DupondAvecUnD

Membres

Afficher le profil Afficher son activité

Compteur de contenus
7
Inscription
le 10 juillet 2009
Dernière visite
le 11 juillet 2009

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par DupondAvecUnD

Demande d'aide éradication virus

DupondAvecUnD a répondu à un(e) sujet de DupondAvecUnD dans Analyses et éradication malwares

Bonsoir Falkra, Yes ! J'ai pu désinstaller Avast puis réinstaller la version française d'Antivir. J'ai mis à jour et j'ai lancé le scan. Horreur j'avais un nombre incalculable de vers don Bagle (175). J'avais fait les MàJ d'Avast et il ne m'en a jamais trouvé ! C'est fondamentalement dramatique de faire confiance à ce type de produit qui n'est plus ce qu'il était... Je recommanderais la suppression d'Avast (qui était bien dans le principe pour Internet initialement ce que ne fait pas Antivir) et l'installation d'Antivir. Bien évidemment je lirait tout ce que je pourrai trouver sur le site de Zébulon. J'aurai au moins appris qu'il ne faut pas faire confiance à qui que ce soit même si c'est pour aider et j'ai appris (je n'ai pourtant jamais eu en 15 ans le moindre problème de virus) que le meilleur ATV était entre la chaise et le clavier ! Je pense que maintenant tout est redevenu en ordre sauf peut-être certaines lignes dans le Registre ? Il reste peut être quelque chose à terminer ? Merci de me le faire savoir. Je te remercie pour ton aide et la rapidité des solutions apportées. Bon WE et Bonnes Vacances. DUPOND
- le 10 juillet 2009
- 10 réponses
Demande d'aide éradication virus

DupondAvecUnD a répondu à un(e) sujet de DupondAvecUnD dans Analyses et éradication malwares

Help ! J'ai effectué les manipulations qui m'ont été données et en voulant recopier le rapport j'ai voulu ouvrir le bloc note microsoft dans Accesoires. J'ai le message suivant : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk Tentative d'opération non autorisée sur une clé du Registre marquée pour suppression Je voudrai pouvoir avancer et je remercie toute personne qui pourrait m'indiquer la marche à suivre... Merci.
- le 10 juillet 2009
- 10 réponses
Demande d'aide éradication virus

DupondAvecUnD a répondu à un(e) sujet de DupondAvecUnD dans Analyses et éradication malwares

Help ! J'ai voulu recopier le rapport dans le bloc note mais en voulant l'ouvrir j'ai un message : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk Tentative d'opération non autorisée sur une clé du Registre marquée pour suppression Je crains qu'il y ait encore un problème... Aidez-moi SVP
- le 10 juillet 2009
- 10 réponses
Demande d'aide éradication virus

DupondAvecUnD a répondu à un(e) sujet de DupondAvecUnD dans Analyses et éradication malwares

