 2008-07-30 23:06:02 413,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vsbasereqs.dll
+ 2008-07-30 23:06:02 689,152 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\vsscenario.dll
+ 2008-07-30 23:08:42 112,120 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\WapRes.dll
+ 2008-07-30 23:06:02 984,056 ----a-w c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\WapUI.dll
- 2009-04-08 15:10:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-08 19:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-08 15:10:00 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-08 19:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-08 15:10:23 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\nt.dat
+ 2009-04-08 19:10:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\nt.dat
+ 2009-04-08 19:10:29 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\nt.dat.LOG1
- 2009-04-08 15:11:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\nt.dat
+ 2009-04-08 19:10:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\nt.dat
+ 2009-04-08 19:10:24 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\nt.dat.LOG1
- 2009-04-08 15:08:33 104,940 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-08 19:13:22 104,940 ----a-w c:\windows\System32\perfc009.dat
- 2009-04-08 15:08:33 128,004 ----a-w c:\windows\System32\perfc00C.dat
+ 2009-04-08 19:13:22 128,004 ----a-w c:\windows\System32\perfc00C.dat
- 2009-04-08 15:08:33 595,506 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-08 19:13:22 595,506 ----a-w c:\windows\System32\perfh009.dat
- 2009-04-08 15:08:33 678,956 ----a-w c:\windows\System32\perfh00C.dat
+ 2009-04-08 19:13:22 678,956 ----a-w c:\windows\System32\perfh00C.dat
- 2009-04-08 15:11:50 12,298 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1611504857-4089916995-1680512414-1000_Data.bin
+ 2009-04-08 19:10:22 12,346 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1611504857-4089916995-1680512414-1000_Data.bin
- 2009-04-08 15:11:50 91,904 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-08 19:10:22 91,966 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-04-08 14:45:48 62,130 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-08 19:10:21 62,138 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-17 29744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvlDaemon"="c:\windows\system32\Nvl.dll" [2007-06-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
c:\s\LOULOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 739880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 08:33 98304 c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB7EE62E-514C-4ED2-96CC-E76742C6C8BA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6785C36-3B71-4EC6-8473-E9FD35A708F1}"= T:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{93C3FF1C-85CA-4F0A-A50F-F70534120517}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{118CEEBF-6311-4A81-A47B-F47606B5CBD3}"= Disabled:T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{316EA76B-B568-42EA-95F3-0109AB8EA870}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{88469EB4-4B06-4D20-B8A9-3BBA166C1D56}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{D9908554-A2C2-4B9F-804B-3517AF46D966}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{9BC30465-1180-4166-8D1F-0FCD7D1CC954}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{75D82640-B909-4A0C-BE49-42497CA673B2}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{5D5BEBCE-E214-4DE9-9EE1-4672F4D796F7}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{7A850012-1055-48BF-B522-6C74674AC924}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D2B1522F-CCD4-40CB-9A1C-19B827A90265}"= T:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1FB827CF-5D00-40E1-AC7C-985474FC750A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CCDDE7B3-5E87-4DAF-A244-DED7287CBE11}"= T:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EC8E278D-4838-4EE3-93BA-CBC9A0BA8AE4}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{AD8E3901-A158-4A3F-821F-C99754C2C917}"= T:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{63F025D1-B60B-4B47-A5B0-54457738B9B3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EBB36171-16AE-4355-8300-3A54AD96903C}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{B4E0DFE4-F1BB-4061-A8D3-511C451FCDF3}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5798E201-550D-4C36-93A9-53C4ABEB9803}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EDB28EC4-15E9-4D6C-92E1-F765466E9CA7}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5EDD7D17-E07C-4A2E-8DDA-474E11476220}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C3FD154C-C680-41FA-9D4C-00AF5D60BFA9}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{6D36E7FF-2BCE-4E03-BF83-B6A0A33DC36E}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{638103A7-5F79-49D7-A800-106A79F5F714}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9DA55446-CE37-42F3-A3AB-EDC9AC58E37A}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{2F1B791E-125E-4676-8BC9-C7376EF67D1C}"= T:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"T Query {AB4DA13B-A8EE-490C-B94D-DBC893B12F39}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {4701FED6-0B75-4404-AD26-7F3F6C176596}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {FCF347F4-4850-4B6E-8378-7A9C5F8DAACE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query {403422EC-0B56-49BF-AFA9-AF5C39386842}c:\\program files\\internet explorer\\iexplore.exe"= T:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"T Query {7B231355-91EC-4DF4-9B01-B2E1CFDFF4E4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query {633F1F87-CA0A-49B3-8A22-26D809151477}c:\\program files\\emule\\emule.exe"= T:c:\program files\emule\emule.exe:eMule
"T Query {6279BC70-B4A4-4A66-A19D-BCE7869E0E4E}c:\\program files\\team17\\worms armageddon\\wa.exe"= UDP:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"UDP Query {00F48F3C-6725-4589-B9EC-01832517A27C}c:\\program files\\team17\\worms armageddon\\wa.exe"= T:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"T Query {A61540CE-73E1-43CB-9DEC-BA9F868EB181}c:\\program files\\team17\\worms 2\\frontend.exe"= UDP:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"UDP Query {5A5194CB-D36F-417A-83E6-EA53C2CB85B6}c:\\program files\\team17\\worms 2\\frontend.exe"= T:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"T Query {7F40AA1D-A37D-4098-88EB-EFD8F2BBE1EF}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {F7EB5A9D-8A39-4B20-A5E0-688CAB44C1F9}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {A53B07B8-5311-41E0-A0EF-E42877139A20}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {E25A91CF-7720-4220-A0DB-1B8A9B16139B}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"{6A7A8727-9C46-4363-B2BC-F04B393E9746}"= UDP:54178:Azureus 54178 T
"{EA6E3AF1-15DC-4C8A-B2CB-FBABBBF4B571}"= T:54178:Azureus 54178 UDP
"T Query {A2D16300-ED91-487C-9D67-9013488E805B}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {14B3F83F-7556-44E2-85DE-CF36694C972D}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"T Query {19216D63-D30C-43D2-9746-D6C518AF2AF1}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= UDP:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"UDP Query {0961AA07-7C08-428F-9060-78801F99F16E}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= T:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"T Query {62357B01-BF68-4238-95A6-51339425AFBD}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {CF0B450E-B97B-4F13-ACCB-284A9D947B5B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {268C976C-DD0C-4C07-9D9E-3DCBA3A89798}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query {86F58307-0F6D-432A-9B6E-63F4BAD95F7F}c:\\windows\\system32\\dplaysvr.exe"= T:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"T Query {E6BCEB50-C2BB-4430-8607-40DC8C60425B}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query {B3423FC6-4B47-4B69-A9AB-8ED5ACC1461E}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= T:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"T Query {F2DE20D8-445E-49EE-8E1A-6E231E227523}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query {C6CE2BEB-45DB-485E-AB8D-E8797F673ABF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= T:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{B3DF7D74-8051-4962-9744-01FE9583D90F}"= UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E61208E1-7405-470E-9BBC-E0F0917C0A09}"= T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"T Query {B73D7D1E-F16B-4E4D-89DE-5F53DC65ABBC}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {3736A79C-E40B-47FA-A4DE-BA0D9F62FC3B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {AFBDCDAC-AF9B-49E3-B7BA-2BB93701C6A5}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query {0A85C32D-3C81-4A45-B95F-D29B42823984}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= T:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"{8256E9E7-A9E5-46DE-AC62-79E4D0C23F6A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C10322C9-CDDA-4817-B67C-DD28B639CE65}"= T:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D746BEDF-95CD-404E-844D-7BF0D0846D3D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A6ED5F3F-54EC-485D-A961-D89D55A8AD9D}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{29485F5D-2DFC-4AF6-981C-A75A77A5A930}"= UDP:86:BroadCam Web Server
"T Query {01CE8517-2F48-4C6A-80C6-C9A2C6F14080}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query {71186C0B-7559-4592-BB18-F1D5A7AF7290}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= T:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"T Query {796B2BA3-88EC-4BA9-AF28-B9C4B83C50A1}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query {5D1DBAD9-01F0-40FB-AEFD-5F98F99719E8}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= T:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{2B832080-D4C4-48F2-93F5-F2F6F3201887}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (T-In)
