Yoog moteur de recherche virus
Forum Sécurité - Virus : Yoog moteur de recherche virus
merci et voila le rapport
ComboFix 09-05-26.05 - Propriétaire 2009-05-27 17:08.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.2.1036.18.3071.1970 [GMT -4:00]
Lancé depuis: c:\users\Propriétaire\Downloads\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Updated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SystemService32
c:\windows\system32\SystemService32\149.crack.zip
c:\windows\system32\SystemService32\149.crack.zip.kwd
c:\windows\system32\SystemService32\150.keygen.zip
c:\windows\system32\SystemService32\150.keygen.zip.kwd
c:\windows\system32\SystemService32\151.serial.zip
c:\windows\system32\SystemService32\151.serial.zip.kwd
c:\windows\system32\SystemService32\152.setup.zip
c:\windows\system32\SystemService32\152.setup.zip.kwd
c:\windows\system32\SystemService32\153.music.au
c:\windows\system32\SystemService32\153.music.au.kwd
c:\windows\system32\SystemService32\154.music.mp3
c:\windows\system32\SystemService32\154.music.mp3.kwd
c:\windows\system32\SystemService32\155.music.wma
c:\windows\system32\SystemService32\155.music.wma.kwd
c:\windows\system32\SystemService32\156.music.snd
c:\windows\system32\SystemService32\156.music.snd.kwd
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:\Desktop.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-27 au 2009-05-27 ))))))))))))))))))))))))))))))))))))
.
2009-05-26 21:17 . 2009-05-26 17:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 21:17 . 2009-05-26 21:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-26 21:17 . 2009-05-26 17:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 21:15 . 2009-05-26 23:47 -------- d-----w C:\ToolBar SD
2009-05-26 00:18 . 2009-05-26 00:18 1372 ----a-w c:\windows\system32\N9ZUteSv640qK9c.vbs
2009-05-26 00:17 . 2009-05-26 00:17 1372 ----a-w c:\windows\system32\H989lMTFJgwuW.vbs
2009-05-26 00:00 . 2009-05-26 00:00 59526 ----a-w c:\windows\system32\qejfdbqxeudaftfk.dll-uninst.exe
2009-05-26 00:00 . 2009-05-26 00:00 85660 ----a-w c:\windows\system32\458b129b-3179-a24d-6157-de1df97366f1.exe
2009-05-25 21:22 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB082F2-FA44-429E-8CE9-6290C059037E}\mpengine.dll
2009-05-18 21:09 . 2009-05-18 21:09 -------- d-----w c:\program files\ASIO4ALL v2
2009-05-18 21:09 . 2009-05-18 21:09 -------- d-----w c:\program files\VstPlugins
2009-05-18 21:09 . 2006-06-20 08:56 225280 ----a-w c:\windows\system32\rewire.dll
2009-05-18 21:09 . 2009-05-18 21:09 -------- d-----w c:\program files\Outsim
2009-05-18 21:07 . 2009-05-18 21:10 -------- d-----w c:\program files\Image-Line
2009-05-14 15:30 . 2009-05-14 15:30 574464 ----a-w c:\windows\system32\qejfdbqxeudaftfk.dll
2009-05-12 01:12 . 2009-05-12 01:12 -------- d-----w c:\windows\vhid
2009-05-12 01:12 . 2007-11-16 22:22 5504 ----a-w c:\windows\system32\drivers\walvhid.sys
2009-05-06 21:43 . 2009-05-06 21:43 -------- d-----w c:\program files\QS
2009-05-06 21:42 . 2009-05-06 21:42 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-02 15:23 . 2009-05-02 15:23 -------- d-----w C:\63a8f13bead36ad4f35e6bb4
2009-04-29 14:29 . 2009-04-29 14:29 688128 ----a-w c:\windows\system32\nsa6241.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 04:38 . 2008-12-19 02:48 -------- d-----w c:\program files\Steam
2009-05-27 02:15 . 2008-12-24 05:25 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-27 02:15 . 2008-12-24 05:25 189072 -c--a-w c:\windows\system32\PnkBstrB.exe
2009-05-26 21:11 . 2006-11-02 15:48 705566 ----a-w c:\windows\system32\perfh00C.dat
2009-05-26 21:11 . 2006-11-02 15:48 134782 ----a-w c:\windows\system32\perfc00C.dat
2009-05-21 21:23 . 2009-01-12 20:44 -------- d-----w c:\programdata\lx_cats
2009-05-14 02:38 . 2009-02-21 00:49 -------- d-----w c:\program files\FileZilla FTP Client
2009-05-13 21:07 . 2008-12-16 17:03 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 21:05 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-12 01:32 . 2009-05-12 01:11 -------- d-----w c:\programdata\Tablet
2009-05-12 01:11 . 2008-12-16 16:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-02 15:22 . 2009-03-14 19:00 -------- d-----w c:\program files\illusion
2009-04-29 21:33 . 2008-12-19 03:11 -------- d-----w c:\program files\Vuze
2009-04-26 18:50 . 2009-04-26 18:50 -------- d-----w c:\programdata\Sandlot Games
2009-04-26 18:50 . 2009-04-26 18:50 -------- d-----w c:\program files\Cake Mania 3
2009-04-20 00:25 . 2009-04-20 00:25 230752 ----a-w c:\windows\patchw32.dll
2009-04-19 17:59 . 2009-04-19 16:55 -------- d-----w c:\program files\DEVILMAYCRY4
2009-04-19 15:06 . 2008-12-18 02:08 -------- d-----w c:\programdata\NVIDIA
2009-04-19 15:04 . 2009-04-19 15:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-04-17 03:03 . 2009-04-16 18:32 -------- d-----w c:\programdata\POPWWPROFILES
2009-04-16 18:32 . 2009-01-02 19:12 -------- d-----w c:\program files\Ubisoft
2009-04-13 15:24 . 2009-04-13 15:24 763208 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-04-09 14:49 . 2009-04-09 14:49 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-09 14:49 . 2009-04-09 14:49 -------- d-----w c:\program files\iTunes
2009-04-09 14:49 . 2009-04-09 14:49 -------- d-----w c:\program files\iPod
2009-04-09 14:49 . 2009-01-23 22:54 -------- d-----w c:\programdata\Apple Computer
2009-04-09 14:49 . 2009-01-23 22:53 -------- d-----w c:\program files\Common Files\Apple
2009-04-09 14:47 . 2009-04-09 14:47 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-08 18:29 . 2009-04-08 18:29 56448 ----a-w c:\windows\system32\drivers\xusb21.sys
2009-04-06 22:49 . 2008-12-19 22:22 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-06 22:47 . 2008-12-16 17:06 -------- d-----w c:\program files\Java
2009-04-02 21:47 . 2009-01-02 00:30 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-31 00:20 . 2008-12-24 05:24 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-30 14:43 . 2009-03-30 14:43 -------- d-----w c:\programdata\Tarma Installer