Bon la machine a rebooté. Que dois-je faire maintenant STP ? voici le rapport final : Merci Falkra ComboFix 09-07-09.07 - Administrateur 10/07/2009 12:27.2.2 - NTFSx86 Lancé depuis: c:\users\Administrateur\Desktop\Tralala.exe Commutateurs utilisés :: c:\users\Administrateur\Desktop\CFscript.txt * Un nouveau point de restauration a été créé FILE :: "C:\FindyKill.exe" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\FindyKill C:\FindyKill.exe c:\findykill\$llave c:\findykill\FindyKill.cmd c:\findykill\Reg\Hkcu c:\findykill\Reg\Hkcu_Po c:\findykill\Reg\Hkcu_Run c:\findykill\Reg\Hklm_Ifeo c:\findykill\Reg\Hklm_Logon c:\findykill\Reg\Hklm_Run c:\findykill\Reg\Hklm_Serv c:\findykill\Reg\Hku_Def c:\findykill\Reg\Rkt c:\findykill\Reg\ShellExecuteHooks c:\findykill\Reg\SP2.reg c:\findykill\Reg\SP3.reg c:\findykill\Reg\Startup c:\findykill\Reg\Uac.reg c:\findykill\Reg\UsbFix.reg c:\findykill\Reg\Vista.reg c:\findykill\Tools\EchoX.exe c:\findykill\Tools\Files.cmd c:\findykill\Tools\Folders.cmd c:\findykill\Tools\fsum.exe c:\findykill\Tools\FyK.ico c:\findykill\Tools\GREP.EXE c:\findykill\Tools\IZARCE.exe c:\findykill\Tools\K_Proc c:\findykill\Tools\K_Root.cmd c:\findykill\Tools\Kill_P.exe c:\findykill\Tools\Langue.cmd c:\findykill\Tools\md5deep.exe c:\findykill\Tools\RefMd5.def c:\findykill\Tools\sed.exe c:\findykill\Tools\SniffC.exe c:\findykill\Tools\swreg.exe c:\findykill\Tools\Usb c:\findykill\Tools\UsbFix.vbs c:\findykill\Tools\UsbFix_Setup.ico c:\findykill\Tools\UsbReg.vbs c:\findykill\Tools\winupgro.exe c:\findykill\Uninstal.exe c:\program files\AskBarDis c:\program files\AskBarDis\bar\bin\askPopStp.dll c:\program files\AskBarDis\bar\bin\psvince.dll c:\program files\AskBarDis\bar\Settings\config.dat c:\program files\AskBarDis\bar\Settings\config.dat.bak c:\program files\AskBarDis\unins000.dat c:\program files\AskBarDis\unins000.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASWFSBLK -------\Legacy_ASWMONFLT -------\Legacy_ASWSP -------\Service_aswFsBlk -------\Service_aswMonFlt -------\Service_aswSP ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-10 au 2009-07-10 )))))))))))))))))))))))))))))))))))) . 2009-07-10 10:31 . 2009-07-10 13:14 -------- d-----w- c:\users\Administrateur\AppData\Local\temp 2009-07-09 20:07 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-07-09 20:07 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-07-09 20:07 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-07-09 20:06 . 2009-07-09 20:06 -------- d-----w- c:\program files\Alwil 2009-07-09 17:23 . 2009-07-09 17:23 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Malwarebytes 2009-07-09 14:54 . 2009-07-09 14:54 -------- d-----w- c:\windows\Sun 2009-07-09 13:51 . 2009-07-09 13:51 -------- d-----w- c:\users\Administrateur\AppData\Roaming\ArcticLine 2009-07-09 13:41 . 2009-07-10 09:42 -------- d--h--w- c:\users\Charles-Henry\AppData\Roaming\drivers 2009-07-08 13:02 . 2009-07-08 13:02 -------- d-----w- C:\Capture Jaune 2009-07-08 12:46 . 2009-07-08 12:46 -------- d-----w- C:\AspiWeb_v320 2009-07-08 12:42 . 2009-07-08 12:42 -------- d-----w- c:\program files\TorrentSpeeder 2009-07-08 10:59 . 2009-07-08 10:59 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Babylon 2009-07-08 10:59 . 2009-07-08 10:59 -------- d-----w- c:\programdata\Babylon 2009-07-08 10:33 . 2009-07-08 10:33 -------- d-----w- c:\users\Charles-Henry\AppData\Local\ACD Systems 2009-07-08 10:33 . 2009-07-08 10:33 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\ACD Systems 2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\programdata\ACD Systems 2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\program files\ACD Systems 2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\program files\Common Files\ACD Systems 2009-07-08 10:30 . 2009-07-08 10:30 -------- d-----w- c:\users\Charles-Henry\AppData\Local\Downloaded Installations 2009-07-07 16:24 . 2004-08-19 15:09 153088 ----a-w- c:\windows\system32\triedit.dll 2009-07-07 16:24 . 2004-02-23 00:00 78848 ----a-w- c:\windows\system32\MSBIND.DLL 2009-07-07 16:24 . 2004-02-23 00:00 322560 ----a-w- c:\windows\system32\MSDBRPTR.DLL 2009-07-07 16:24 . 1998-07-13 00:00 16384 ----a-w- c:\windows\system32\ADODCFR.DLL 2009-07-07 16:24 . 1998-07-13 00:00 15872 ----a-w- c:\windows\system32\WINSKFR.DLL 2009-07-07 16:24 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\INetFR.DLL 2009-07-07 16:24 . 2007-10-05 17:18 114688 ----a-w- c:\windows\system32\myodbc3i.exe 2009-07-07 16:24 . 2007-10-05 17:18 106496 ----a-w- c:\windows\system32\myodbc3m.exe 2009-07-07 16:24 . 2007-10-05 17:18 6660096 ----a-w- c:\windows\system32\myodbc3S.dll 2009-07-07 16:24 . 2007-10-05 17:18 2183168 ----a-w- c:\windows\system32\myodbc3.dll 2009-07-07 16:24 . 2009-07-07 17:46 -------- d-----w- c:\program files\REFERENCE SOFTWARE 2009-07-07 14:06 . 2009-07-07 14:06 -------- d-----w- c:\program files\Icon Commander 2009-07-07 06:23 . 2009-07-07 06:25 -------- d-----w- c:\program files\East-Tec Backup 2009-07-02 14:22 . 2009-07-02 15:09 -------- d-----w- c:\users\Administrateur\AppData\Local\Microsoft Games 2009-07-02 14:21 . 2009-07-10 08:41 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Vista Start Menu 2009-07-02 13:48 . 2009-07-02 13:48 -------- d-----w- c:\programdata\HP Product Assistant 2009-07-02 13:47 . 2009-07-02 13:47 -------- d-----w- c:\program files\Common Files\HP 2009-07-02 13:41 . 2007-10-30 09:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll 2009-07-02 13:41 . 2007-10-30 09:25 309760 ----a-w- c:\windows\system32\difxapi.dll 2009-07-02 13:41 . 2007-10-21 16:45 729088 ----a-w- c:\windows\system32\hpowiax7.dll 2009-07-02 13:41 . 2007-10-21 16:45 581632 ----a-w- c:\windows\system32\hpotscl6.dll 2009-07-02 13:41 . 2007-10-21 16:45 303104 ----a-w- c:\windows\system32\hpovst15.dll 2009-07-02 13:31 . 2009-07-02 13:58 178012 ----a-w- c:\windows\hpoins28.dat 2009-07-02 12:49 . 2009-07-02 12:49 -------- d-----w- c:\users\Administrateur\AppData\Local\Hewlett-Packard 2009-07-02 12:48 . 2009-07-02 12:48 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Hewlett-Packard 2009-06-29 11:09 . 2009-06-29 11:09 -------- d-----w- c:\program files\Adolix 2009-06-29 10:48 . 2009-06-29 11:06 -------- d-----w- c:\program files\eCover Engineer V6 2009-06-25 09:14 . 2009-06-25 09:14 -------- d-----w- C:\Mon Site Web 2009-06-25 07:31 . 2009-06-25 07:43 -------- d-----w- c:\program files\WebSite X5 Smart V7 2009-06-24 16:05 . 2009-06-24 16:33 -------- d-----w- c:\program files\WebSite X5 Smart 2009-06-24 16:04 . 2009-03-15 15:35 207872 ----a-w- c:\windows\system32\iwpsetup.exe 2009-06-24 16:04 . 2001-08-31 12:00 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll 2009-06-24 16:04 . 1997-01-15 22:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL 2009-06-23 17:04 . 2009-06-24 15:47 -------- d-----w- c:\program files\Guppy 2009-06-23 16:44 . 2009-06-23 16:55 -------- d-----w- C:\Guppy 2009-06-20 15:34 . 2009-06-20 15:34 -------- d-----w- c:\program files\3D Image Commander 2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\ArcticLine 2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\program files\Folder Marker 2009-06-19 08:24 . 2009-06-19 08:24 -------- d-----w- c:\program files\CCleanerV2 2009-06-14 15:51 . 2009-06-14 15:55 -------- d-----w- c:\program files\Extra Screen Capture Pro 2009-06-14 06:35 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-06-14 06:35 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-13 18:08 . 2009-06-13 18:08 -------- d-----w- c:\windows\system32\syncdb 2009-06-12 07:28 . 2009-06-12 07:28 -------- d-----w- c:\programdata\is-AES6H 2009-06-12 07:28 . 2009-06-19 08:00 26363936 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-12 07:05 . 2009-06-12 07:05 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAD8F.tmp.exe 2009-06-11 07:11 . 2009-06-11 07:11 110592 ----a-w- c:\users\Charles-Henry\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\36F7.tmp_\Antidote - OpenOffice.org 2.0.uno.pkg\Antidote-OOo.dll 2009-06-11 07:03 . 2009-06-11 07:03 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Druide 2009-06-11 06:43 . 2009-06-11 06:43 97280 ----a-r- c:\users\Charles-Henry\AppData\Roaming\Microsoft\Installer\{A474EA56-5DBD-4181-8230-806A4762EA7F}\IconA474EA561.exe 2009-06-11 06:43 . 2009-06-11 06:43 -------- d-----w- c:\program files\Druide 2009-06-11 06:33 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-06-10 14:14 . 2009-06-10 14:14 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Moyea 2009-06-10 14:13 . 2009-06-10 14:13 -------- d-----w- c:\program files\Moyea . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-10 13:13 . 2008-09-30 08:18 43414 ----a-w- c:\programdata\nvModes.dat 2009-07-10 09:52 . 2008-07-30 08:06 672322 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-10 09:52 . 2008-07-30 08:06 124434 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-10 09:43 . 2008-07-29 22:20 12 ----a-w- c:\windows\bthservsdp.dat 2009-07-09 14:49 . 2008-12-06 13:29 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-09 14:49 . 2008-07-30 00:18 -------- d-----w- c:\program files\Java 2009-07-09 13:39 . 2008-12-27 10:01 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\DNA 2009-07-09 10:50 . 2009-03-18 08:41 1 ----a-w- c:\users\Charles-Henry\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-07-09 10:49 . 2009-04-27 11:06 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Vista Start Menu 2009-07-07 17:46 . 2008-07-29 22:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-07 16:31 . 2009-04-16 10:23 7592 ----a-w- c:\users\Charles-Henry\AppData\Local\d3d9caps.dat 2009-07-05 06:32 . 2009-03-15 09:25 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\dvdcss 2009-07-02 13:48 . 2008-11-08 14:51 -------- d-----w- c:\programdata\HP 2009-07-02 12:22 . 2009-02-21 10:16 121848 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-06-19 15:19 . 2008-11-06 14:40 121848 ----a-w- c:\users\Charles-Henry\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-19 08:00 . 2009-06-12 07:28 313160 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-18 07:39 . 2008-07-29 23:55 -------- d-----w- c:\programdata\Microsoft Help 2009-06-13 18:15 . 