"{B189AA1A-FDC7-4A67-80BF-374CF7DAC4D3}"= T:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"T Query {03E9CCCC-2B08-4569-A462-1F9BC21107D5}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {267DCBB3-0FBD-45D4-B535-5A0EC136488A}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"{4985F146-DD4A-47C1-A756-53184DCAD5D8}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{93CE50F5-6604-454E-B759-8B05F33DB9EF}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{F20BECCB-339D-48F3-8503-CDC08787DD26}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{46C1667B-342F-4E29-B901-6DF0B5C6EEDC}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{FB9FA2DF-6440-4CB7-8934-29242926DA81}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{3CF15280-DC5B-4969-9AB0-2000057AD22D}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"T Query {95C8A65C-DEE4-4B84-BB11-3FF9E68C5581}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {45963564-7CA4-4DD1-8B54-A006626DDE0C}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"T Query {1D193859-A5F3-4231-B897-27832AB422EC}c:\\program files\\metin2_\\metin2.bin"= UDP:c:\program files\metin2_\metin2.bin:metin2.bin
"UDP Query {CFA81A6E-E4CD-421F-B3E9-99936B898C23}c:\\program files\\metin2_\\metin2.bin"= T:c:\program files\metin2_\metin2.bin:metin2.bin
"{6807E4D8-EFB9-4E6C-BD3B-8AA6FBA92E51}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{EAB1B2B1-34AE-4D29-8678-41D8F0F44B8F}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{E063BF09-18B0-49F6-9CF0-7F951E3350CA}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{C057C0CD-CE79-4393-9F0C-CD2CED382692}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{975380A9-50EE-4224-AD8D-6B2B4D7B8D98}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{E862D3AF-578E-4771-AE1F-644932B31423}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{2DB3449F-5FB7-432E-9F2E-BCEBEBD75BA5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{B6C1FA57-A689-40E6-8705-C0D79BCF6A6A}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{6E583829-3301-4128-847E-851E2B2DA779}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{5FF42E84-A5F2-4E0D-B045-EE087F8AD603}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{EEC57245-2497-497D-A186-DF4608AAD21B}"= UDP:c:\windows\System32\5wW42d14.exe:5wW42d14
"{83151526-3DF1-4D49-913E-437D125787EE}"= T:c:\windows\System32\5wW42d14.exe:5wW42d14
"{805B1508-F998-4396-BD33-E739D6C125A4}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{914AE9F4-9D1F-4F89-A8F8-5E17A1AB727E}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{5C67F97D-6A98-426E-B1B1-85316B635131}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{4168A88D-1452-47B4-BE79-DFC5C24395C9}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{D8682D4D-DEBC-4C2F-951F-16F499D342C0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4557A85A-2066-46C9-A0BA-FA95E2CEEE7D}"= UDP:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{6EE2652E-5AE9-40F2-AE99-4604845C1472}"= T:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{34F41E8F-390E-4950-8418-AD4623CAEDF8}"= UDP:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{82061BCF-225E-4552-B1AA-2135D1936CEC}"= T:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{2D586C79-B7EE-4711-996E-FD2FF878FBD5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{CE459480-564C-4F02-8A4F-9D16E42E4B8B}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{F6D32E9E-3533-45ED-850B-C386B37F0667}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{7048C1B2-FD0C-4C89-93F3-D38ADBCCD58C}"= T:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{643B49A4-60C5-440C-9A5F-1262119FBDD8}"= UDP:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F7DAF92E-3101-4D98-981E-94298B60124D}"= T:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F1BCBA2E-7F56-4205-B1C5-D4DB675C6F18}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{CFC00A38-4EE1-4FBB-A0AA-CC6E1245E986}"= T:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{C485B050-BD6B-470F-9503-884A993D6265}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{ECDBF387-3AB2-4279-B2E7-C2FF9999558F}"= T:c:\windows\System32\taskeng.exe:taskeng
"{ADE092F2-A599-47CA-86AF-4A6E999B4B40}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{A1B71AE8-6618-40D2-91C7-6A615A89E954}"= T:c:\windows\System32\winlogon.exe:winlogon
"{0FA21FA3-E919-48AC-A599-BC5ABBCD5483}"= UDP:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{527FD804-8D67-4D25-8653-4865F8BCFB6B}"= T:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{75BDDC4F-8419-4935-80E4-17434A0B43D4}"= UDP:c:\windows\System32\lsass.exe:lsass
"{EA632934-E1C6-4383-B41E-C8AE85E0BC61}"= T:c:\windows\System32\lsass.exe:lsass
"{842A5BB6-C7DC-4285-8E02-739B7BE664AE}"= UDP:c:\windows\System32\spoolsv.exe:spoolsv
"{9C64DFC3-EC16-4AF7-8475-7DE62DF5F8D3}"= T:c:\windows\System32\spoolsv.exe:spoolsv
"{C563884D-4A55-4D4E-B2E2-B0205CA7F4E3}"= UDP:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{946CA4DB-56FB-4D40-8B3A-0615AC147577}"= T:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{4456CC5F-7200-4B6C-BBC4-8EAC35F937BA}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{4DC2FDD4-F92E-4715-81D1-86BD88148202}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{0ADCE7C6-06D8-4E50-9633-2C089D3F8D2F}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{7DB979B6-141A-417A-8B7E-566E5266F663}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{8898B726-42C4-4ED2-80C4-6739134F6249}"= UDP:c:\windows\System32\wininit.exe:wininit
"{6F64A62E-75D3-4336-8992-86C981F49A1E}"= T:c:\windows\System32\wininit.exe:wininit
"{596D8D2D-9BD2-46D7-8C0B-53F63DD658B3}"= UDP:c:\windows\System32\wininit.exe:wininit
"{95F864A4-6100-4F82-A075-A6F4B019B698}"= T:c:\windows\System32\wininit.exe:wininit
"{6FB8DFCB-6528-4B6D-963A-72798E1338AE}"= UDP:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
"{D4783602-B593-4D67-A2D0-5033025F24A0}"= T:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-30 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2007-07-20 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-07-21 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-07-21 43904]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-07-21 812544]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-23 29744]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-08-08 415392]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-08-08 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-08 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-08 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-08-08 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-08 79736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{3641152b-bace-11dc-ae9e-001bfb5784a2}]
\shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ed34ba-8934-11dc-9142-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dda2a3c-3d85-11dd-9f05-001bfb5784a2}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.repubblica.it/
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\s\LOULOU\AppData\Roaming\Mozilla\Firefox\Profiles\nnqj9sev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security._cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-08 21:33:58
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\s\LOULOU\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(1672)
c:\windows\system32\btmmhook.dll
.
Heure de fin: 2009-04-08 21:36:52
ComboFix-quarantined-files.txt 2009-04-08 19:36:48
ComboFix2.txt 2009-04-08 15:17:24
Avant-CF: 24,823,250,944 octets libres
Après-CF: 24,784,130,048 octets libres
469 --- E O F --- 2009-04-08 19:14:05
je n'ai pas eu le tape 1 ou 2 sur combofix par contre
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Collect::
c:\programdata\tiyunike
c:\programdata\linanotu
c:\programdata\fubatuzo
c:\windows\System32\drivers\sifzbtej.sys
c:\programdata\toladeya
c:\programdata\goyipeme
c:\programdata\mofanedo
c:\programdata\wimohigi
c:\programdata\herutoho
c:\programdata\fenozano
c:\programdata\yubiwojo
c:\programdata\niyihese
c:\programdata\govegomu
c:\programdata\nojibipu
c:\programdata\ezsidmv.dat
c:\programdata\zotowuru
c:\programdata\yinuyoni
c:\programdata\retegefu
c:\programdata\hewalote
c:\programdata\delehele
c:\programdata\betakoso
c:\programdata\mevozeha
c:\programdata\feyiloto
C:\s\All s\ezsidmv.dat
Driver ::
sifzbtej
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_____________________
colle un scan en ligne avec un des suivants:
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Collect::
c:\programdata\tiyunike
c:\programdata\linanotu
c:\programdata\fubatuzo
c:\windows\System32\drivers\sifzbtej.sys
c:\programdata\toladeya
c:\programdata\goyipeme
c:\programdata\mofanedo
c:\programdata\wimohigi
c:\programdata\herutoho
c:\programdata\fenozano
c:\programdata\yubiwojo
c:\programdata\niyihese
c:\programdata\govegomu
c:\programdata\nojibipu
c:\programdata\ezsidmv.dat
c:\programdata\zotowuru
c:\programdata\yinuyoni
c:\programdata\retegefu
c:\programdata\hewalote
c:\programdata\delehele
c:\programdata\betakoso
c:\programdata\mevozeha
c:\programdata\feyiloto
C:\s\All s\ezsidmv.dat
Driver ::
sifzbtej
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_____________________
colle un scan en ligne avec un des suivants:
Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Rapport COMBO FIX
ComboFix 09-04-04.01 - LOULOU 2009-04-09 15:08:01.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale 6.0.6001.1.1252.33.1036.18.2046.1285 [GMT 2:00]
Lancé depuis: c:\s\LOULOU\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\s\LOULOU\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\ezsidmv.dat
c:\windows\System32\drivers\sifzbtej.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-09 au 2009-04-09 ))))))))))))))))))))))))))))))))))))
.