2009-03-29 01:39 . 2008-12-31 23:35 -------- d-----w c:\programdata\TrackMania
2009-03-28 22:26 . 2009-03-28 22:26 -------- d-----w c:\program files\Activision
2009-03-27 12:14 . 2008-12-16 10:38 453152 ----a-w c:\windows\system32\nvuninst.exe
2009-03-24 18:34 . 2009-03-30 14:43 383488 --s-a-r c:\programdata\Tarma Installer\{F99F1B4A-5CAF-4AC4-9522-CB54DE0D25A7}\_Setup.dll
2009-03-19 20:32 . 2009-04-09 14:49 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 20:57 . 2009-03-30 14:43 4608 --s-a-r c:\programdata\Tarma Installer\{F99F1B4A-5CAF-4AC4-9522-CB54DE0D25A7}\_Setupx.dll
2009-03-17 04:05 . 2009-03-30 14:41 221184 --s---r c:\programdata\Tarma Installer\{F99F1B4A-5CAF-4AC4-9522-CB54DE0D25A7}\Setup.exe
2009-03-17 03:38 . 2009-04-16 18:17 13824 -c--a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 18:17 24064 -c--a-w c:\windows\system32\amxread.dll
2009-03-16 18:18 . 2009-04-19 16:35 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 18:18 . 2009-04-19 16:35 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 18:18 . 2009-04-19 16:35 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 18:18 . 2009-04-19 16:35 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-14 18:55 . 2009-03-14 18:55 8192 ----a-w c:\windows\d3dx.dat
2009-03-09 19:27 . 2009-04-19 16:35 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 19:27 . 2009-04-19 16:35 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 19:27 . 2009-04-19 16:35 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-03 04:46 . 2009-04-16 18:17 3599328 -c--a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 18:17 3547632 -c--a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 18:17 827392 -c--a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 18:17 183296 -c--a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 18:17 551424 -c--a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 18:17 26112 -c--a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 18:17 78336 -c--a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 18:17 98304 -c--a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 18:17 54784 -c--a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 18:17 44032 -c--a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 18:17 666624 -c--a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 18:17 17408 -c--a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 18:17 26624 -c--a-w c:\windows\system32\ieUnatt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29ED419A-6943-2BF6-51A0-708D46DA4C48}]
2009-05-14 15:30 574464 ----a-w c:\windows\System32\qejfdbqxeudaftfk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3463b339-78df-bc47-5fae-15cd8aeff07e}]
2009-04-29 14:29 688128 ----a-w c:\windows\System32\nsa6241.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-06 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"MacrokeyManager"="WTMKM.exe" - c:\windows\System32\WTMKM.exe [2008-01-22 1969824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-03 40072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Propriétaire^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Propriétaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Propriétaire^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Propriétaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D692D30D-8E82-4F53-AF09-6220CDF4A5CC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7FC317D-3C8C-4902-B921-85F95892EA89}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{F0D9950B-5164-44D4-B419-17AC90C5FE8C}c:\\program files\\steam\\steamapps\\mastodonde\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\mastodonde\garrysmod\hl2.exe:hl2
"UDP Query User{526452E2-1B77-4CDB-B927-DE901E03BA33}c:\\program files\\steam\\steamapps\\mastodonde\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\mastodonde\garrysmod\hl2.exe:hl2
"TCP Query User{D20E18C7-D397-4E9D-A9C2-0BCDE6C708EA}c:\\program files\\steam\\steamapps\\mastodonde\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mastodonde\counter-strike source\hl2.exe:hl2
"UDP Query User{9F2CBD02-5C86-4555-A891-91126806C62D}c:\\program files\\steam\\steamapps\\mastodonde\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mastodonde\counter-strike source\hl2.exe:hl2
"TCP Query User{8253AC18-B739-4244-A821-F70030C60865}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{5ACF37BF-A39D-4F98-8BA2-A1D8E29CA571}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{B532309D-92E4-4B25-90A3-FB85FD386975}"= UDP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"{CFE0661E-1242-42A8-A0D0-4D0FB7C655E3}"= TCP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"TCP Query User{F8A52457-F95B-47C1-983B-17CA84E98481}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{DC6C8C1F-3FC8-4136-A18A-13C9B5BA9D5E}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{0CCBE80B-902C-4133-AB34-0B950102077E}"= UDP:c:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{57925093-33A9-44BA-8912-88F7CCDC0499}"= TCP:c:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"TCP Query User{DB3959BA-041C-42CE-A11D-FBE3B6FF9511}c:\\program files\\steam\\steamapps\\mastodonde\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\mastodonde\source sdk base\hl2.exe:hl2
"UDP Query User{D17110A1-EC00-485B-90AA-C30D606A2BE2}c:\\program files\\steam\\steamapps\\mastodonde\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\mastodonde\source sdk base\hl2.exe:hl2
"TCP Query User{D7CF1336-17A3-4069-B640-029875EE44EB}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{FC7D8009-7F8A-4182-8DAD-8D97296B2E32}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{5ADEBAFA-4071-4662-B6E2-20DD047BDF25}"= UDP:c:\windows\System32\PnkBstrA.exe
nkBstrA
"{9441CDCA-0465-46E6-A907-4BBE730AE2BD}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{82FAC4B5-6FD0-4C84-8196-BB2305B56C50}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{1B443661-8A3C-4127-8A71-F01A480B0E8B}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"TCP Query User{2818EC1B-4322-407E-B752-70D3B611CC3A}c:\\srcds\\orangebox\\srcds.exe"= UDP:c:\srcds\orangebox\srcds.exe:srcds