2008-07-29 23:58 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-12 06:44 . 2008-07-29 23:32 -------- d-----w- c:\program files\Microsoft Works 2009-06-08 14:02 . 2009-06-08 13:43 -------- d-----w- c:\program files\Aplus Vidéo Suite 2009-06-08 07:48 . 2009-06-08 07:43 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-06-08 07:48 . 2009-06-08 07:43 -------- d-----w- c:\program files\AVS4YOU 2009-06-08 07:45 . 2009-06-08 07:45 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\AVS4YOU 2009-06-08 07:44 . 2009-06-08 07:44 -------- d-----w- c:\programdata\AVS4YOU 2009-06-06 14:48 . 2009-06-06 14:48 -------- d-----w- c:\program files\Adobe Media Player 2009-06-06 14:47 . 2009-06-06 14:47 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-06-06 14:46 . 2009-03-09 17:30 38208 ----a-w- c:\users\Charles-Henry\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-06-05 06:55 . 2009-04-26 21:35 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Clipdiary 2009-05-24 21:39 . 2009-05-24 21:39 -------- d-----w- c:\programdata\Martau 2009-05-24 21:39 . 2009-05-24 21:39 -------- d-----w- c:\program files\Total Uninstall 5 2009-05-24 21:27 . 2008-11-08 10:35 -------- d-----w- c:\program files\PDFCreator Toolbar 2009-05-24 21:11 . 2009-05-04 06:00 -------- d-----w- c:\program files\myBabylon_English 2009-05-23 20:48 . 2009-05-23 20:45 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Gold Wave Editor Pro 2009-05-23 20:44 . 2009-05-23 20:44 -------- d-----w- c:\program files\Gold Wave Editor Pro 2009-05-16 10:16 . 2009-05-16 10:16 -------- d-----w- c:\program files\HandyShopper 2009-05-16 05:28 . 2009-05-16 05:28 -------- d-----w- c:\program files\Ax3soft 2009-05-16 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Malwarebytes 2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\program files\A_Squared 2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\programdata\Malwarebytes 2009-05-03 14:13 . 2009-04-26 12:23 3674 ----a-w- c:\users\Charles-Henry\AppData\Roaming\SAS7_000.DAT 2009-04-27 17:03 . 2009-01-01 10:47 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys 2009-04-24 16:05 . 2009-06-11 06:32 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-11 06:32 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-11 06:32 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-23 12:43 . 2009-06-11 06:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-11 06:32 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-22 23:30 . 2009-04-22 21:28 443 ----a-w- c:\windows\PowerReg.dat 2009-04-22 22:54 . 2009-04-22 22:57 403968 ----a-w- c:\windows\speech.dll 2009-04-22 21:30 . 2009-04-22 21:30 225280 ----a-w- c:\users\Charles-Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe 2008-07-30 08:11 . 2008-07-30 08:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\programdata\is-AES6H ---- 2009-06-12 07:28 . 2009-06-19 08:14 152011 ---ha-w- c:\programdata\is-AES6H\~PRCustomProps#122.dat 2009-06-12 07:28 . 2009-06-19 08:14 64011 ---ha-w- c:\programdata\is-AES6H\~PRObjects#122.dat ((((((((((((((((((((((((((((( SnapShot@2009-07-10_09.48.19 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-30 07:40 . 2009-07-10 09:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-30 07:40 . 2009-07-10 13:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-30 07:40 . 2009-07-10 09:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-30 07:40 . 2009-07-10 13:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-10 09:45 . 2009-07-10 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-07-10 09:45 . 2009-07-10 13:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-07-10 09:45 . 2009-07-10 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-10 09:45 . 2009-07-10 13:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-11-06 21:35 . 2009-07-10 13:09 355946 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2006-11-02 10:33 . 2009-07-10 09:51 590082 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-07-09 20:16 590082 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-07-09 20:16 102094 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-07-10 09:51 102094 c:\windows\System32\perfc009.dat - 2008-09-30 07:40 . 2009-07-10 09:45 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-30 07:40 . 2009-07-10 13:12 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] 2009-05-24 21:11 2094616 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-02-28 12:04 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 39408] "L08FXLRD_1502773"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-04-13 2171392] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-05 413696] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-18 68592] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "avast!"="c:\progra~1\Alwil\Avast4\ashDisp.exe" [2009-07-10 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-02 542136] c:\users\Charles-Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PowerReg SchedulerV2.exe [2009-4-22 225280] c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-7 110592] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2064635653-3729951122-4279557079-1000] "EnableNotificationsRef"=dword:00000006 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2064635653-3729951122-4279557079-500] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AFCE2351-7ACC-4803-A7C9-8C259F10BE0D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{22457A67-E72C-4843-88AE-4456E006308A}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{167632E7-3791-47A2-9DCA-63D6F80F5C47}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{87F63783-4673-4B3B-A248-B6FABF7AFE8C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CCC78D8F-EB28-4C1E-87D6-87805A606B7D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{0242A80F-567E-42B0-AF27-258D992ECE0B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{DB782A31-6037-4C7E-8665-60B3FC2D4789}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{9AC1FEDD-2FCE-4ED7-BF29-82BBDE91686E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{EF80A058-775E-4A83-9D5F-4B537373AE8C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9C39EBBB-160E-4C4C-A09E-B3845AE4FE78}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{4115CF97-61EE-4B8B-8F0D-E76F9772AFC8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D73932E8-7CA7-404A-9F76-92D05652E920}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{598D8F70-6503-4032-85CE-82B201757E5E}h:\\program files\\bittorrent\\bittorrent.exe"= UDP:h:\program files\bittorrent\bittorrent.exe:bittorrent "UDP Query User{38C83894-E15A-4433-A1D9-AB4BB507A125}h:\\program files\\bittorrent\\bittorrent.exe"= TCP:h:\program files\bittorrent\bittorrent.exe:bittorrent "TCP Query User{483683A2-8BF6-4238-8E18-D324928479C5}c:\\users\\charles-henry\\program files\\dna\\btdna.exe"= UDP:c:\users\charles-henry\program files\dna\btdna.exe:btdna.exe "UDP Query User{6E72674C-342B-4156-BB9B-E86EFA131E06}c:\\users\\charles-henry\\program files\\dna\\btdna.exe"= TCP:c:\users\charles-henry\program files\dna\btdna.exe:btdna.exe "TCP Query User{414C42D2-83E4-4F9A-8397-D857FAABFE83}C:4\\program files\\bittorrent\\bittorrent.exe"= UDP:C:4\program files\bittorrent\bittorrent.exe:bittorrent.exe "UDP Query User{9BFC6D7D-D049-41EC-9185-2EEAA18F6F15}C:4\\program files\\bittorrent\\bittorrent.exe"= TCP:C:4\program files\bittorrent\bittorrent.exe:bittorrent.exe "{BAA69B85-5D83-48E4-B31F-F8B00A427EED}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{0C8A93B8-2268-4738-B66C-34B43DDB904D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{EDAF87EF-05FB-4326-83C8-3B95705F1D29}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule "UDP Query User{ED783E0E-2A70-43B8-AE34-A44ADE87CCC0}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule "{AA5ED257-602D-45EA-92DB-EF65F40DFED6}"= UDP:5353:Adobe CSI CS4 "TCP Query User{29E63E8F-D8B3-4251-B515-C360882654F0}C:4\\adobe flash cs4 pro\\flash\\adobe flash cs4\\flash.exe"= UDP:C:4\adobe flash cs4 pro\flash\adobe flash cs4\flash.exe:flash.exe "UDP Query User{DDEBF1ED-CFB7-45ED-8CA3-131D3FE5BBF0}C:4\\adobe flash cs4 pro\\flash\\adobe flash cs4\\flash.exe"= TCP:C:4\adobe flash cs4 pro\flash\adobe flash cs4\flash.exe:flash.exe "{77434250-2D16-4B82-83DE-F8B339D59530}"= Disabled:UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{45A81BC6-70B0-43D1-A796-2BACD54ABBC3}"= Disabled:TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{B049F4A6-89F7-49AA-A75B-ED7650A9F05A}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{BD855DAC-0EA1-4EEB-9C9F-4496000618AE}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{D7D5C76B-BD83-42DA-A9B0-FD4CBCF1DE44}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "TCP Query User{C741FD90-9A59-456A-B0C9-DA347E25CF9C}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk1s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk1s01\svchost.exe:svchost "UDP Query User{3085F335-4E53-4312-9AC6-14B99CC79B93}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk1s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk1s01\svchost.exe:svchost "TCP Query User{E33A3A7F-9DB1-4B07-A41F-9257C051157F}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk2s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk2s01\svchost.exe:svchost "UDP Query User{54DCD5A3-EB9F-4A92-8D21-BF51E050A181}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk2s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk2s01\svchost.exe:svchost "TCP Query User{5D18C178-4CB1-48A1-9B0B-105B61290E91}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk3s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk3s01\svchost.exe:svchost "UDP Query User{05B59112-9223-4E87-8E01-3A7D585EF5D8}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk3s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk3s01\svchost.exe:svchost "TCP Query User{C4A48145-90C7-4497-8E12-8829503FB5F3}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk4s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk4s01\svchost.exe:svchost "UDP Query User{337CF112-14E2-4ACE-8D07-CB4DBE9C621B}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk4s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk4s01\svchost.exe:svchost "TCP Query User{5F596EF7-5943-4FBF-80BC-42478C3310C0}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk59\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk59\mdm.exe:mdm "UDP Query User{726565BA-F867-4828-8B0E-919B449BDC69}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk59\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk59\mdm.exe:mdm "TCP Query User{30FDD1C0-44BD-42FF-B4A9-012C8BB8524E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{B85DCA09-52CB-421B-82E6-A5BECB406D27}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{ACAF0FDF-E1B2-44B1-AB0B-0B94821E3A15}"= UDP:c:\program files\Tidy Favorites\tidyfavorites.exe:TidyFavorites "TCP Query User{51BDB074-DC32-40C9-803A-77E55C4A6F3A}c:\\program files\\tidy favorites\\tidyfavorites.exe"= UDP:c:\program files\tidy favorites\tidyfavorites.exe:Tidy Favorites "UDP Query User{71115AA5-72C8-40E5-AF8F-9C3FDFCC1BB6}c:\\program files\\tidy favorites\\tidyfavorites.exe"= TCP:c:\program files\tidy favorites\tidyfavorites.exe:Tidy Favorites "{D68260D1-50E4-4611-97CF-75684C1C9A58}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{2D2F64F0-4724-4585-B173-8EF6D24BD91C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{8484A375-A354-4878-8272-C60AACA5836E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk67\mdm.exe:mdm "UDP Query User{97C7CC56-F211-4307-8233-D7F49452A8A5}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk67\mdm.exe:mdm "TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard "TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard "TCP Query User{46EFB20A-9F4C-4DB8-8C0B-3A39E2D59C55}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp10\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp10\mdm.exe:mdm "UDP Query User{0226F124-99C0-478B-B325-8C1C3875BB4B}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp10\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp10\mdm.exe:mdm "TCP Query User{92395257-784F-4644-AE67-B2BE4778D302}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp11\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp11\mdm.exe:mdm "UDP Query User{BF9B37CF-0669-48A6-9CC6-99793ACC0062}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp11\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp11\mdm.exe:mdm "TCP Query User{1E6C410F-8A59-4D6D-98BD-C2CF76F9ED24}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp12\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp12\mdm.exe:mdm "UDP Query User{E317A20D-8264-463E-A465-1622EC84F19D}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp12\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp12\mdm.exe:mdm "TCP Query User{4E6D60D4-3F40-4613-9518-BDCA1074AF56}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp13\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp13\mdm.exe:mdm "UDP Query User{39A87C09-8563-4884-9C0C-B7311FE3685E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp13\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp13\mdm.exe:mdm "TCP Query User{DC2E7BCA-0B06-415E-8FA1-90BA8F0FF07E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp22\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp22\mdm.exe:mdm "UDP Query User{779D8DC4-7A88-4771-91E7-C4D1023028D8}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp22\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp22\mdm.exe:mdm "TCP Query User{948680CE-E76F-4BFD-8D97-5A5548AA6C93}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp24\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp24\mdm.exe:mdm "UDP Query User{E774C0B4-BC70-4B25-B209-D0EB74FD385F}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp24\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp24\mdm.exe:mdm "TCP Query User{103B4F46-28F5-4821-94D9-D934F595FDA8}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home "UDP Query User{DC8DE983-6906-4C02-90E2-EE9801ACAD62}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home "TCP Query User{D1F23D96-546E-4CA9-9F37-5F3FAD9C70AA}c:\\program files\\guppy\\zazouminiwebserver.exe"= UDP:c:\program files\guppy\zazouminiwebserver.exe:ZazouMiniWebServer "UDP Query User{E5AB5C28-5DB3-4B73-BDFE-A160D0844A74}c:\\program files\\guppy\\zazouminiwebserver.exe"= TCP:c:\program files\guppy\zazouminiwebserver.exe:ZazouMiniWebServer "{4A1C5D41-3DDE-409A-B549-DBB76B5CBAFE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{66DAFB14-10EB-4505-A72E-CEC9D6B2F530}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{596913BC-ED04-4B23-828B-E6D485BE2F44}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{2FB10010-C6A6-4D5B-BCAF-47F039D09914}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{EBA1D703-E4B2-4AF0-BDEC-CEB10F60409D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{F5E540CA-CD64-4019-835C-D5CE36A6B3E5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{1572AB97-9AB3-4CEC-B029-027E0AF23D40}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{E9560C37-816E-4038-A121-4973523C4BA3}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{F3F71ADB-817C-4445-A398-D3721E89FC3D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{2A06A960-1172-41CF-9D4A-F81275B68F63}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard "TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard "TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard "TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "h:\\Program Files\\BitTorrent\\bittorrent.exe"= h:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "c:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"= c:\program files\iView MediaPro3\IVIEW_MP.exe:*:Enabled:iView Multimedia R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176] R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-01-04 61536] R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-01-04 9360] R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-01-04 97088] R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-01-04 90800] S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-01-27 40368] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456] S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032] S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{8827CF3C-668F-46E5-AE67-3DE4C07251ED}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\PROMT5\PROMTIE4\promtie5.htm IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\PROMT5\PROMTIE4\options.htm IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0401 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0402 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0404 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0405 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0406 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0407 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040B IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040C IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040D IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0410 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0415 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0416 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0418 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0419 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang041D IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0421 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0422 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0429 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0C1A IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0401 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0402 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0404 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0405 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0406 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0407 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040B IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040C IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040D IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0410 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0415 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0416 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0418 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0419 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang041D IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0421 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0422 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0429 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0C1A IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {70BEC6D2-977B-43CB-9A50-424099BA3897} - c:\progra~1\COMMON~1\TIDYFA~1\AddToFav.dll IE: {{E3CB497B-E230-4445-8B34-13476822F867} - {9B0CFC24-6650-4BEE-8030-6FCAE4672685} - c:\progra~1\COMMON~1\TIDYFA~1\OpenFav.dll DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-10 15:14 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.avi" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.CDA" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (Administrator) "Progid"="ThunderbirdEML" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M3U" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAV" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(6056) c:\program files\Nero\Nero8\InCD\NBHShx.dll c:\program files\Nero\Nero8\InCD\NBHStr.dll c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll c:\program files\Vista Start Menu\VistaStartMenu.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero8\InCD\InCDsrv.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\System32\IoctlSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe . ************************************************************************** . Heure de fin: 2009-07-10 15:20 - La machine a redémarré ComboFix-quarantined-files.txt 2009-07-10 13:20 ComboFix2.txt 2009-07-10 09:54 Avant-CF: 192 284 545 024 octets libres Après-CF: 192 028 131 328 octets libres 630 --- E O F --- 2009-07-07 06:19
- le 10 juillet 2009
- 10 réponses
Demande d'aide éradication virus