2009-04-08 16:59 . 2009-04-08 17:09 308,852,947 --a------ c:\windows\MEMORY.DMP
2009-04-08 16:41 . 2009-04-08 16:41 <REP> d-------- c:\programdata\NortonInstaller
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- C:\rsit
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- c:\program files\trend micro
2009-04-08 09:11 . 2009-04-08 09:18 <REP> d-------- c:\programdata\tiyunike
2009-04-08 09:11 . 2009-04-08 13:09 <REP> d-------- c:\programdata\linanotu
2009-04-08 09:11 . 2009-04-08 16:40 <REP> d-------- c:\programdata\fubatuzo
2009-04-07 23:09 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-04-07 23:09 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-04-07 23:09 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-04-07 23:09 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-04-07 23:09 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardl.l
2009-04-07 23:09 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-04-07 23:05 . 2009-04-07 23:05 0 --a------ c:\windows\RAVTC.TMP
2009-04-07 23:02 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-04-07 23:02 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-04-07 23:02 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-04-07 23:01 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-04-07 23:01 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-04-07 22:58 . 2009-04-07 22:58 410,984 --a------ c:\windows\System32\deploytk.dll
2009-04-07 22:57 . 2009-04-07 22:57 0 --------- c:\windows\PAVSHRB.INI
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\programdata\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-07 22:22 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-07 22:22 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-06 16:25 . 2009-04-08 16:40 <REP> d-------- c:\programdata\toladeya
2009-04-05 17:58 . 2009-04-08 16:40 <REP> d-------- c:\programdata\goyipeme
2009-04-04 16:37 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mofanedo
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\wimohigi
2009-04-03 14:02 . 2009-04-08 13:06 <REP> d-------- c:\programdata\herutoho
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\fenozano
2009-04-03 14:00 . 2009-04-07 22:36 <REP> d-------- c:\programdata\zulagovi
2009-04-03 14:00 . 2009-04-08 16:40 <REP> d-------- c:\programdata\yubiwojo
2009-04-03 14:00 . 2009-04-03 14:00 <REP> d-------- c:\programdata\niyihese
2009-04-03 14:00 . 2009-04-07 22:34 <REP> d-------- c:\programdata\govegomu
2009-04-03 00:14 . 2009-04-08 16:40 <REP> d-------- c:\programdata\nojibipu
2009-04-03 00:13 . 2009-04-07 00:00 <REP> d-------- c:\s\LOULOU\AppData\Roaming\skypePM
2009-04-03 00:12 . 2009-04-03 00:12 <REP> dr------- c:\program files\Skype
2009-04-03 00:12 . 2009-04-03 00:12 <REP> d-------- c:\program files\Common Files\Skype
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\zotowuru
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\yinuyoni
2009-04-02 12:13 . 2009-04-02 12:34 <REP> d-------- c:\programdata\retegefu
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\hewalote
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\delehele
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\betakoso
2009-04-02 00:13 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mevozeha
2009-04-02 00:13 . 2009-04-07 23:45 <REP> d-------- c:\programdata\feyiloto
2009-03-11 21:08 . 2009-03-11 21:08 <REP> d-------- c:\program files\GSC Game World
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Pro
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\programdata\DAEMON Tools Lite
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-03-11 20:45 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Lite
2009-03-11 20:26 . 2009-03-11 20:26 <REP> d-------- c:\programdata\Roxio
2009-03-11 20:24 . 2009-03-11 20:26 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Roxio
2009-03-11 19:13 . 2009-03-11 19:14 <REP> d-------- c:\s\LOULOU\AppData\Roaming\SPORE
2009-03-11 19:11 . 2009-03-11 19:11 <REP> dr-h----- c:\s\LOULOU\AppData\Roaming\SecuROM
2009-03-11 10:52 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 10:52 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 10:51 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 10:51 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 04:35 223,910 ----a-w c:\s\LOULOU\AppData\Roaming\nvModes.dat
2009-04-07 20:57 --------- d-----w c:\program files\Java
2009-04-07 20:48 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-07 20:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 19:47 --------- d-----w c:\program files\CCleaner
2009-04-07 16:24 --------- d-----w c:\s\LOULOU\AppData\Roaming\uTorrent
2009-04-06 23:30 --------- d-----w c:\s\LOULOU\AppData\Roaming\Skype
2009-04-04 18:09 49,152 --sha-w c:\windows\System32\hikenuse.dll
2009-04-02 22:12 --------- d-----w c:\programdata\Skype
2009-03-23 15:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 11:52 --------- d-----w c:\program files\Metin2_
2009-03-12 18:38 --------- d-----w c:\program files\Windows Mail
2009-03-11 19:06 --------- d-----w c:\s\LOULOU\AppData\Roaming\DAEMON Tools
2009-03-11 18:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-11 17:03 --------- d-----w c:\program files\Electronic Arts
2009-03-01 21:25 --------- d-----w c:\programdata\Electronic Arts
2009-02-24 13:21 --------- d-----w c:\s\LOULOU\AppData\Roaming\Atari
2009-02-24 13:17 --------- d-----w c:\s\LOULOU\AppData\Roaming\Leadertech
2009-02-24 13:06 --------- d-----w c:\program files\Atari
2009-02-23 21:28 --------- d-----w c:\program files\uTorrent
2009-02-19 01:59 --------- d-----w c:\program files\Google
2009-02-17 07:54 --------- d-----w c:\program files\DivX
2009-01-20 13:24 174 --sha-w c:\program files\desktop.ini
2009-01-20 12:43 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-20 12:43 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-19 18:19 77,824 ----a-w c:\windows\System32\5wW42d14.exe
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-06-01 21:35 5,682 ----a-w c:\s\LOULOU\AppData\Roaming\wklnhst.dat
2007-11-14 17:11 22,328 ----a-w c:\s\LOULOU\AppData\Roaming\PnkBstrK.sys
2008-11-16 22:35 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-03 20:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( SnapShot_2009-04-08_21.34.45.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-08 19:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-09 12:59:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-08 19:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-09 12:59:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-08 19:10:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\nt.dat
+ 2009-04-09 13:01:15 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\nt.dat
+ 2009-04-09 13:01:15 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\nt.dat.LOG1
- 2009-04-08 19:10:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\nt.dat
+ 2009-04-09 13:01:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\nt.dat
+ 2009-04-09 13:01:10 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\nt.dat.LOG1
- 2009-04-08 15:08:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-09 13:09:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-08 15:08:06 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-09 13:09:38 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-08 15:08:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-09 13:09:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-08 19:13:22 104,940 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-09 13:07:16 104,940 ----a-w c:\windows\System32\perfc009.dat
- 2009-04-08 19:13:22 128,004 ----a-w c:\windows\System32\perfc00C.dat
+ 2009-04-09 13:07:16 128,004 ----a-w c:\windows\System32\perfc00C.dat
- 2009-04-08 19:13:22 595,506 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-09 13:07:16 595,506 ----a-w c:\windows\System32\perfh009.dat
- 2009-04-08 19:13:22 678,956 ----a-w c:\windows\System32\perfh00C.dat
+ 2009-04-09 13:07:16 678,956 ----a-w c:\windows\System32\perfh00C.dat
- 2009-04-08 19:10:22 12,346 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1611504857-4089916995-1680512414-1000_Data.bin
+ 2009-04-09 13:01:05 12,346 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1611504857-4089916995-1680512414-1000_Data.bin