"UDP Query User{8AA123E2-871E-4A22-AE01-FA3A6BFC4EA6}c:\\srcds\\orangebox\\srcds.exe"= TCP:c:\srcds\orangebox\srcds.exe:srcds
"{28F33082-B873-4996-B6BA-B1A3014BAF6B}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{5823EC30-3F52-4D3B-AE29-5B2542EC14DB}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A9F45215-7241-4509-B14F-E271AC8E2B6D}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2-devmode.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2-devmode.exe:Far Cry® 2
"UDP Query User{62756211-40AB-4451-9CFB-7FAC6C9C292B}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2-devmode.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2-devmode.exe:Far Cry® 2
"TCP Query User{F00FF250-7CEE-409E-9311-0241AC062273}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2 -devmode.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2 -devmode.exe:Far Cry® 2
"UDP Query User{66262118-2D48-45F1-8E0C-2B924349F349}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2 -devmode.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2 -devmode.exe:Far Cry® 2
"TCP Query User{42F57938-26B4-41F5-BC35-E2202ACE86D5}c:\\program files\\ubisoft\\far cry 2\\bin\\far cry 2.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\far cry 2.exe:Far Cry® 2
"UDP Query User{B4121E64-1D41-4447-B050-F1517963EB90}c:\\program files\\ubisoft\\far cry 2\\bin\\far cry 2.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\far cry 2.exe:Far Cry® 2
"TCP Query User{95321CDF-B30A-45EF-BDF8-BFCF6CF61F20}c:\\program files\\steam\\steamapps\\mastodonde\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\mastodonde\team fortress 2\hl2.exe:hl2
"UDP Query User{097D7A6F-C93A-4050-92CA-90CA82ECC4B3}c:\\program files\\steam\\steamapps\\mastodonde\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\mastodonde\team fortress 2\hl2.exe:hl2
"TCP Query User{6EA3FB27-FB48-4AE0-80E1-DEF8AC5AD31D}c:\\softimage\\xsi_6.01_mod_tool\\application\\bin\\xsi.exe"= UDP:c:\softimage\xsi_6.01_mod_tool\application\bin\xsi.exe:XSI
"UDP Query User{3F1DBBD5-0CB9-4DFA-B5AB-1FDEBEF948D1}c:\\softimage\\xsi_6.01_mod_tool\\application\\bin\\xsi.exe"= TCP:c:\softimage\xsi_6.01_mod_tool\application\bin\xsi.exe:XSI
"{D1DB23A2-DEFE-4433-96C3-043B4E104A79}"= UDP:c:\users\Propriétaire\AppData\Local\Temp\lxdi\wireless\FRENCH\lxdiwpss.exe:
"{60359F42-5EE0-4EF8-859E-1F32F6A0FDA9}"= TCP:c:\users\Propriétaire\AppData\Local\Temp\lxdi\wireless\FRENCH\lxdiwpss.exe:
"{131053E3-5B8E-4DCB-944B-2F261AB7C3FC}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{06215C3E-25A0-4DE7-9541-41C1A95CC2E5}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"TCP Query User{ECD95399-A652-4167-B613-809C4FD45035}c:\\team17\\worms 3d\\bin\\worms3d.exe"= UDP:c:\team17\worms 3d\bin\worms3d.exe:Worms3D
"UDP Query User{27394C88-A853-4FF9-BE77-B495207423C4}c:\\team17\\worms 3d\\bin\\worms3d.exe"= TCP:c:\team17\worms 3d\bin\worms3d.exe:Worms3D
"TCP Query User{4F06DA05-B0DD-4E28-BF22-4F972E37C0B5}c:\\program files\\steam\\steamapps\\mastodonde\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\mastodonde\synergy\hl2.exe:hl2
"UDP Query User{B9A006D4-2C7C-49F7-868E-6D313F2BF642}c:\\program files\\steam\\steamapps\\mastodonde\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\mastodonde\synergy\hl2.exe:hl2
"TCP Query User{07D2CC20-FC7C-4057-A281-6C33B2F808A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C76C2FD9-5D74-4CB0-849B-1EE55DC3B393}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{C469CF00-7EA7-48E9-8566-13EAFE188841}"= UDP:c:\users\Propriétaire\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{98C40055-5974-466E-B9D6-BD4AAC1AE60F}"= TCP:c:\users\Propriétaire\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{05D00B50-EDD0-4270-9745-C54785E2A787}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{38CF55B1-9A6E-4012-8B7C-3D9E6BECDDBB}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{37E5CC3F-F326-46F8-9A0A-81A99B515261}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{5A1B0152-DA8B-4A84-8755-6D71CE554C1A}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{6F36F2F7-D229-4CFD-A952-4D43580CC134}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{1EA8F590-662D-44B8-9104-D60FF1A62DC4}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{8466844A-060E-4B0C-BCC6-6E2FD0307970}"= UDP:c:\windows\System32\lxdicfg.exerinter Communication System
"{DD318022-9FD1-4C3A-9129-4805BDD4842A}"= TCP:c:\windows\System32\lxdicfg.exerinter Communication System
"{ECD92261-5CDF-43E0-A7B7-0888B77D7360}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exerinter Status Window Interface
"{5C95AB9A-80A0-4DB7-8757-5B842B63E614}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exerinter Status Window Interface
"{4AC5DEC9-8E45-4FC6-916C-A247CEAD21B9}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{25CB0196-E8FB-4D4E-A988-C77D6A0A0934}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{525CCF9C-6B9B-457D-AE3D-8F65DAFC0D14}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{3AF4B8BA-20CF-4B11-9F5B-BFDC26A24182}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{E756A079-C22B-4329-8224-6CFBE40EEE51}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FA523C4E-1B7B-4DD0-86EF-ABD3BB722C8B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6E59EC20-29D5-4CD2-9F9C-EB43B60878B2}"= UDP:c:\windows\System32\lxdiih.exerinter Communication System
"{BCF62AF7-68F9-422C-8846-898540065C12}"= TCP:c:\windows\System32\lxdiih.exerinter Communication System
"TCP Query User{3D23392F-8DD1-4745-845F-DE02F8E1E7EC}c:\\program files\\steam\\steamapps\\mastodonde\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\mastodonde\source dedicated server\srcds.exe:srcds
"UDP Query User{4086CDC7-1276-49CA-A11B-7F6B9878248A}c:\\program files\\steam\\steamapps\\mastodonde\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\mastodonde\source dedicated server\srcds.exe:srcds