DupondAvecUnD a répondu à un(e) sujet de DupondAvecUnD dans Analyses et éradication malwares

Falkra, j'ai un petit problème ! J'ai fait ce que tu m'as demandé mais depuis une 1/2 heure l'écran affiche "Fermeture de session..." Est-ce normal ? Je ne peux t'envoyer le rapport. Faut-il redémarrer ? Merci de ton éclairage.
- le 10 juillet 2009
- 10 réponses
Demande d'aide éradication virus

DupondAvecUnD a répondu à un(e) sujet de DupondAvecUnD dans Analyses et éradication malwares

Merci Falkra, Voilà mon rapport de ComboFix : ComboFix 09-07-09.07 - Administrateur 10/07/2009 11:32.1.2 - NTFSx86 Lancé depuis: c:\users\Administrateur\Desktop\Tralala.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1753393394-1739914917-1163840506-500 c:\users\Administrateur\AppData\Roaming\dllhst3g.exe c:\users\Administrateur\AppData\Roaming\mstinit.exe c:\users\Charles-Henry\AppData\Local\Microsoft\logman.exe c:\users\Charles-Henry\AppData\Local\mstsc.exe c:\users\Charles-Henry\AppData\Roaming\dllhst3g.exe c:\users\Charles-Henry\AppData\Roaming\drivers\111wfs1intwq.sys c:\users\Charles-Henry\AppData\Roaming\drivers\11s11ro1s1a2.sys c:\users\Charles-Henry\AppData\Roaming\drivers\downld c:\users\Charles-Henry\AppData\Roaming\drivers\downld\162900081.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\162904387.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\162995803.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\162998284.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\163001201.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\163001997.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3403317.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3419307.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3421367.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3526074.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3527369.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3528134.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3528415.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3540645.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3586431.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3589973.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3591283.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3677427.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\3680562.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4091921.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4093091.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4094043.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4100611.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4101437.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4108067.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4110002.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4110797.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4111811.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4164150.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4329573.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4329901.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4329916.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4459522.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4460645.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4460910.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4461503.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4462268.exe c:\users\Charles-Henry\AppData\Roaming\drivers\downld\4462299.exe c:\users\Charles-Henry\AppData\Roaming\Microsoft\mqtgsvc.exe c:\windows\Installer\2a551a.msi c:\windows\Installer\3afe7.msi c:\windows\system\sessmgr.exe c:\windows\system32\ban_list.txt c:\windows\system32\drivers\clipsrv.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_111111S1RO1S1A -------\Legacy_SK9OU0S -------\Service_111111s1ro1s1a ((((((((((((((((((((((((((((( Fichiers créés du 2009-06-10 au 2009-07-10 )))))))))))))))))))))))))))))))))))) . 2009-07-10 09:42 . 2009-07-10 09:42 -------- d-----w- c:\users\Charles-Henry\AppData\Local\temp 2009-07-09 21:30 . 2009-07-09 23:13 -------- d-----w- C:\FindyKill 2009-07-09 21:21 . 2009-07-09 21:21 1403940 ----a-w- C:\FindyKill.exe 2009-07-09 20:07 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-07-09 20:07 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-07-09 20:07 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-07-09 20:06 . 2009-07-09 20:06 -------- d-----w- c:\program files\Alwil 2009-07-09 17:23 . 2009-07-09 17:23 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Malwarebytes 2009-07-09 14:54 . 2009-07-09 14:54 -------- d-----w- c:\windows\Sun 2009-07-09 13:51 . 2009-07-09 13:51 -------- d-----w- c:\users\Administrateur\AppData\Roaming\ArcticLine 2009-07-09 13:41 . 2009-07-10 09:42 -------- d--h--w- c:\users\Charles-Henry\AppData\Roaming\drivers 2009-07-08 13:02 . 2009-07-08 13:02 -------- d-----w- C:\Capture Jaune 2009-07-08 12:46 . 2009-07-08 12:46 -------- d-----w- C:\AspiWeb_v320 2009-07-08 12:42 . 2009-07-08 12:42 -------- d-----w- c:\program files\TorrentSpeeder 2009-07-08 10:59 . 2009-07-08 10:59 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Babylon 2009-07-08 10:59 . 2009-07-08 10:59 -------- d-----w- c:\programdata\Babylon 2009-07-08 10:33 . 2009-07-08 10:33 -------- d-----w- c:\users\Charles-Henry\AppData\Local\ACD Systems 2009-07-08 10:33 . 2009-07-08 10:33 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\ACD Systems 2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\programdata\ACD Systems 2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\program files\ACD Systems 2009-07-08 10:32 . 2009-07-08 10:32 -------- d-----w- c:\program files\Common Files\ACD Systems 2009-07-08 10:30 . 2009-07-08 10:30 -------- d-----w- c:\users\Charles-Henry\AppData\Local\Downloaded Installations 2009-07-07 16:24 . 2004-08-19 15:09 153088 ----a-w- c:\windows\system32\triedit.dll 2009-07-07 16:24 . 2004-02-23 00:00 78848 ----a-w- c:\windows\system32\MSBIND.DLL 2009-07-07 16:24 . 2004-02-23 00:00 322560 ----a-w- c:\windows\system32\MSDBRPTR.DLL 2009-07-07 16:24 . 1998-07-13 00:00 16384 ----a-w- c:\windows\system32\ADODCFR.DLL 2009-07-07 16:24 . 1998-07-13 00:00 15872 ----a-w- c:\windows\system32\WINSKFR.DLL 2009-07-07 16:24 . 1998-07-12 22:00 15360 ----a-w- c:\windows\system32\INetFR.DLL 2009-07-07 16:24 . 2007-10-05 17:18 114688 ----a-w- c:\windows\system32\myodbc3i.exe 2009-07-07 16:24 . 2007-10-05 17:18 106496 ----a-w- c:\windows\system32\myodbc3m.exe 2009-07-07 16:24 . 2007-10-05 17:18 6660096 ----a-w- c:\windows\system32\myodbc3S.dll 2009-07-07 16:24 . 2007-10-05 17:18 2183168 ----a-w- c:\windows\system32\myodbc3.dll 2009-07-07 16:24 . 2009-07-07 17:46 -------- d-----w- c:\program files\REFERENCE SOFTWARE 2009-07-07 14:06 . 2009-07-07 14:06 -------- d-----w- c:\program files\Icon Commander 2009-07-07 06:23 . 2009-07-07 06:25 -------- d-----w- c:\program files\East-Tec Backup 2009-07-02 14:22 . 2009-07-02 15:09 -------- d-----w- c:\users\Administrateur\AppData\Local\Microsoft Games 2009-07-02 14:21 . 2009-07-10 08:41 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Vista Start Menu 2009-07-02 13:48 . 2009-07-02 13:48 -------- d-----w- c:\programdata\HP Product Assistant 2009-07-02 13:47 . 2009-07-02 13:47 -------- d-----w- c:\program files\Common Files\HP 2009-07-02 13:41 . 2007-10-30 09:25 372736 ----a-w- c:\windows\system32\hppldcoi.dll 2009-07-02 13:41 . 2007-10-30 09:25 309760 ----a-w- c:\windows\system32\difxapi.dll 2009-07-02 13:41 . 2007-10-21 16:45 729088 ----a-w- c:\windows\system32\hpowiax7.dll 2009-07-02 13:41 . 2007-10-21 16:45 581632 ----a-w- c:\windows\system32\hpotscl6.dll 2009-07-02 13:41 . 2007-10-21 16:45 303104 ----a-w- c:\windows\system32\hpovst15.dll 2009-07-02 13:31 . 2009-07-02 13:58 178012 ----a-w- c:\windows\hpoins28.dat 2009-07-02 12:49 . 2009-07-02 12:49 -------- d-----w- c:\users\Administrateur\AppData\Local\Hewlett-Packard 2009-07-02 12:48 . 2009-07-02 12:48 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Hewlett-Packard 2009-06-29 11:09 . 2009-06-29 11:09 -------- d-----w- c:\program files\Adolix 2009-06-29 10:48 . 2009-06-29 11:06 -------- d-----w- c:\program files\eCover Engineer V6 2009-06-25 09:14 . 2009-06-25 09:14 -------- d-----w- C:\Mon Site Web 2009-06-25 07:31 . 2009-06-25 07:43 -------- d-----w- c:\program files\WebSite X5 Smart V7 2009-06-24 16:05 . 2009-06-24 16:33 -------- d-----w- c:\program files\WebSite X5 Smart 2009-06-24 16:04 . 2009-03-15 15:35 207872 ----a-w- c:\windows\system32\iwpsetup.exe 2009-06-24 16:04 . 2001-08-31 12:00 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll 2009-06-24 16:04 . 1997-01-15 22:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL 2009-06-23 17:04 . 2009-06-24 15:47 -------- d-----w- c:\program files\Guppy 2009-06-23 16:44 . 2009-06-23 16:55 -------- d-----w- C:\Guppy 2009-06-20 15:34 . 2009-06-20 15:34 -------- d-----w- c:\program files\3D Image Commander 2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\ArcticLine 2009-06-19 18:09 . 2009-06-19 18:09 -------- d-----w- c:\program files\Folder Marker 2009-06-19 08:24 . 2009-06-19 08:24 -------- d-----w- c:\program files\CCleanerV2 2009-06-14 15:51 . 2009-06-14 15:55 -------- d-----w- c:\program files\Extra Screen Capture Pro 2009-06-14 06:35 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-06-14 06:35 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-13 18:08 . 2009-06-13 18:08 -------- d-----w- c:\windows\system32\syncdb 2009-06-12 07:28 . 2009-06-12 07:28 -------- d-----w- c:\programdata\is-AES6H 2009-06-12 07:28 . 2009-06-19 08:00 26363936 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-12 07:05 . 2009-06-12 07:05 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAD8F.tmp.exe 2009-06-11 07:11 . 2009-06-11 07:11 110592 ----a-w- c:\users\Charles-Henry\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\36F7.tmp_\Antidote - OpenOffice.org 2.0.uno.pkg\Antidote-OOo.dll 2009-06-11 07:03 . 2009-06-11 07:03 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Druide 2009-06-11 06:43 . 2009-06-11 06:43 97280 ----a-r- c:\users\Charles-Henry\AppData\Roaming\Microsoft\Installer\{A474EA56-5DBD-4181-8230-806A4762EA7F}\IconA474EA561.exe 2009-06-11 06:43 . 2009-06-11 06:43 -------- d-----w- c:\program files\Druide 2009-06-11 06:33 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-06-10 14:14 . 2009-06-10 14:14 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Moyea 2009-06-10 14:13 . 2009-06-10 14:13 -------- d-----w- c:\program files\Moyea . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-10 09:46 . 2008-09-30 08:18 43414 ----a-w- c:\programdata\nvModes.dat 2009-07-10 09:43 . 2008-07-29 22:20 12 ----a-w- c:\windows\bthservsdp.dat 2009-07-09 20:16 . 2008-07-30 08:06 672322 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-09 20:16 . 