- 2009-04-08 19:10:22 91,966 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-09 13:01:05 92,114 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-04-08 19:10:21 62,138 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-09 13:01:04 62,146 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-17 29744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvlDaemon"="c:\windows\system32\Nvl.dll" [2007-06-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
c:\s\LOULOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 739880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 08:33 98304 c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB7EE62E-514C-4ED2-96CC-E76742C6C8BA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6785C36-3B71-4EC6-8473-E9FD35A708F1}"= T:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{93C3FF1C-85CA-4F0A-A50F-F70534120517}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{118CEEBF-6311-4A81-A47B-F47606B5CBD3}"= Disabled:T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{316EA76B-B568-42EA-95F3-0109AB8EA870}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{88469EB4-4B06-4D20-B8A9-3BBA166C1D56}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{D9908554-A2C2-4B9F-804B-3517AF46D966}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{9BC30465-1180-4166-8D1F-0FCD7D1CC954}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{75D82640-B909-4A0C-BE49-42497CA673B2}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{5D5BEBCE-E214-4DE9-9EE1-4672F4D796F7}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{7A850012-1055-48BF-B522-6C74674AC924}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D2B1522F-CCD4-40CB-9A1C-19B827A90265}"= T:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1FB827CF-5D00-40E1-AC7C-985474FC750A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CCDDE7B3-5E87-4DAF-A244-DED7287CBE11}"= T:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EC8E278D-4838-4EE3-93BA-CBC9A0BA8AE4}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{AD8E3901-A158-4A3F-821F-C99754C2C917}"= T:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{63F025D1-B60B-4B47-A5B0-54457738B9B3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EBB36171-16AE-4355-8300-3A54AD96903C}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{B4E0DFE4-F1BB-4061-A8D3-511C451FCDF3}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5798E201-550D-4C36-93A9-53C4ABEB9803}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EDB28EC4-15E9-4D6C-92E1-F765466E9CA7}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5EDD7D17-E07C-4A2E-8DDA-474E11476220}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C3FD154C-C680-41FA-9D4C-00AF5D60BFA9}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{6D36E7FF-2BCE-4E03-BF83-B6A0A33DC36E}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{638103A7-5F79-49D7-A800-106A79F5F714}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9DA55446-CE37-42F3-A3AB-EDC9AC58E37A}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{2F1B791E-125E-4676-8BC9-C7376EF67D1C}"= T:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"T Query {AB4DA13B-A8EE-490C-B94D-DBC893B12F39}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {4701FED6-0B75-4404-AD26-7F3F6C176596}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {FCF347F4-4850-4B6E-8378-7A9C5F8DAACE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query {403422EC-0B56-49BF-AFA9-AF5C39386842}c:\\program files\\internet explorer\\iexplore.exe"= T:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"T Query {7B231355-91EC-4DF4-9B01-B2E1CFDFF4E4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query {633F1F87-CA0A-49B3-8A22-26D809151477}c:\\program files\\emule\\emule.exe"= T:c:\program files\emule\emule.exe:eMule
"T Query {6279BC70-B4A4-4A66-A19D-BCE7869E0E4E}c:\\program files\\team17\\worms armageddon\\wa.exe"= UDP:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"UDP Query {00F48F3C-6725-4589-B9EC-01832517A27C}c:\\program files\\team17\\worms armageddon\\wa.exe"= T:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"T Query {A61540CE-73E1-43CB-9DEC-BA9F868EB181}c:\\program files\\team17\\worms 2\\frontend.exe"= UDP:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"UDP Query {5A5194CB-D36F-417A-83E6-EA53C2CB85B6}c:\\program files\\team17\\worms 2\\frontend.exe"= T:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"T Query {7F40AA1D-A37D-4098-88EB-EFD8F2BBE1EF}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {F7EB5A9D-8A39-4B20-A5E0-688CAB44C1F9}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {A53B07B8-5311-41E0-A0EF-E42877139A20}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {E25A91CF-7720-4220-A0DB-1B8A9B16139B}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"{6A7A8727-9C46-4363-B2BC-F04B393E9746}"= UDP:54178:Azureus 54178 T
"{EA6E3AF1-15DC-4C8A-B2CB-FBABBBF4B571}"= T:54178:Azureus 54178 UDP
"T Query {A2D16300-ED91-487C-9D67-9013488E805B}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {14B3F83F-7556-44E2-85DE-CF36694C972D}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"T Query {19216D63-D30C-43D2-9746-D6C518AF2AF1}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= UDP:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"UDP Query {0961AA07-7C08-428F-9060-78801F99F16E}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= T:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"T Query {62357B01-BF68-4238-95A6-51339425AFBD}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {CF0B450E-B97B-4F13-ACCB-284A9D947B5B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {268C976C-DD0C-4C07-9D9E-3DCBA3A89798}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query {86F58307-0F6D-432A-9B6E-63F4BAD95F7F}c:\\windows\\system32\\dplaysvr.exe"= T:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"T Query {E6BCEB50-C2BB-4430-8607-40DC8C60425B}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query {B3423FC6-4B47-4B69-A9AB-8ED5ACC1461E}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= T:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"T Query {F2DE20D8-445E-49EE-8E1A-6E231E227523}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query {C6CE2BEB-45DB-485E-AB8D-E8797F673ABF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= T:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{B3DF7D74-8051-4962-9744-01FE9583D90F}"= UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E61208E1-7405-470E-9BBC-E0F0917C0A09}"= T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"T Query {B73D7D1E-F16B-4E4D-89DE-5F53DC65ABBC}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {3736A79C-E40B-47FA-A4DE-BA0D9F62FC3B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {AFBDCDAC-AF9B-49E3-B7BA-2BB93701C6A5}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query {0A85C32D-3C81-4A45-B95F-D29B42823984}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= T:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"{8256E9E7-A9E5-46DE-AC62-79E4D0C23F6A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C10322C9-CDDA-4817-B67C-DD28B639CE65}"= T:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D746BEDF-95CD-404E-844D-7BF0D0846D3D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A6ED5F3F-54EC-485D-A961-D89D55A8AD9D}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{29485F5D-2DFC-4AF6-981C-A75A77A5A930}"= UDP:86:BroadCam Web Server
"T Query {01CE8517-2F48-4C6A-80C6-C9A2C6F14080}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query {71186C0B-7559-4592-BB18-F1D5A7AF7290}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= T:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"T Query {796B2BA3-88EC-4BA9-AF28-B9C4B83C50A1}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query {5D1DBAD9-01F0-40FB-AEFD-5F98F99719E8}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= T:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{2B832080-D4C4-48F2-93F5-F2F6F3201887}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (T-In)
"{B189AA1A-FDC7-4A67-80BF-374CF7DAC4D3}"= T:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"T Query {03E9CCCC-2B08-4569-A462-1F9BC21107D5}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {267DCBB3-0FBD-45D4-B535-5A0EC136488A}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"{4985F146-DD4A-47C1-A756-53184DCAD5D8}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{93CE50F5-6604-454E-B759-8B05F33DB9EF}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{F20BECCB-339D-48F3-8503-CDC08787DD26}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{46C1667B-342F-4E29-B901-6DF0B5C6EEDC}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{FB9FA2DF-6440-4CB7-8934-29242926DA81}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{3CF15280-DC5B-4969-9AB0-2000057AD22D}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"T Query {95C8A65C-DEE4-4B84-BB11-3FF9E68C5581}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {45963564-7CA4-4DD1-8B54-A006626DDE0C}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"T Query {1D193859-A5F3-4231-B897-27832AB422EC}c:\\program files\\metin2_\\metin2.bin"= UDP:c:\program files\metin2_\metin2.bin:metin2.bin