"{3BB088DA-9411-4357-88AD-948C2A2ADBBD}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{C3918E90-CC87-4A64-AF0C-4D9AED320B1B}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{72CB1C13-64C0-4723-8F6B-A18ACB061B7F}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{EDCE4A03-E6B3-4239-A315-C8F4F3260322}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{3D640CF3-7B5C-43A5-8ED0-C1DC59B70CB7}"= UDP:c:\program files\Steam\steamapps\common\flatout2\FlatOut2.exe:FlatOut2
"{ECF46348-B7F8-4D9E-B09A-47A569CB0BA0}"= TCP:c:\program files\Steam\steamapps\common\flatout2\FlatOut2.exe:FlatOut2
"{34F3D320-0490-49B5-A6BB-65C883ECF432}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe
evice Monitor
"{C7CD04F4-3EBE-4B41-B65E-8A79BF1BB96F}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exeevice Monitor
"{C8648C7C-EB0B-4C6D-9CB8-1E5A47E7697F}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{92F1D3C1-4EFC-45F0-A786-F3DD5180351D}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{419FFD78-A5CC-4A0D-8B0A-D7EE6FFEC230}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdiwbgw.exe:Lexmark Web Gateway
"{5A8A7ABF-24E3-4752-9DD7-64F26E9A39DF}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdiwbgw.exe:Lexmark Web Gateway
"TCP Query User{5417CF51-1E75-42D8-935B-C9D58D690C97}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{52CEEC96-63A9-47D1-A8E6-BE24D4156671}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"{5FDC85F9-9298-4454-B017-B7BFA45793FD}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C82F4363-F957-400C-9E11-CC246570AA50}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0490411A-F407-4A61-AFC6-8EF4649E6908}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B38C0524-E058-4B78-ABB5-78CC9174EA01}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3944C51C-D365-4DC9-BAE3-B37E9FBC62BF}c:\\program files\\steam\\steamapps\\mastodonde\\synergy dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\mastodonde\synergy dedicated server\srcds.exe:srcds
"UDP Query User{71D15D9B-F86C-46A9-A04D-3BAC2C64FE3A}c:\\program files\\steam\\steamapps\\mastodonde\\synergy dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\mastodonde\synergy dedicated server\srcds.exe:srcds
"{4538BBCA-EC39-44A6-9052-6E283BC26842}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EB526A86-DA92-4EAA-A5AE-4406407E07CD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{44BF396F-A3F5-4951-B95B-D41716C144F1}c:\\users\\propriétaire\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\propriétaire\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{590257D0-B915-4B42-8E10-7B66E50DB41D}c:\\users\\propriétaire\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\propriétaire\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"{BBA36E3C-B7AB-4B7C-81FD-AFB59C7E74F4}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{6615E39F-0CCB-4C04-B05B-DCD9FFDAA257}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{0F4B97A7-F636-4639-A24A-284FD6E9E30E}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"UDP Query User{0C5C1039-66EE-44DA-AD54-35EC55EE39F1}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"TCP Query User{2C76C58D-7E89-47DF-8749-CEC1C596D914}c:\\program files\\steam\\steamapps\\phoenix_rebirth\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\phoenix_rebirth\team fortress 2\hl2.exe:hl2
"UDP Query User{989B8363-96B0-4723-BD76-63517C3704B5}c:\\program files\\steam\\steamapps\\phoenix_rebirth\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\phoenix_rebirth\team fortress 2\hl2.exe:hl2
"TCP Query User{E3682EEE-2CCD-4974-8D63-ECF5AD388A50}c:\\program files\\steam\\steamapps\\mastodonde\\source 2007 dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\mastodonde\source 2007 dedicated server\srcds.exe:srcds
"UDP Query User{B0EBDD4E-51E9-4D88-9E76-79F4BCBA801A}c:\\program files\\steam\\steamapps\\mastodonde\\source 2007 dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\mastodonde\source 2007 dedicated server\srcds.exe:srcds
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S3 NETw2v32;Pilote de connexion réseau PRO/Sans fil 2200BG Intel(R) pour Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.newgrounds.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=FRN_CA&Sys=DTP&M=GT5634H
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
FF - ProfilePath - c:\users\Propriétaire\AppData\Roaming\Mozilla\Firefox\Profiles\4m1bcosy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www27.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Recherche de Yoog
FF - prefs.js: browser.startup.homepage - hxxp://www27.yoog.com/
FF - prefs.js: keyword.URL - hxxp://www27.yoog.com/search.php?q=
---- PARAMETRES FIREFOX ----
FF - user.js: browser.startup.homepage - hxxp://www27.yoog.com/
FF - user.js: browser.search.selectedEngine - Recherche de Yoog
FF - user.js: keyword.URL - hxxp://www27.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Recherche de Yoog
FF - user.js: browser.search.defaulturl - hxxp://www27.yoog.com/search.php?q=
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 17:18
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(8112)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\authui.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\CISVC.EXE
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\lxdicoms.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\TCPSVCS.EXE
c:\windows\System32\atwtusb.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\wisptis.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcupdate.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-05-27 17:25 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-27 21:24
Avant-CF: 168 848 486 400 octets libres
Après-CF: 169 052 045 312 octets libres
402 --- E O F --- 2009-05-25 21:23
Re,
Sélectionne l'intégralité du cadre ci-dessous :
File:: DirlLook:: Firefox:: Registry:: |
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix.