2008-07-30 08:06 124434 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-09 14:49 . 2008-12-06 13:29 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-09 14:49 . 2008-07-30 00:18 -------- d-----w- c:\program files\Java 2009-07-09 13:39 . 2008-12-27 10:01 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\DNA 2009-07-09 10:50 . 2009-03-18 08:41 1 ----a-w- c:\users\Charles-Henry\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-07-09 10:49 . 2009-04-27 11:06 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Vista Start Menu 2009-07-07 17:46 . 2008-07-29 22:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-07 16:31 . 2009-04-16 10:23 7592 ----a-w- c:\users\Charles-Henry\AppData\Local\d3d9caps.dat 2009-07-05 06:32 . 2009-03-15 09:25 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\dvdcss 2009-07-02 13:48 . 2008-11-08 14:51 -------- d-----w- c:\programdata\HP 2009-07-02 12:22 . 2009-02-21 10:16 121848 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-06-19 15:19 . 2008-11-06 14:40 121848 ----a-w- c:\users\Charles-Henry\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-19 08:00 . 2009-06-12 07:28 313160 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-18 07:39 . 2008-07-29 23:55 -------- d-----w- c:\programdata\Microsoft Help 2009-06-13 18:15 . 2008-07-29 23:58 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-12 06:44 . 2008-07-29 23:32 -------- d-----w- c:\program files\Microsoft Works 2009-06-08 14:02 . 2009-06-08 13:43 -------- d-----w- c:\program files\Aplus Vidéo Suite 2009-06-08 07:48 . 2009-06-08 07:43 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-06-08 07:48 . 2009-06-08 07:43 -------- d-----w- c:\program files\AVS4YOU 2009-06-08 07:45 . 2009-06-08 07:45 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\AVS4YOU 2009-06-08 07:44 . 2009-06-08 07:44 -------- d-----w- c:\programdata\AVS4YOU 2009-06-06 14:48 . 2009-06-06 14:48 -------- d-----w- c:\program files\Adobe Media Player 2009-06-06 14:47 . 2009-06-06 14:47 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-06-06 14:46 . 2009-03-09 17:30 38208 ----a-w- c:\users\Charles-Henry\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-06-05 06:55 . 2009-04-26 21:35 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Clipdiary 2009-05-24 21:39 . 2009-05-24 21:39 -------- d-----w- c:\programdata\Martau 2009-05-24 21:39 . 2009-05-24 21:39 -------- d-----w- c:\program files\Total Uninstall 5 2009-05-24 21:27 . 2008-11-08 10:35 -------- d-----w- c:\program files\PDFCreator Toolbar 2009-05-24 21:11 . 2009-05-04 06:00 -------- d-----w- c:\program files\myBabylon_English 2009-05-23 20:48 . 2009-05-23 20:45 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Gold Wave Editor Pro 2009-05-23 20:44 . 2009-05-23 20:44 -------- d-----w- c:\program files\Gold Wave Editor Pro 2009-05-16 10:16 . 2009-05-16 10:16 -------- d-----w- c:\program files\HandyShopper 2009-05-16 05:28 . 2009-05-16 05:28 -------- d-----w- c:\program files\Ax3soft 2009-05-16 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\users\Charles-Henry\AppData\Roaming\Malwarebytes 2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\program files\A_Squared 2009-05-15 08:16 . 2009-05-15 08:16 -------- d-----w- c:\programdata\Malwarebytes 2009-05-03 14:13 . 2009-04-26 12:23 3674 ----a-w- c:\users\Charles-Henry\AppData\Roaming\SAS7_000.DAT 2009-04-27 17:03 . 2009-01-01 10:47 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys 2009-04-24 16:05 . 2009-06-11 06:32 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-11 06:32 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-11 06:32 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-23 12:43 . 2009-06-11 06:32 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-11 06:32 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-22 23:30 . 2009-04-22 21:28 443 ----a-w- c:\windows\PowerReg.dat 2009-04-22 22:54 . 2009-04-22 22:57 403968 ----a-w- c:\windows\speech.dll 2009-04-22 21:30 . 2009-04-22 21:30 225280 ----a-w- c:\users\Charles-Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe 2008-07-30 08:11 . 2008-07-30 08:08 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] 2009-05-24 21:11 2094616 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-02-28 12:04 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 39408] "L08FXLRD_1502773"="c:\program files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-04-13 2171392] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-25 468264] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-02-28 2049320] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-02-05 413696] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 1083176] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-18 68592] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "avast!"="c:\progra~1\Alwil\Avast4\ashDisp.exe" [2009-07-10 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Gestionnaire Antidote.exe" [2008-12-02 542136] c:\users\Charles-Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PowerReg SchedulerV2.exe [2009-4-22 225280] c:\users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-2-7 110592] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2064635653-3729951122-4279557079-1000] "EnableNotificationsRef"=dword:00000006 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2064635653-3729951122-4279557079-500] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AFCE2351-7ACC-4803-A7C9-8C259F10BE0D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{22457A67-E72C-4843-88AE-4456E006308A}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{167632E7-3791-47A2-9DCA-63D6F80F5C47}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{87F63783-4673-4B3B-A248-B6FABF7AFE8C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CCC78D8F-EB28-4C1E-87D6-87805A606B7D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{0242A80F-567E-42B0-AF27-258D992ECE0B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{DB782A31-6037-4C7E-8665-60B3FC2D4789}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{9AC1FEDD-2FCE-4ED7-BF29-82BBDE91686E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{EF80A058-775E-4A83-9D5F-4B537373AE8C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9C39EBBB-160E-4C4C-A09E-B3845AE4FE78}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{4115CF97-61EE-4B8B-8F0D-E76F9772AFC8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D73932E8-7CA7-404A-9F76-92D05652E920}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{598D8F70-6503-4032-85CE-82B201757E5E}h:\\program files\\bittorrent\\bittorrent.exe"= UDP:h:\program files\bittorrent\bittorrent.exe:bittorrent "UDP Query User{38C83894-E15A-4433-A1D9-AB4BB507A125}h:\\program files\\bittorrent\\bittorrent.exe"= TCP:h:\program files\bittorrent\bittorrent.exe:bittorrent "TCP Query User{483683A2-8BF6-4238-8E18-D324928479C5}c:\\users\\charles-henry\\program files\\dna\\btdna.exe"= UDP:c:\users\charles-henry\program files\dna\btdna.exe:btdna.exe "UDP Query User{6E72674C-342B-4156-BB9B-E86EFA131E06}c:\\users\\charles-henry\\program files\\dna\\btdna.exe"= TCP:c:\users\charles-henry\program files\dna\btdna.exe:btdna.exe "TCP Query User{414C42D2-83E4-4F9A-8397-D857FAABFE83}C:4\\program files\\bittorrent\\bittorrent.exe"= UDP:C:4\program files\bittorrent\bittorrent.exe:bittorrent.exe "UDP Query User{9BFC6D7D-D049-41EC-9185-2EEAA18F6F15}C:4\\program files\\bittorrent\\bittorrent.exe"= TCP:C:4\program files\bittorrent\bittorrent.exe:bittorrent.exe "{BAA69B85-5D83-48E4-B31F-F8B00A427EED}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{0C8A93B8-2268-4738-B66C-34B43DDB904D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{EDAF87EF-05FB-4326-83C8-3B95705F1D29}f:\\emule\\emule.exe"= UDP:f:\emule\emule.exe:eMule "UDP Query User{ED783E0E-2A70-43B8-AE34-A44ADE87CCC0}f:\\emule\\emule.exe"= TCP:f:\emule\emule.exe:eMule "{AA5ED257-602D-45EA-92DB-EF65F40DFED6}"= UDP:5353:Adobe CSI CS4 "TCP Query User{29E63E8F-D8B3-4251-B515-C360882654F0}C:4\\adobe flash cs4 pro\\flash\\adobe flash cs4\\flash.exe"= UDP:C:4\adobe flash cs4 pro\flash\adobe flash cs4\flash.exe:flash.exe "UDP Query User{DDEBF1ED-CFB7-45ED-8CA3-131D3FE5BBF0}C:4\\adobe flash cs4 pro\\flash\\adobe flash cs4\\flash.exe"= TCP:C:4\adobe flash cs4 pro\flash\adobe flash cs4\flash.exe:flash.exe "{77434250-2D16-4B82-83DE-F8B339D59530}"= Disabled:UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{45A81BC6-70B0-43D1-A796-2BACD54ABBC3}"= Disabled:TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4 "{B049F4A6-89F7-49AA-A75B-ED7650A9F05A}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{BD855DAC-0EA1-4EEB-9C9F-4496000618AE}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{D7D5C76B-BD83-42DA-A9B0-FD4CBCF1DE44}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "TCP Query User{C741FD90-9A59-456A-B0C9-DA347E25CF9C}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk1s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk1s01\svchost.exe:svchost "UDP Query User{3085F335-4E53-4312-9AC6-14B99CC79B93}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk1s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk1s01\svchost.exe:svchost "TCP Query User{E33A3A7F-9DB1-4B07-A41F-9257C051157F}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk2s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk2s01\svchost.exe:svchost "UDP Query User{54DCD5A3-EB9F-4A92-8D21-BF51E050A181}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk2s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk2s01\svchost.exe:svchost "TCP Query User{5D18C178-4CB1-48A1-9B0B-105B61290E91}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk3s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk3s01\svchost.exe:svchost "UDP Query User{05B59112-9223-4E87-8E01-3A7D585EF5D8}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk3s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk3s01\svchost.exe:svchost "TCP Query User{C4A48145-90C7-4497-8E12-8829503FB5F3}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk4s01\\svchost.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk4s01\svchost.exe:svchost "UDP Query User{337CF112-14E2-4ACE-8D07-CB4DBE9C621B}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk4s01\\svchost.