"UDP Query {CFA81A6E-E4CD-421F-B3E9-99936B898C23}c:\\program files\\metin2_\\metin2.bin"= T:c:\program files\metin2_\metin2.bin:metin2.bin
"{6807E4D8-EFB9-4E6C-BD3B-8AA6FBA92E51}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{EAB1B2B1-34AE-4D29-8678-41D8F0F44B8F}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{E063BF09-18B0-49F6-9CF0-7F951E3350CA}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{C057C0CD-CE79-4393-9F0C-CD2CED382692}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{975380A9-50EE-4224-AD8D-6B2B4D7B8D98}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{E862D3AF-578E-4771-AE1F-644932B31423}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{2DB3449F-5FB7-432E-9F2E-BCEBEBD75BA5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{B6C1FA57-A689-40E6-8705-C0D79BCF6A6A}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{6E583829-3301-4128-847E-851E2B2DA779}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{5FF42E84-A5F2-4E0D-B045-EE087F8AD603}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{EEC57245-2497-497D-A186-DF4608AAD21B}"= UDP:c:\windows\System32\5wW42d14.exe:5wW42d14
"{83151526-3DF1-4D49-913E-437D125787EE}"= T:c:\windows\System32\5wW42d14.exe:5wW42d14
"{805B1508-F998-4396-BD33-E739D6C125A4}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{914AE9F4-9D1F-4F89-A8F8-5E17A1AB727E}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{5C67F97D-6A98-426E-B1B1-85316B635131}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{4168A88D-1452-47B4-BE79-DFC5C24395C9}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{D8682D4D-DEBC-4C2F-951F-16F499D342C0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4557A85A-2066-46C9-A0BA-FA95E2CEEE7D}"= UDP:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{6EE2652E-5AE9-40F2-AE99-4604845C1472}"= T:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{34F41E8F-390E-4950-8418-AD4623CAEDF8}"= UDP:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{82061BCF-225E-4552-B1AA-2135D1936CEC}"= T:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{2D586C79-B7EE-4711-996E-FD2FF878FBD5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{CE459480-564C-4F02-8A4F-9D16E42E4B8B}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{F6D32E9E-3533-45ED-850B-C386B37F0667}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{7048C1B2-FD0C-4C89-93F3-D38ADBCCD58C}"= T:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{643B49A4-60C5-440C-9A5F-1262119FBDD8}"= UDP:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F7DAF92E-3101-4D98-981E-94298B60124D}"= T:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F1BCBA2E-7F56-4205-B1C5-D4DB675C6F18}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{CFC00A38-4EE1-4FBB-A0AA-CC6E1245E986}"= T:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{C485B050-BD6B-470F-9503-884A993D6265}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{ECDBF387-3AB2-4279-B2E7-C2FF9999558F}"= T:c:\windows\System32\taskeng.exe:taskeng
"{ADE092F2-A599-47CA-86AF-4A6E999B4B40}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{A1B71AE8-6618-40D2-91C7-6A615A89E954}"= T:c:\windows\System32\winlogon.exe:winlogon
"{0FA21FA3-E919-48AC-A599-BC5ABBCD5483}"= UDP:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{527FD804-8D67-4D25-8653-4865F8BCFB6B}"= T:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{75BDDC4F-8419-4935-80E4-17434A0B43D4}"= UDP:c:\windows\System32\lsass.exe:lsass
"{EA632934-E1C6-4383-B41E-C8AE85E0BC61}"= T:c:\windows\System32\lsass.exe:lsass
"{842A5BB6-C7DC-4285-8E02-739B7BE664AE}"= UDP:c:\windows\System32\spoolsv.exe:spoolsv
"{9C64DFC3-EC16-4AF7-8475-7DE62DF5F8D3}"= T:c:\windows\System32\spoolsv.exe:spoolsv
"{C563884D-4A55-4D4E-B2E2-B0205CA7F4E3}"= UDP:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{946CA4DB-56FB-4D40-8B3A-0615AC147577}"= T:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{4456CC5F-7200-4B6C-BBC4-8EAC35F937BA}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{4DC2FDD4-F92E-4715-81D1-86BD88148202}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{0ADCE7C6-06D8-4E50-9633-2C089D3F8D2F}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{7DB979B6-141A-417A-8B7E-566E5266F663}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{8898B726-42C4-4ED2-80C4-6739134F6249}"= UDP:c:\windows\System32\wininit.exe:wininit
"{6F64A62E-75D3-4336-8992-86C981F49A1E}"= T:c:\windows\System32\wininit.exe:wininit
"{596D8D2D-9BD2-46D7-8C0B-53F63DD658B3}"= UDP:c:\windows\System32\wininit.exe:wininit
"{95F864A4-6100-4F82-A075-A6F4B019B698}"= T:c:\windows\System32\wininit.exe:wininit
"{6FB8DFCB-6528-4B6D-963A-72798E1338AE}"= UDP:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
"{D4783602-B593-4D67-A2D0-5033025F24A0}"= T:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-30 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2007-07-20 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-07-21 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-07-21 43904]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-07-21 812544]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-23 29744]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-08-08 415392]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-08-08 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-08 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-08 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-08-08 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-08 79736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{3641152b-bace-11dc-ae9e-001bfb5784a2}]
\shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ed34ba-8934-11dc-9142-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dda2a3c-3d85-11dd-9f05-001bfb5784a2}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.repubblica.it/
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\s\LOULOU\AppData\Roaming\Mozilla\Firefox\Profiles\nnqj9sev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security._cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 15:11:07
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP0000005F5C33EC953FE4474E 524288 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2009-04-09 15:13:20
ComboFix-quarantined-files.txt 2009-04-09 13:13:18
ComboFix2.txt 2009-04-08 19:36:53
ComboFix3.txt 2009-04-08 15:17:24
Avant-CF: 22,891,753,472 octets libres
Après-CF: 22,873,739,264 octets libres
403 --- E O F --- 2009-04-08 19:14:05
RAPPORT HIJACKJIS
Logfile of random's system information tool 1.06 (written by random/random)
Run by LOULOU at 2009-04-09 15:16:46
Microsoft® Windows Vista™ Édition Familiale Service Pack 1
System drive C: has 21 GB (12%) free of 180 GB
Total RAM: 2046 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:17:03 PM, on 09/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\s\LOULOU\Desktop\RSIT.exe
C:\Program Files\trend micro\LOULOU.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\Windows\system32\Nvl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = LOULOU\AppData\Local\Temp\{69F91187-803B-416A-8B25-186FFB893E10}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo er 5 Control) - http://.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoer5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/Driver/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo er 4 Control) - http://.facebook.com/controls/FacebookPhotoer3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
ComboFix 09-04-04.01 - LOULOU 2009-04-09 15:08:01.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale 6.0.6001.1.1252.33.1036.18.2046.1285 [GMT 2:00]
Lancé depuis: c:\s\LOULOU\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\s\LOULOU\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\ezsidmv.dat
c:\windows\System32\drivers\sifzbtej.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-09 au 2009-04-09 ))))))))))))))))))))))))))))))))))))
.