- Tu devras accepter la licence.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Message édité par Angeldark le 28-05-2009 à 17:38:26
Répondre à Angeldark
k merci et heu j'arrive de l'école a 5h00
voici le rapport
ComboFix 09-05-28.01 - Propriétaire 2009-05-28 17:10.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.2.1036.18.3071.1966 [GMT -4:00]
Lancé depuis: c:\users\Propriétaire\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\Propriétaire\Desktop\david\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Updated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\users\Propriétaire\AppData\Roaming\Mozilla\Firefox\Profiles\4m1bcosy.default\user.js"
"c:\windows\system32\458b129b-3179-a24d-6157-de1df97366f1.exe"
"c:\windows\system32\H989lMTFJgwuW.vbs"
"c:\windows\system32\N9ZUteSv640qK9c.vbs"
"c:\windows\system32\nsa6241.dll"
"c:\windows\system32\qejfdbqxeudaftfk.dll-uninst.exe"
"c:\windows\system32\qejfdbqxeudaftfk.dll"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Propriétaire\AppData\Roaming\Mozilla\Firefox\Profiles\4m1bcosy.default\user.js
c:\windows\system32\458b129b-3179-a24d-6157-de1df97366f1.exe
c:\windows\system32\H989lMTFJgwuW.vbs
c:\windows\system32\N9ZUteSv640qK9c.vbs
c:\windows\system32\nsa6241.dll
c:\windows\system32\qejfdbqxeudaftfk.dll-uninst.exe
c:\windows\system32\qejfdbqxeudaftfk.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-28 ))))))))))))))))))))))))))))))))))))
.
2009-05-26 21:17 . 2009-05-26 17:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 21:17 . 2009-05-26 21:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-26 21:17 . 2009-05-26 17:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 21:15 . 2009-05-26 23:47 -------- d-----w C:\ToolBar SD
2009-05-25 21:22 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BB082F2-FA44-429E-8CE9-6290C059037E}\mpengine.dll
2009-05-18 21:09 . 2009-05-18 21:09 -------- d-----w c:\program files\ASIO4ALL v2
2009-05-18 21:09 . 2009-05-18 21:09 -------- d-----w c:\program files\VstPlugins
2009-05-18 21:09 . 2006-06-20 08:56 225280 ----a-w c:\windows\system32\rewire.dll
2009-05-18 21:09 . 2009-05-18 21:09 -------- d-----w c:\program files\Outsim
2009-05-18 21:07 . 2009-05-18 21:10 -------- d-----w c:\program files\Image-Line
2009-05-12 01:12 . 2009-05-12 01:12 -------- d-----w c:\windows\vhid
2009-05-12 01:12 . 2007-11-16 22:22 5504 ----a-w c:\windows\system32\drivers\walvhid.sys
2009-05-06 21:43 . 2009-05-06 21:43 -------- d-----w c:\program files\QS
2009-05-06 21:42 . 2009-05-06 21:42 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-02 15:23 . 2009-05-02 15:23 -------- d-----w C:\63a8f13bead36ad4f35e6bb4
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 04:00 . 2008-12-19 02:48 -------- d-----w c:\program files\Steam
2009-05-28 03:57 . 2008-12-24 05:25 189072 -c--a-w c:\windows\system32\PnkBstrB.exe
2009-05-28 03:36 . 2008-12-24 05:25 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-05-26 21:11 . 2006-11-02 15:48 705566 ----a-w c:\windows\system32\perfh00C.dat
2009-05-26 21:11 . 2006-11-02 15:48 134782 ----a-w c:\windows\system32\perfc00C.dat
2009-05-21 21:23 . 2009-01-12 20:44 -------- d-----w c:\programdata\lx_cats
2009-05-14 02:38 . 2009-02-21 00:49 -------- d-----w c:\program files\FileZilla FTP Client
2009-05-13 21:07 . 2008-12-16 17:03 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 21:05 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-12 01:32 . 2009-05-12 01:11 -------- d-----w c:\programdata\Tablet
2009-05-12 01:11 . 2008-12-16 16:57 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-02 15:22 . 2009-03-14 19:00 -------- d-----w c:\program files\illusion
2009-04-29 21:33 . 2008-12-19 03:11 -------- d-----w c:\program files\Vuze
2009-04-26 18:50 . 2009-04-26 18:50 -------- d-----w c:\programdata\Sandlot Games
2009-04-26 18:50 . 2009-04-26 18:50 -------- d-----w c:\program files\Cake Mania 3
2009-04-20 00:25 . 2009-04-20 00:25 230752 ----a-w c:\windows\patchw32.dll
2009-04-19 17:59 . 2009-04-19 16:55 -------- d-----w c:\program files\DEVILMAYCRY4
2009-04-19 15:06 . 2008-12-18 02:08 -------- d-----w c:\programdata\NVIDIA
2009-04-19 15:04 . 2009-04-19 15:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-04-17 03:03 . 2009-04-16 18:32 -------- d-----w c:\programdata\POPWWPROFILES
2009-04-16 18:32 . 2009-01-02 19:12 -------- d-----w c:\program files\Ubisoft
2009-04-13 15:24 . 2009-04-13 15:24 763208 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-04-09 14:49 . 2009-04-09 14:49 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-09 14:49 . 2009-04-09 14:49 -------- d-----w c:\program files\iTunes
2009-04-09 14:49 . 2009-04-09 14:49 -------- d-----w c:\program files\iPod
2009-04-09 14:49 . 2009-01-23 22:54 -------- d-----w c:\programdata\Apple Computer
2009-04-09 14:49 . 2009-01-23 22:53 -------- d-----w c:\program files\Common Files\Apple
2009-04-09 14:47 . 2009-04-09 14:47 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-08 18:29 . 2009-04-08 18:29 56448 ----a-w c:\windows\system32\drivers\xusb21.sys
2009-04-06 22:49 . 2008-12-19 22:22 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-06 22:47 . 2008-12-16 17:06 -------- d-----w c:\program files\Java
2009-04-02 21:47 . 2009-01-02 00:30 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-31 00:20 . 2008-12-24 05:24 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-30 14:43 . 2009-03-30 14:43 -------- d-----w c:\programdata\Tarma Installer
2009-03-27 12:14 . 2008-12-16 10:38 453152 ----a-w c:\windows\system32\nvuninst.exe
2009-03-24 18:34 . 2009-03-30 14:43 383488 --s-a-r c:\programdata\Tarma Installer\{F99F1B4A-5CAF-4AC4-9522-CB54DE0D25A7}\_Setup.dll
2009-03-19 20:32 . 2009-04-09 14:49 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 20:57 . 2009-03-30 14:43 4608 --s-a-r c:\programdata\Tarma Installer\{F99F1B4A-5CAF-4AC4-9522-CB54DE0D25A7}\_Setupx.dll