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk4s01\svchost.exe:svchost "TCP Query User{5F596EF7-5943-4FBF-80BC-42478C3310C0}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk59\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk59\mdm.exe:mdm "UDP Query User{726565BA-F867-4828-8B0E-919B449BDC69}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk59\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk59\mdm.exe:mdm "TCP Query User{30FDD1C0-44BD-42FF-B4A9-012C8BB8524E}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{B85DCA09-52CB-421B-82E6-A5BECB406D27}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{ACAF0FDF-E1B2-44B1-AB0B-0B94821E3A15}"= UDP:c:\program files\Tidy Favorites\tidyfavorites.exe:TidyFavorites "TCP Query User{51BDB074-DC32-40C9-803A-77E55C4A6F3A}c:\\program files\\tidy favorites\\tidyfavorites.exe"= UDP:c:\program files\tidy favorites\tidyfavorites.exe:Tidy Favorites "UDP Query User{71115AA5-72C8-40E5-AF8F-9C3FDFCC1BB6}c:\\program files\\tidy favorites\\tidyfavorites.exe"= TCP:c:\program files\tidy favorites\tidyfavorites.exe:Tidy Favorites "{D68260D1-50E4-4611-97CF-75684C1C9A58}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{2D2F64F0-4724-4585-B173-8EF6D24BD91C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{8484A375-A354-4878-8272-C60AACA5836E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk67\mdm.exe:mdm "UDP Query User{97C7CC56-F211-4307-8233-D7F49452A8A5}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mdnk67\mdm.exe:mdm "TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard "TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mdnk67\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mdnk67\mdm.exe:UpdateWizzard "TCP Query User{46EFB20A-9F4C-4DB8-8C0B-3A39E2D59C55}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp10\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp10\mdm.exe:mdm "UDP Query User{0226F124-99C0-478B-B325-8C1C3875BB4B}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp10\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp10\mdm.exe:mdm "TCP Query User{92395257-784F-4644-AE67-B2BE4778D302}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp11\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp11\mdm.exe:mdm "UDP Query User{BF9B37CF-0669-48A6-9CC6-99793ACC0062}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp11\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp11\mdm.exe:mdm "TCP Query User{1E6C410F-8A59-4D6D-98BD-C2CF76F9ED24}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp12\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp12\mdm.exe:mdm "UDP Query User{E317A20D-8264-463E-A465-1622EC84F19D}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp12\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp12\mdm.exe:mdm "TCP Query User{4E6D60D4-3F40-4613-9518-BDCA1074AF56}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp13\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp13\mdm.exe:mdm "UDP Query User{39A87C09-8563-4884-9C0C-B7311FE3685E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp13\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp13\mdm.exe:mdm "TCP Query User{DC2E7BCA-0B06-415E-8FA1-90BA8F0FF07E}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp22\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp22\mdm.exe:mdm "UDP Query User{779D8DC4-7A88-4771-91E7-C4D1023028D8}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp22\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp22\mdm.exe:mdm "TCP Query User{948680CE-E76F-4BFD-8D97-5A5548AA6C93}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp24\\mdm.exe"= UDP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp24\mdm.exe:mdm "UDP Query User{E774C0B4-BC70-4B25-B209-D0EB74FD385F}c:\\Users\\charles-henry\\AppData\\Local\\Temp\\~temp\\mlp24\\mdm.exe"= TCP:c:\users\charles-henry\AppData\Local\Temp\~temp\mlp24\mdm.exe:mdm "TCP Query User{103B4F46-28F5-4821-94D9-D934F595FDA8}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home "UDP Query User{DC8DE983-6906-4C02-90E2-EE9801ACAD62}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home "TCP Query User{D1F23D96-546E-4CA9-9F37-5F3FAD9C70AA}c:\\program files\\guppy\\zazouminiwebserver.exe"= UDP:c:\program files\guppy\zazouminiwebserver.exe:ZazouMiniWebServer "UDP Query User{E5AB5C28-5DB3-4B73-BDFE-A160D0844A74}c:\\program files\\guppy\\zazouminiwebserver.exe"= TCP:c:\program files\guppy\zazouminiwebserver.exe:ZazouMiniWebServer "{4A1C5D41-3DDE-409A-B549-DBB76B5CBAFE}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{66DAFB14-10EB-4505-A72E-CEC9D6B2F530}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{596913BC-ED04-4B23-828B-E6D485BE2F44}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{2FB10010-C6A6-4D5B-BCAF-47F039D09914}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{EBA1D703-E4B2-4AF0-BDEC-CEB10F60409D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{F5E540CA-CD64-4019-835C-D5CE36A6B3E5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{1572AB97-9AB3-4CEC-B029-027E0AF23D40}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{E9560C37-816E-4038-A121-4973523C4BA3}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{F3F71ADB-817C-4445-A398-D3721E89FC3D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{2A06A960-1172-41CF-9D4A-F81275B68F63}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard "TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp31\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp31\mdm.exe:UpdateWizzard "TCP Query User{BBF71D8B-9B54-40F4-816B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard "TCP Query User{BBF71D8B-9B54-40F4-996B-5D5EC6AF78CD}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= UDP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-A3DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard "UDP Query User{4C9BECF3-6333-4D16-99DB-DF8B71A69449}c:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\~temp\\mlp34\\mdm.exe"= TCP:c:\users\ADMINI~1\AppData\Local\Temp\~temp\mlp34\mdm.exe:UpdateWizzard [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "h:\\Program Files\\BitTorrent\\bittorrent.exe"= h:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "c:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"= c:\program files\iView MediaPro3\IVIEW_MP.exe:*:Enabled:iView Multimedia R1 aswSP;avast! Self Protection; [x] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [x] R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176] R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\DRIVERS\sea1bus.sys [2007-01-04 61536] R3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\DRIVERS\sea1mdfl.sys [2007-01-04 9360] R3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\DRIVERS\sea1mdm.sys [2007-01-04 97088] R3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\DRIVERS\sea1unic.sys [2007-01-04 90800] S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-01-27 40368] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456] S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032] S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{8827CF3C-668F-46E5-AE67-3DE4C07251ED}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll HKLM-Run-EoEngine - (no file) HKLM-Explorer_Run-ClipSrv - c:\windows\System32\drivers\clipsrv.exe HKCU-Explorer_Run-DllHst - c:\users\ADMINI~1\AppData\Roaming\dllhst3g.exe HKU-Default-Explorer_Run-ComRepl - c:\users\CHARLE~1\AppData\Local\Temp\comrepl.exe HKU-Default-Explorer_Run-MstInit - c:\users\ADMINI~1\AppData\Roaming\mstinit.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\PROMT5\PROMTIE4\promtie5.htm IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\PROMT5\PROMTIE4\options.htm IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0401 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0402 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0404 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0405 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0406 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0407 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040B IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040C IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040D IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0410 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0415 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0416 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0418 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0419 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang041D IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0421 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0422 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0429 IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0C1A IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0401 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0402 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0404 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0405 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0406 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0407 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040B IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040C IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang040D IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0410 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0415 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0416 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0418 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0419 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang041D IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0421 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0422 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0429 IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0C1A IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {70BEC6D2-977B-43CB-9A50-424099BA3897} - c:\progra~1\COMMON~1\TIDYFA~1\AddToFav.dll IE: {{E3CB497B-E230-4445-8B34-13476822F867} - {9B0CFC24-6650-4BEE-8030-6FCAE4672685} - c:\progra~1\COMMON~1\TIDYFA~1\OpenFav.dll DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-10 11:48 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.avi" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.CDA" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (Administrator) "Progid"="ThunderbirdEML" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M3U" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAV" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" [HKEY_USERS\S-1-5-21-2064635653-3729951122-4279557079-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(3516) c:\program files\Nero\Nero8\InCD\NBHShx.dll c:\program files\Nero\Nero8\InCD\NBHStr.dll c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll c:\program files\Vista Start Menu\VistaStartMenu.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero8\InCD\InCDsrv.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\System32\IoctlSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe . ************************************************************************** . Heure de fin: 2009-07-10 11:53 - La machine a redémarré ComboFix-quarantined-files.txt 2009-07-10 09:53 Avant-CF: 192 093 339 648 octets libres Après-CF: 192 258 809 856 octets libres 627 --- E O F --- 2009-07-07 06:19
- le 10 juillet 2009
- 10 réponses
Demande d'aide éradication virus