2009-04-08 16:59 . 2009-04-08 17:09 308,852,947 --a------ c:\windows\MEMORY.DMP
2009-04-08 16:41 . 2009-04-08 16:41 <REP> d-------- c:\programdata\NortonInstaller
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- C:\rsit
2009-04-08 13:23 . 2009-04-08 13:23 <REP> d-------- c:\program files\trend micro
2009-04-08 09:11 . 2009-04-08 09:18 <REP> d-------- c:\programdata\tiyunike
2009-04-08 09:11 . 2009-04-08 13:09 <REP> d-------- c:\programdata\linanotu
2009-04-08 09:11 . 2009-04-08 16:40 <REP> d-------- c:\programdata\fubatuzo
2009-04-07 23:09 . 2008-06-20 03:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-04-07 23:09 . 2008-06-20 03:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-04-07 23:09 . 2008-06-20 03:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-04-07 23:09 . 2008-06-20 03:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-04-07 23:09 . 2008-06-20 03:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-04-07 23:09 . 2008-06-20 03:14 37,384 --a------ c:\windows\System32\infocardl.l
2009-04-07 23:09 . 2008-06-20 03:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-04-07 23:05 . 2009-04-07 23:05 0 --a------ c:\windows\RAVTC.TMP
2009-04-07 23:02 . 2008-07-27 20:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-04-07 23:02 . 2008-07-27 20:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-04-07 23:02 . 2008-07-27 20:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-04-07 23:01 . 2008-07-27 20:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-04-07 23:01 . 2008-07-27 20:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-04-07 22:58 . 2009-04-07 22:58 410,984 --a------ c:\windows\System32\deploytk.dll
2009-04-07 22:57 . 2009-04-07 22:57 0 --------- c:\windows\PAVSHRB.INI
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:22 <REP> d-------- c:\programdata\Malwarebytes
2009-04-07 22:22 . 2009-04-07 22:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-07 22:22 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-07 22:22 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-06 16:25 . 2009-04-08 16:40 <REP> d-------- c:\programdata\toladeya
2009-04-05 17:58 . 2009-04-08 16:40 <REP> d-------- c:\programdata\goyipeme
2009-04-04 16:37 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mofanedo
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\wimohigi
2009-04-03 14:02 . 2009-04-08 13:06 <REP> d-------- c:\programdata\herutoho
2009-04-03 14:02 . 2009-04-07 22:37 <REP> d-------- c:\programdata\fenozano
2009-04-03 14:00 . 2009-04-07 22:36 <REP> d-------- c:\programdata\zulagovi
2009-04-03 14:00 . 2009-04-08 16:40 <REP> d-------- c:\programdata\yubiwojo
2009-04-03 14:00 . 2009-04-03 14:00 <REP> d-------- c:\programdata\niyihese
2009-04-03 14:00 . 2009-04-07 22:34 <REP> d-------- c:\programdata\govegomu
2009-04-03 00:14 . 2009-04-08 16:40 <REP> d-------- c:\programdata\nojibipu
2009-04-03 00:13 . 2009-04-07 00:00 <REP> d-------- c:\s\LOULOU\AppData\Roaming\skypePM
2009-04-03 00:12 . 2009-04-03 00:12 <REP> dr------- c:\program files\Skype
2009-04-03 00:12 . 2009-04-03 00:12 <REP> d-------- c:\program files\Common Files\Skype
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\zotowuru
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\yinuyoni
2009-04-02 12:13 . 2009-04-02 12:34 <REP> d-------- c:\programdata\retegefu
2009-04-02 12:13 . 2009-04-03 14:02 <REP> d-------- c:\programdata\hewalote
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\delehele
2009-04-02 12:13 . 2009-04-02 12:13 <REP> d-------- c:\programdata\betakoso
2009-04-02 00:13 . 2009-04-08 16:40 <REP> d-------- c:\programdata\mevozeha
2009-04-02 00:13 . 2009-04-07 23:45 <REP> d-------- c:\programdata\feyiloto
2009-03-11 21:08 . 2009-03-11 21:08 <REP> d-------- c:\program files\GSC Game World
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Pro
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\programdata\DAEMON Tools Lite
2009-03-11 21:06 . 2009-03-11 21:06 <REP> d-------- c:\program files\DAEMON Tools Lite
2009-03-11 20:45 . 2009-03-11 21:06 <REP> d-------- c:\s\LOULOU\AppData\Roaming\DAEMON Tools Lite
2009-03-11 20:26 . 2009-03-11 20:26 <REP> d-------- c:\programdata\Roxio
2009-03-11 20:24 . 2009-03-11 20:26 <REP> d-------- c:\s\LOULOU\AppData\Roaming\Roxio
2009-03-11 19:13 . 2009-03-11 19:14 <REP> d-------- c:\s\LOULOU\AppData\Roaming\SPORE
2009-03-11 19:11 . 2009-03-11 19:11 <REP> dr-h----- c:\s\LOULOU\AppData\Roaming\SecuROM
2009-03-11 10:52 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 10:52 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 10:52 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-11 10:51 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 10:51 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 04:35 223,910 ----a-w c:\s\LOULOU\AppData\Roaming\nvModes.dat
2009-04-07 20:57 --------- d-----w c:\program files\Java
2009-04-07 20:48 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-07 20:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 19:47 --------- d-----w c:\program files\CCleaner
2009-04-07 16:24 --------- d-----w c:\s\LOULOU\AppData\Roaming\uTorrent
2009-04-06 23:30 --------- d-----w c:\s\LOULOU\AppData\Roaming\Skype
2009-04-04 18:09 49,152 --sha-w c:\windows\System32\hikenuse.dll
2009-04-02 22:12 --------- d-----w c:\programdata\Skype
2009-03-23 15:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-21 11:52 --------- d-----w c:\program files\Metin2_
2009-03-12 18:38 --------- d-----w c:\program files\Windows Mail
2009-03-11 19:06 --------- d-----w c:\s\LOULOU\AppData\Roaming\DAEMON Tools
2009-03-11 18:45 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-11 17:03 --------- d-----w c:\program files\Electronic Arts
2009-03-01 21:25 --------- d-----w c:\programdata\Electronic Arts
2009-02-24 13:21 --------- d-----w c:\s\LOULOU\AppData\Roaming\Atari
2009-02-24 13:17 --------- d-----w c:\s\LOULOU\AppData\Roaming\Leadertech
2009-02-24 13:06 --------- d-----w c:\program files\Atari
2009-02-23 21:28 --------- d-----w c:\program files\uTorrent
2009-02-19 01:59 --------- d-----w c:\program files\Google
2009-02-17 07:54 --------- d-----w c:\program files\DivX
2009-01-20 13:24 174 --sha-w c:\program files\desktop.ini
2009-01-20 12:43 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-20 12:43 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-19 18:19 77,824 ----a-w c:\windows\System32\5wW42d14.exe
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-06-01 21:35 5,682 ----a-w c:\s\LOULOU\AppData\Roaming\wklnhst.dat
2007-11-14 17:11 22,328 ----a-w c:\s\LOULOU\AppData\Roaming\PnkBstrK.sys
2008-11-16 22:35 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-03 20:09 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-03 20:09 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((( SnapShot_2009-04-08_21.34.45.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-08 19:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-09 12:59:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-08 19:08:40 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-09 12:59:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-08 19:10:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\nt.dat
+ 2009-04-09 13:01:15 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\nt.dat
+ 2009-04-09 13:01:15 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\nt.dat.LOG1
- 2009-04-08 19:10:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\nt.dat
+ 2009-04-09 13:01:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\nt.dat
+ 2009-04-09 13:01:10 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\nt.dat.LOG1
- 2009-04-08 15:08:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-09 13:09:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-08 15:08:06 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-09 13:09:38 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-08 15:08:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-09 13:09:38 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-08 19:13:22 104,940 ----a-w c:\windows\System32\perfc009.dat
+ 2009-04-09 13:07:16 104,940 ----a-w c:\windows\System32\perfc009.dat
- 2009-04-08 19:13:22 128,004 ----a-w c:\windows\System32\perfc00C.dat
+ 2009-04-09 13:07:16 128,004 ----a-w c:\windows\System32\perfc00C.dat
- 2009-04-08 19:13:22 595,506 ----a-w c:\windows\System32\perfh009.dat
+ 2009-04-09 13:07:16 595,506 ----a-w c:\windows\System32\perfh009.dat
- 2009-04-08 19:13:22 678,956 ----a-w c:\windows\System32\perfh00C.dat
+ 2009-04-09 13:07:16 678,956 ----a-w c:\windows\System32\perfh00C.dat
- 2009-04-08 19:10:22 12,346 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1611504857-4089916995-1680512414-1000_Data.bin
+ 2009-04-09 13:01:05 12,346 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1611504857-4089916995-1680512414-1000_Data.bin
- 2009-04-08 19:10:22 91,966 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-09 13:01:05 92,114 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-04-08 19:10:21 62,138 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-09 13:01:04 62,146 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-17 29744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-07 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-28 86016]