2009-03-17 04:05 . 2009-03-30 14:41 221184 --s---r c:\programdata\Tarma Installer\{F99F1B4A-5CAF-4AC4-9522-CB54DE0D25A7}\Setup.exe
2009-03-17 03:38 . 2009-04-16 18:17 13824 -c--a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 18:17 24064 -c--a-w c:\windows\system32\amxread.dll
2009-03-16 18:18 . 2009-04-19 16:35 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-16 18:18 . 2009-04-19 16:35 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-16 18:18 . 2009-04-19 16:35 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-16 18:18 . 2009-04-19 16:35 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-14 18:55 . 2009-03-14 18:55 8192 ----a-w c:\windows\d3dx.dat
2009-03-09 19:27 . 2009-04-19 16:35 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-09 19:27 . 2009-04-19 16:35 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-09 19:27 . 2009-04-19 16:35 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-03 04:46 . 2009-04-16 18:17 3599328 -c--a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 18:17 3547632 -c--a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 18:17 827392 -c--a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 18:17 183296 -c--a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 18:17 551424 -c--a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 18:17 26112 -c--a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 18:17 78336 -c--a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 18:17 98304 -c--a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 18:17 54784 -c--a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 18:17 44032 -c--a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 18:17 666624 -c--a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 18:17 17408 -c--a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 18:17 26624 -c--a-w c:\windows\system32\ieUnatt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-27_21.18.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-11 19:09 . 2009-05-28 21:03 50796 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-28 21:03 77164 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-18 02:01 . 2009-05-28 21:03 14124 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-766350294-606114207-2145607428-1000_UserData.bin
+ 2009-05-28 21:15 . 2009-05-28 21:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-27 21:16 . 2009-05-27 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-28 21:15 . 2009-05-28 21:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-27 21:16 . 2009-05-27 21:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 -c--a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-06 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"MacrokeyManager"="WTMKM.exe" - c:\windows\System32\WTMKM.exe [2008-01-22 1969824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-03 40072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Propriétaire^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Propriétaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Propriétaire^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Propriétaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D692D30D-8E82-4F53-AF09-6220CDF4A5CC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7FC317D-3C8C-4902-B921-85F95892EA89}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{F0D9950B-5164-44D4-B419-17AC90C5FE8C}c:\\program files\\steam\\steamapps\\mastodonde\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\mastodonde\garrysmod\hl2.exe:hl2
"UDP Query User{526452E2-1B77-4CDB-B927-DE901E03BA33}c:\\program files\\steam\\steamapps\\mastodonde\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\mastodonde\garrysmod\hl2.exe:hl2
"TCP Query User{D20E18C7-D397-4E9D-A9C2-0BCDE6C708EA}c:\\program files\\steam\\steamapps\\mastodonde\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\mastodonde\counter-strike source\hl2.exe:hl2
"UDP Query User{9F2CBD02-5C86-4555-A891-91126806C62D}c:\\program files\\steam\\steamapps\\mastodonde\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\mastodonde\counter-strike source\hl2.exe:hl2
"TCP Query User{8253AC18-B739-4244-A821-F70030C60865}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{5ACF37BF-A39D-4F98-8BA2-A1D8E29CA571}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{B532309D-92E4-4B25-90A3-FB85FD386975}"= UDP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"{CFE0661E-1242-42A8-A0D0-4D0FB7C655E3}"= TCP:c:\program files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:Battlefield 2142
"TCP Query User{F8A52457-F95B-47C1-983B-17CA84E98481}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{DC6C8C1F-3FC8-4136-A18A-13C9B5BA9D5E}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{0CCBE80B-902C-4133-AB34-0B950102077E}"= UDP:c:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"{57925093-33A9-44BA-8912-88F7CCDC0499}"= TCP:c:\program files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance
"TCP Query User{DB3959BA-041C-42CE-A11D-FBE3B6FF9511}c:\\program files\\steam\\steamapps\\mastodonde\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\mastodonde\source sdk base\hl2.exe:hl2
"UDP Query User{D17110A1-EC00-485B-90AA-C30D606A2BE2}c:\\program files\\steam\\steamapps\\mastodonde\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\mastodonde\source sdk base\hl2.exe:hl2
"TCP Query User{D7CF1336-17A3-4069-B640-029875EE44EB}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{FC7D8009-7F8A-4182-8DAD-8D97296B2E32}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{5ADEBAFA-4071-4662-B6E2-20DD047BDF25}"= UDP:c:\windows\System32\PnkBstrA.exenkBstrA
"{9441CDCA-0465-46E6-A907-4BBE730AE2BD}"= TCP:c:\windows\System32\PnkBstrA.exenkBstrA
"{82FAC4B5-6FD0-4C84-8196-BB2305B56C50}"= UDP:c:\windows\System32\PnkBstrB.exenkBstrB
"{1B443661-8A3C-4127-8A71-F01A480B0E8B}"= TCP:c:\windows\System32\PnkBstrB.exenkBstrB
"TCP Query User{2818EC1B-4322-407E-B752-70D3B611CC3A}c:\\srcds\\orangebox\\srcds.exe"= UDP:c:\srcds\orangebox\srcds.exe:srcds