"NvlDaemon"="c:\windows\system32\Nvl.dll" [2007-06-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
c:\s\LOULOU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-06-22 739880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-12 08:33 98304 c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB7EE62E-514C-4ED2-96CC-E76742C6C8BA}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6785C36-3B71-4EC6-8473-E9FD35A708F1}"= T:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{93C3FF1C-85CA-4F0A-A50F-F70534120517}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{118CEEBF-6311-4A81-A47B-F47606B5CBD3}"= Disabled:T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{316EA76B-B568-42EA-95F3-0109AB8EA870}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{88469EB4-4B06-4D20-B8A9-3BBA166C1D56}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{D9908554-A2C2-4B9F-804B-3517AF46D966}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{9BC30465-1180-4166-8D1F-0FCD7D1CC954}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{75D82640-B909-4A0C-BE49-42497CA673B2}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{5D5BEBCE-E214-4DE9-9EE1-4672F4D796F7}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{7A850012-1055-48BF-B522-6C74674AC924}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D2B1522F-CCD4-40CB-9A1C-19B827A90265}"= T:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1FB827CF-5D00-40E1-AC7C-985474FC750A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CCDDE7B3-5E87-4DAF-A244-DED7287CBE11}"= T:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{EC8E278D-4838-4EE3-93BA-CBC9A0BA8AE4}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{AD8E3901-A158-4A3F-821F-C99754C2C917}"= T:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{63F025D1-B60B-4B47-A5B0-54457738B9B3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EBB36171-16AE-4355-8300-3A54AD96903C}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{B4E0DFE4-F1BB-4061-A8D3-511C451FCDF3}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5798E201-550D-4C36-93A9-53C4ABEB9803}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{EDB28EC4-15E9-4D6C-92E1-F765466E9CA7}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{5EDD7D17-E07C-4A2E-8DDA-474E11476220}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{C3FD154C-C680-41FA-9D4C-00AF5D60BFA9}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{6D36E7FF-2BCE-4E03-BF83-B6A0A33DC36E}"= T:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{638103A7-5F79-49D7-A800-106A79F5F714}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9DA55446-CE37-42F3-A3AB-EDC9AC58E37A}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{2F1B791E-125E-4676-8BC9-C7376EF67D1C}"= T:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"T Query {AB4DA13B-A8EE-490C-B94D-DBC893B12F39}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {4701FED6-0B75-4404-AD26-7F3F6C176596}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {FCF347F4-4850-4B6E-8378-7A9C5F8DAACE}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query {403422EC-0B56-49BF-AFA9-AF5C39386842}c:\\program files\\internet explorer\\iexplore.exe"= T:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"T Query {7B231355-91EC-4DF4-9B01-B2E1CFDFF4E4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query {633F1F87-CA0A-49B3-8A22-26D809151477}c:\\program files\\emule\\emule.exe"= T:c:\program files\emule\emule.exe:eMule
"T Query {6279BC70-B4A4-4A66-A19D-BCE7869E0E4E}c:\\program files\\team17\\worms armageddon\\wa.exe"= UDP:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"UDP Query {00F48F3C-6725-4589-B9EC-01832517A27C}c:\\program files\\team17\\worms armageddon\\wa.exe"= T:c:\program files\team17\worms armageddon\wa.exe:Worms Armageddon
"T Query {A61540CE-73E1-43CB-9DEC-BA9F868EB181}c:\\program files\\team17\\worms 2\\frontend.exe"= UDP:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"UDP Query {5A5194CB-D36F-417A-83E6-EA53C2CB85B6}c:\\program files\\team17\\worms 2\\frontend.exe"= T:c:\program files\team17\worms 2\frontend.exe:Worms 2 Frontend
"T Query {7F40AA1D-A37D-4098-88EB-EFD8F2BBE1EF}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query {F7EB5A9D-8A39-4B20-A5E0-688CAB44C1F9}c:\\program files\\azureus\\azureus.exe"= T:c:\program files\azureus\azureus.exe:Azureus
"T Query {A53B07B8-5311-41E0-A0EF-E42877139A20}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {E25A91CF-7720-4220-A0DB-1B8A9B16139B}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"{6A7A8727-9C46-4363-B2BC-F04B393E9746}"= UDP:54178:Azureus 54178 T
"{EA6E3AF1-15DC-4C8A-B2CB-FBABBBF4B571}"= T:54178:Azureus 54178 UDP
"T Query {A2D16300-ED91-487C-9D67-9013488E805B}c:\\program files\\quake iii arena\\quake3.exe"= UDP:c:\program files\quake iii arena\quake3.exe:quake3
"UDP Query {14B3F83F-7556-44E2-85DE-CF36694C972D}c:\\program files\\quake iii arena\\quake3.exe"= T:c:\program files\quake iii arena\quake3.exe:quake3
"T Query {19216D63-D30C-43D2-9746-D6C518AF2AF1}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= UDP:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"UDP Query {0961AA07-7C08-428F-9060-78801F99F16E}c:\\s\\loulou\\s\\team 17\\wa\\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\\wormsarm\\wa.exe"= T:c:\s\loulou\s\team 17\wa\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe:wa.exe
"T Query {62357B01-BF68-4238-95A6-51339425AFBD}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {CF0B450E-B97B-4F13-ACCB-284A9D947B5B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {268C976C-DD0C-4C07-9D9E-3DCBA3A89798}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query {86F58307-0F6D-432A-9B6E-63F4BAD95F7F}c:\\windows\\system32\\dplaysvr.exe"= T:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"T Query {E6BCEB50-C2BB-4430-8607-40DC8C60425B}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"UDP Query {B3423FC6-4B47-4B69-A9AB-8ED5ACC1461E}c:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= T:c:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe
"T Query {F2DE20D8-445E-49EE-8E1A-6E231E227523}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query {C6CE2BEB-45DB-485E-AB8D-E8797F673ABF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= T:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{B3DF7D74-8051-4962-9744-01FE9583D90F}"= UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{E61208E1-7405-470E-9BBC-E0F0917C0A09}"= T:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"T Query {B73D7D1E-F16B-4E4D-89DE-5F53DC65ABBC}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= UDP:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"UDP Query {3736A79C-E40B-47FA-A4DE-BA0D9F62FC3B}c:\\s\\loulou\\s\\team 17\\worms 2\\worms2\\start.exe"= T:c:\s\loulou\s\team 17\worms 2\worms2\start.exe:start.exe
"T Query {AFBDCDAC-AF9B-49E3-B7BA-2BB93701C6A5}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"UDP Query {0A85C32D-3C81-4A45-B95F-D29B42823984}c:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= T:c:\program files\lionhead studios ltd\black & white\runblack.exe:lh
"{8256E9E7-A9E5-46DE-AC62-79E4D0C23F6A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C10322C9-CDDA-4817-B67C-DD28B639CE65}"= T:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D746BEDF-95CD-404E-844D-7BF0D0846D3D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A6ED5F3F-54EC-485D-A961-D89D55A8AD9D}"= T:c:\program files\iTunes\iTunes.exe:iTunes
"{29485F5D-2DFC-4AF6-981C-A75A77A5A930}"= UDP:86:BroadCam Web Server
"T Query {01CE8517-2F48-4C6A-80C6-C9A2C6F14080}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= UDP:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"UDP Query {71186C0B-7559-4592-BB18-F1D5A7AF7290}c:\\program files\\konami\\pro evolution soccer 2009\\pes2009.exe"= T:c:\program files\konami\pro evolution soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"T Query {796B2BA3-88EC-4BA9-AF28-B9C4B83C50A1}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query {5D1DBAD9-01F0-40FB-AEFD-5F98F99719E8}c:\\program files\\activision\\call of duty - world at war\\codwaw.exe"= T:c:\program files\activision\call of duty - world at war\codwaw.exe:Call of Duty(R): World at War Campaign/Coop
"{2B832080-D4C4-48F2-93F5-F2F6F3201887}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (T-In)
"{B189AA1A-FDC7-4A67-80BF-374CF7DAC4D3}"= T:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"T Query {03E9CCCC-2B08-4569-A462-1F9BC21107D5}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {267DCBB3-0FBD-45D4-B535-5A0EC136488A}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"{4985F146-DD4A-47C1-A756-53184DCAD5D8}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{93CE50F5-6604-454E-B759-8B05F33DB9EF}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{F20BECCB-339D-48F3-8503-CDC08787DD26}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{46C1667B-342F-4E29-B901-6DF0B5C6EEDC}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{FB9FA2DF-6440-4CB7-8934-29242926DA81}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{3CF15280-DC5B-4969-9AB0-2000057AD22D}"= T:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"T Query {95C8A65C-DEE4-4B84-BB11-3FF9E68C5581}c:\\s\\loulou\\desktop\\utorrent(3).exe"= UDP:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"UDP Query {45963564-7CA4-4DD1-8B54-A006626DDE0C}c:\\s\\loulou\\desktop\\utorrent(3).exe"= T:c:\s\loulou\desktop\utorrent(3).exe:utorrent(3).exe