"UDP Query User{8AA123E2-871E-4A22-AE01-FA3A6BFC4EA6}c:\\srcds\\orangebox\\srcds.exe"= TCP:c:\srcds\orangebox\srcds.exe:srcds
"{28F33082-B873-4996-B6BA-B1A3014BAF6B}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{5823EC30-3F52-4D3B-AE29-5B2542EC14DB}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A9F45215-7241-4509-B14F-E271AC8E2B6D}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2-devmode.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2-devmode.exe:Far Cry® 2
"UDP Query User{62756211-40AB-4451-9CFB-7FAC6C9C292B}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2-devmode.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2-devmode.exe:Far Cry® 2
"TCP Query User{F00FF250-7CEE-409E-9311-0241AC062273}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2 -devmode.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2 -devmode.exe:Far Cry® 2
"UDP Query User{66262118-2D48-45F1-8E0C-2B924349F349}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2 -devmode.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2 -devmode.exe:Far Cry® 2
"TCP Query User{42F57938-26B4-41F5-BC35-E2202ACE86D5}c:\\program files\\ubisoft\\far cry 2\\bin\\far cry 2.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\far cry 2.exe:Far Cry® 2
"UDP Query User{B4121E64-1D41-4447-B050-F1517963EB90}c:\\program files\\ubisoft\\far cry 2\\bin\\far cry 2.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\far cry 2.exe:Far Cry® 2
"TCP Query User{95321CDF-B30A-45EF-BDF8-BFCF6CF61F20}c:\\program files\\steam\\steamapps\\mastodonde\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\mastodonde\team fortress 2\hl2.exe:hl2
"UDP Query User{097D7A6F-C93A-4050-92CA-90CA82ECC4B3}c:\\program files\\steam\\steamapps\\mastodonde\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\mastodonde\team fortress 2\hl2.exe:hl2
"TCP Query User{6EA3FB27-FB48-4AE0-80E1-DEF8AC5AD31D}c:\\softimage\\xsi_6.01_mod_tool\\application\\bin\\xsi.exe"= UDP:c:\softimage\xsi_6.01_mod_tool\application\bin\xsi.exe:XSI
"UDP Query User{3F1DBBD5-0CB9-4DFA-B5AB-1FDEBEF948D1}c:\\softimage\\xsi_6.01_mod_tool\\application\\bin\\xsi.exe"= TCP:c:\softimage\xsi_6.01_mod_tool\application\bin\xsi.exe:XSI
"{D1DB23A2-DEFE-4433-96C3-043B4E104A79}"= UDP:c:\users\Propriétaire\AppData\Local\Temp\lxdi\wireless\FRENCH\lxdiwpss.exe:
"{60359F42-5EE0-4EF8-859E-1F32F6A0FDA9}"= TCP:c:\users\Propriétaire\AppData\Local\Temp\lxdi\wireless\FRENCH\lxdiwpss.exe:
"{131053E3-5B8E-4DCB-944B-2F261AB7C3FC}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"{06215C3E-25A0-4DE7-9541-41C1A95CC2E5}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exeando Media Booster
"TCP Query User{ECD95399-A652-4167-B613-809C4FD45035}c:\\team17\\worms 3d\\bin\\worms3d.exe"= UDP:c:\team17\worms 3d\bin\worms3d.exe:Worms3D
"UDP Query User{27394C88-A853-4FF9-BE77-B495207423C4}c:\\team17\\worms 3d\\bin\\worms3d.exe"= TCP:c:\team17\worms 3d\bin\worms3d.exe:Worms3D
"TCP Query User{4F06DA05-B0DD-4E28-BF22-4F972E37C0B5}c:\\program files\\steam\\steamapps\\mastodonde\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\mastodonde\synergy\hl2.exe:hl2
"UDP Query User{B9A006D4-2C7C-49F7-868E-6D313F2BF642}c:\\program files\\steam\\steamapps\\mastodonde\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\mastodonde\synergy\hl2.exe:hl2
"TCP Query User{07D2CC20-FC7C-4057-A281-6C33B2F808A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C76C2FD9-5D74-4CB0-849B-1EE55DC3B393}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{C469CF00-7EA7-48E9-8566-13EAFE188841}"= UDP:c:\users\Propriétaire\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{98C40055-5974-466E-B9D6-BD4AAC1AE60F}"= TCP:c:\users\Propriétaire\AppData\Local\Temp\lxdi\wireless\ENGLISH\lxdiwpss.exe:
"{05D00B50-EDD0-4270-9745-C54785E2A787}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{38CF55B1-9A6E-4012-8B7C-3D9E6BECDDBB}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{37E5CC3F-F326-46F8-9A0A-81A99B515261}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{5A1B0152-DA8B-4A84-8755-6D71CE554C1A}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{6F36F2F7-D229-4CFD-A952-4D43580CC134}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{1EA8F590-662D-44B8-9104-D60FF1A62DC4}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{8466844A-060E-4B0C-BCC6-6E2FD0307970}"= UDP:c:\windows\System32\lxdicfg.exerinter Communication System
"{DD318022-9FD1-4C3A-9129-4805BDD4842A}"= TCP:c:\windows\System32\lxdicfg.exerinter Communication System
"{ECD92261-5CDF-43E0-A7B7-0888B77D7360}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exerinter Status Window Interface
"{5C95AB9A-80A0-4DB7-8757-5B842B63E614}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdipswx.exerinter Status Window Interface
"{4AC5DEC9-8E45-4FC6-916C-A247CEAD21B9}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{25CB0196-E8FB-4D4E-A988-C77D6A0A0934}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxditime.exe:Lexmark Connect Time Executable
"{525CCF9C-6B9B-457D-AE3D-8F65DAFC0D14}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{3AF4B8BA-20CF-4B11-9F5B-BFDC26A24182}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:Job Status Window Interface
"{E756A079-C22B-4329-8224-6CFBE40EEE51}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FA523C4E-1B7B-4DD0-86EF-ABD3BB722C8B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6E59EC20-29D5-4CD2-9F9C-EB43B60878B2}"= UDP:c:\windows\System32\lxdiih.exerinter Communication System
"{BCF62AF7-68F9-422C-8846-898540065C12}"= TCP:c:\windows\System32\lxdiih.exerinter Communication System
"TCP Query User{3D23392F-8DD1-4745-845F-DE02F8E1E7EC}c:\\program files\\steam\\steamapps\\mastodonde\\source dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\mastodonde\source dedicated server\srcds.exe:srcds
"UDP Query User{4086CDC7-1276-49CA-A11B-7F6B9878248A}c:\\program files\\steam\\steamapps\\mastodonde\\source dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\mastodonde\source dedicated server\srcds.exe:srcds
"{3BB088DA-9411-4357-88AD-948C2A2ADBBD}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{C3918E90-CC87-4A64-AF0C-4D9AED320B1B}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForever.exe:TrackMania United Forever
"{72CB1C13-64C0-4723-8F6B-A18ACB061B7F}"= UDP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{EDCE4A03-E6B3-4239-A315-C8F4F3260322}"= TCP:c:\program files\Steam\steamapps\common\trackmania united\TmForeverLauncher.exe:TrackMania United Forever
"{3D640CF3-7B5C-43A5-8ED0-C1DC59B70CB7}"= UDP:c:\program files\Steam\steamapps\common\flatout2\FlatOut2.exe:FlatOut2
"{ECF46348-B7F8-4D9E-B09A-47A569CB0BA0}"= TCP:c:\program files\Steam\steamapps\common\flatout2\FlatOut2.exe:FlatOut2
"{34F3D320-0490-49B5-A6BB-65C883ECF432}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exeevice Monitor
"{C7CD04F4-3EBE-4B41-B65E-8A79BF1BB96F}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exeevice Monitor
"{C8648C7C-EB0B-4C6D-9CB8-1E5A47E7697F}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{92F1D3C1-4EFC-45F0-A786-F3DD5180351D}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{419FFD78-A5CC-4A0D-8B0A-D7EE6FFEC230}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdiwbgw.exe:Lexmark Web Gateway
"{5A8A7ABF-24E3-4752-9DD7-64F26E9A39DF}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdiwbgw.exe:Lexmark Web Gateway
"TCP Query User{5417CF51-1E75-42D8-935B-C9D58D690C97}c:\\program files\\hlsw\\hlsw.exe"= UDP:c:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{52CEEC96-63A9-47D1-A8E6-BE24D4156671}c:\\program files\\hlsw\\hlsw.exe"= TCP:c:\program files\hlsw\hlsw.exe:HLSW Application
"{5FDC85F9-9298-4454-B017-B7BFA45793FD}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C82F4363-F957-400C-9E11-CC246570AA50}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0490411A-F407-4A61-AFC6-8EF4649E6908}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B38C0524-E058-4B78-ABB5-78CC9174EA01}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3944C51C-D365-4DC9-BAE3-B37E9FBC62BF}c:\\program files\\steam\\steamapps\\mastodonde\\synergy dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\mastodonde\synergy dedicated server\srcds.exe:srcds
"UDP Query User{71D15D9B-F86C-46A9-A04D-3BAC2C64FE3A}c:\\program files\\steam\\steamapps\\mastodonde\\synergy dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\mastodonde\synergy dedicated server\srcds.exe:srcds
"{4538BBCA-EC39-44A6-9052-6E283BC26842}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EB526A86-DA92-4EAA-A5AE-4406407E07CD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{44BF396F-A3F5-4951-B95B-D41716C144F1}c:\\users\\propriétaire\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\propriétaire\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{590257D0-B915-4B42-8E10-7B66E50DB41D}c:\\users\\propriétaire\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\propriétaire\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"{BBA36E3C-B7AB-4B7C-81FD-AFB59C7E74F4}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{6615E39F-0CCB-4C04-B05B-DCD9FFDAA257}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"TCP Query User{0F4B97A7-F636-4639-A24A-284FD6E9E30E}c:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"UDP Query User{0C5C1039-66EE-44DA-AD54-35EC55EE39F1}c:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:c:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client
"TCP Query User{2C76C58D-7E89-47DF-8749-CEC1C596D914}c:\\program files\\steam\\steamapps\\phoenix_rebirth\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\phoenix_rebirth\team fortress 2\hl2.exe:hl2
"UDP Query User{989B8363-96B0-4723-BD76-63517C3704B5}c:\\program files\\steam\\steamapps\\phoenix_rebirth\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\phoenix_rebirth\team fortress 2\hl2.exe:hl2
"TCP Query User{E3682EEE-2CCD-4974-8D63-ECF5AD388A50}c:\\program files\\steam\\steamapps\\mastodonde\\source 2007 dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\mastodonde\source 2007 dedicated server\srcds.exe:srcds
"UDP Query User{B0EBDD4E-51E9-4D88-9E76-79F4BCBA801A}c:\\program files\\steam\\steamapps\\mastodonde\\source 2007 dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\mastodonde\source 2007 dedicated server\srcds.exe:srcds
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S3 NETw2v32;Pilote de connexion réseau PRO/Sans fil 2200BG Intel(R) pour Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.newgrounds.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=FRN_CA&Sys=DTP&M=GT5634H
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll
FF - ProfilePath - c:\users\Propriétaire\AppData\Roaming\Mozilla\Firefox\Profiles\4m1bcosy.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 17:16
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\PROPRI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\TMP00000003334A317CDEAFCC37
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.exe'(6320)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Megaupload\Mega Manager\MegaIEMn.dll
c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
c:\windows\system32\vorbis.acm
c:\windows\System32\NLSData000c.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\CISVC.EXE
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\lxdicoms.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\TCPSVCS.EXE
c:\windows\System32\atwtusb.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\wisptis.exe
c:\windows\System32\conime.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-05-28 17:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-28 21:24
ComboFix2.txt 2009-05-27 21:26
Avant-CF: 172 671 070 208 octets libres
Après-CF: 172 668 043 264 octets libres
383 --- E O F --- 2009-05-25 21:23
Kerio ou Zone Alarm 
Répondre à Angeldark