"T Query {1D193859-A5F3-4231-B897-27832AB422EC}c:\\program files\\metin2_\\metin2.bin"= UDP:c:\program files\metin2_\metin2.bin:metin2.bin
"UDP Query {CFA81A6E-E4CD-421F-B3E9-99936B898C23}c:\\program files\\metin2_\\metin2.bin"= T:c:\program files\metin2_\metin2.bin:metin2.bin
"{6807E4D8-EFB9-4E6C-BD3B-8AA6FBA92E51}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{EAB1B2B1-34AE-4D29-8678-41D8F0F44B8F}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{E063BF09-18B0-49F6-9CF0-7F951E3350CA}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{C057C0CD-CE79-4393-9F0C-CD2CED382692}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{975380A9-50EE-4224-AD8D-6B2B4D7B8D98}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{E862D3AF-578E-4771-AE1F-644932B31423}"= T:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{2DB3449F-5FB7-432E-9F2E-BCEBEBD75BA5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{B6C1FA57-A689-40E6-8705-C0D79BCF6A6A}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{6E583829-3301-4128-847E-851E2B2DA779}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{5FF42E84-A5F2-4E0D-B045-EE087F8AD603}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{EEC57245-2497-497D-A186-DF4608AAD21B}"= UDP:c:\windows\System32\5wW42d14.exe:5wW42d14
"{83151526-3DF1-4D49-913E-437D125787EE}"= T:c:\windows\System32\5wW42d14.exe:5wW42d14
"{805B1508-F998-4396-BD33-E739D6C125A4}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{914AE9F4-9D1F-4F89-A8F8-5E17A1AB727E}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{5C67F97D-6A98-426E-B1B1-85316B635131}"= UDP:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{4168A88D-1452-47B4-BE79-DFC5C24395C9}"= T:c:\windows\System32\wbem\WmiPrvSE.exe:wmiprvse
"{D8682D4D-DEBC-4C2F-951F-16F499D342C0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4557A85A-2066-46C9-A0BA-FA95E2CEEE7D}"= UDP:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{6EE2652E-5AE9-40F2-AE99-4604845C1472}"= T:c:\program files\Sony\VAIO Event Service\VESMgr.exe:VESMgr
"{34F41E8F-390E-4950-8418-AD4623CAEDF8}"= UDP:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{82061BCF-225E-4552-B1AA-2135D1936CEC}"= T:c:\program files\Sony\VAIO Power Management\SPMgr.exe:SPMgr
"{2D586C79-B7EE-4711-996E-FD2FF878FBD5}"= UDP:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{CE459480-564C-4F02-8A4F-9D16E42E4B8B}"= T:c:\windows\servicing\TrustedInstaller.exe:TrustedInstaller
"{F6D32E9E-3533-45ED-850B-C386B37F0667}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{7048C1B2-FD0C-4C89-93F3-D38ADBCCD58C}"= T:c:\program files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe:PsCtrls
"{643B49A4-60C5-440C-9A5F-1262119FBDD8}"= UDP:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F7DAF92E-3101-4D98-981E-94298B60124D}"= T:c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe:iviRegMgr
"{F1BCBA2E-7F56-4205-B1C5-D4DB675C6F18}"= UDP:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{CFC00A38-4EE1-4FBB-A0AA-CC6E1245E986}"= T:c:\program files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE:AVENGINE
"{C485B050-BD6B-470F-9503-884A993D6265}"= UDP:c:\windows\System32\taskeng.exe:taskeng
"{ECDBF387-3AB2-4279-B2E7-C2FF9999558F}"= T:c:\windows\System32\taskeng.exe:taskeng
"{ADE092F2-A599-47CA-86AF-4A6E999B4B40}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{A1B71AE8-6618-40D2-91C7-6A615A89E954}"= T:c:\windows\System32\winlogon.exe:winlogon
"{0FA21FA3-E919-48AC-A599-BC5ABBCD5483}"= UDP:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{527FD804-8D67-4D25-8653-4865F8BCFB6B}"= T:c:\program files\Common Files\Panda Software\PavShld\PavPrSrv.exe:pavprsrv
"{75BDDC4F-8419-4935-80E4-17434A0B43D4}"= UDP:c:\windows\System32\lsass.exe:lsass
"{EA632934-E1C6-4383-B41E-C8AE85E0BC61}"= T:c:\windows\System32\lsass.exe:lsass
"{842A5BB6-C7DC-4285-8E02-739B7BE664AE}"= UDP:c:\windows\System32\spoolsv.exe:spoolsv
"{9C64DFC3-EC16-4AF7-8475-7DE62DF5F8D3}"= T:c:\windows\System32\spoolsv.exe:spoolsv
"{C563884D-4A55-4D4E-B2E2-B0205CA7F4E3}"= UDP:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{946CA4DB-56FB-4D40-8B3A-0615AC147577}"= T:c:\program files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe:AppleMobileDeviceService
"{4456CC5F-7200-4B6C-BBC4-8EAC35F937BA}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{4DC2FDD4-F92E-4715-81D1-86BD88148202}"= UDP:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{0ADCE7C6-06D8-4E50-9633-2C089D3F8D2F}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{7DB979B6-141A-417A-8B7E-566E5266F663}"= T:c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe:Switcher
"{8898B726-42C4-4ED2-80C4-6739134F6249}"= UDP:c:\windows\System32\wininit.exe:wininit
"{6F64A62E-75D3-4336-8992-86C981F49A1E}"= T:c:\windows\System32\wininit.exe:wininit
"{596D8D2D-9BD2-46D7-8C0B-53F63DD658B3}"= UDP:c:\windows\System32\wininit.exe:wininit
"{95F864A4-6100-4F82-A075-A6F4B019B698}"= T:c:\windows\System32\wininit.exe:wininit
"{6FB8DFCB-6528-4B6D-963A-72798E1338AE}"= UDP:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
"{D4783602-B593-4D67-A2D0-5033025F24A0}"= T:c:\s\LOULOU\AppData\Local\Temp\7zS699D.tmp\SymNRT.exe:Norton Removal Tool
R2 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-05-30 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2007-07-20 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [2007-07-21 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [2007-07-21 43904]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [2007-07-21 812544]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-23 29744]
S3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-08-08 415392]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-08-08 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-08 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-08 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-08-08 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-08-08 79736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{3641152b-bace-11dc-ae9e-001bfb5784a2}]
\shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{57ed34ba-8934-11dc-9142-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dda2a3c-3d85-11dd-9f05-001bfb5784a2}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.repubblica.it/
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\s\LOULOU\AppData\Roaming\Mozilla\Firefox\Profiles\nnqj9sev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security._cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 15:11:07
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP0000005F5C33EC953FE4474E 524288 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
Heure de fin: 2009-04-09 15:13:20
ComboFix-quarantined-files.txt 2009-04-09 13:13:18
ComboFix2.txt 2009-04-08 19:36:53
ComboFix3.txt 2009-04-08 15:17:24
Avant-CF: 22,891,753,472 octets libres
Après-CF: 22,873,739,264 octets libres
403 --- E O F --- 2009-04-08 19:14:05
RAPPORT HIJACKJIS
Logfile of random's system information tool 1.06 (written by random/random)
Run by LOULOU at 2009-04-09 15:16:46
Microsoft® Windows Vista™ Édition Familiale Service Pack 1
System drive C: has 21 GB (12%) free of 180 GB
Total RAM: 2046 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:17:03 PM, on 09/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\s\LOULOU\Desktop\RSIT.exe
C:\Program Files\trend micro\LOULOU.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.repubblica.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvlDaemon] RUNDLL32.EXE C:\Windows\system32\Nvl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = LOULOU\AppData\Local\Temp\{69F91187-803B-416A-8B25-186FFB893E10}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo er 5 Control) - http://.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoer5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/Driver/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo er 4 Control) - http://.facebook.com/controls/FacebookPhotoer3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device \bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
ps: mon internet explorer ne marche pas completement ce qui emepche les antivirus en ligne de pouvoir fonctionner par ex dans IE je ne peux pas voir le logo des icones presents sur les pages web .... j'ai meme installé la derniere version (la 8) mais le probleme persiste .... du coup je navigue sous firefox
tu as mal fais le glissé de combofix. Il faudra le refaire . Sinon j'attends le scan en ligne. À plus
Tu as mal fais le glissé de combofix. Il faudra le refaire .
et
alors fais un scan en ligne chez panda avec firefox:
http://pandasoftware.fr
ou
http://www.nam.fr/info-securite/ScanVirus.htm
ou ici
https://www.trendmicro.com/fr_fr/business.html
et
alors fais un scan en ligne chez panda avec firefox:
http://pandasoftware.fr
ou
http://www.nam.fr/info-securite/ScanVirus.htm
ou ici
https://www.trendmicro.com/fr_fr/business.html