DupondAvecUnD a posté un sujet dans Analyses et éradication malwares

Bonjour, J'ai été contaminé hier en ouvrant un fichier qui m'a été donné et que je n'ai pas vérifié. Il devait s'agir d'un crack nommé setup.exe. Avast s'est arrété et le PC aussi. J'ai désinstallé et installé Avast en mode Admin même message. J'ai arrété toute manip sauf l'installation de FindyKill. J'avais vu sur différents sites qu'il pouvait m'aider. Par contre il est indiqué qu'il fallait mieux demander de l'aide avant de passer à l'option de nettoyage 2. J'ai édité le rapport que je vous transmet. Merci de bien vouloir m'aider à résoudre ma connerie. ############################## | FindyKill V6.004 | # User : Administrateur (Administrateurs) # PC-DE-C-H # Update on 08/07/09 by Chiquitine29 & C_XX # Start at: 23:32:23 | 09/07/2009 # Website : http://pagesperso-orange.fr/NosTools/index.html # # # Internet Explorer 7.0.6001.18000 # Windows Firewall Status : Enabled ############################## | Processus actifs | C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\winlogon.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe C:\Windows\system32\rundll32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe C:\Windows\System32\svchost.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Windows\System32\rundll32.exe C:\Windows\System\sessmgr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Nero\Nero8\InCD\NBHGui.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Nero\Nero8\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Vista Start Menu\VistaStartMenu.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\svchost.exe C:\Windows\System32\mobsync.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\Explorer.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe ################## | Registre Startup | HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm" HKCU_Main: "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" HKCU_Main: "Start Page"="http://www.google.fr/" HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe," HKLM_logon: "LegalNoticeCaption"="" HKLM_logon: "LegalNoticeText"="" HKLM_Run: EoEngine= HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide HKLM_Run: UCam_Menu="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" HKLM_Run: SysTrayApp=%ProgramFiles%\IDT\WDM\sttray.exe HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe" HKLM_Run: QPService="C:\Program Files\HP\QuickPlay\QPService.exe" HKLM_Run: QlbCtrl.exe=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start HKLM_Run: OnScreenDisplay=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM_Run: HP Health Check Scheduler=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM_Run: GrooveMonitor="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" HKLM_Run: AdobeCS4ServiceManager="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKLM_Run: SecurDisc=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime HKLM_Run: NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" HKLM_Run: InCD=C:\Program Files\Nero\Nero8\InCD\InCD.exe HKLM_Run: hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe HKLM_Run: Google Quick Search Box="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun HKLM_Run: Windows Mobile-based device management=%windir%\WindowsMobile\wmdc.exe HKLM_Run: SSBkgdUpdate="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot HKLM_Run: ISUSScheduler="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start HKLM_Run: DNS7reminder="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini HKLM_Run: hpqSRMon=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe HKLM_Run: avast!=C:\PROGRA~1\Alwil\Avast4\ashDisp.exe HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents= HKCU_Run: Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKCU_Run: WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter HKCU_Run: LightScribe Control Panel=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKCU_Run: L08FXLRD_1502773="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m HKCU_Run: WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKCU_Run: ISUSPM Startup=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup HKCU_Run: VistaStartMenu="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" ################## | Fichiers # Dossiers infectieux | Présent ! [cce05eef344ff635b66acfe89b8971eb] C:\Windows\system32\ban_list.txt ################## | C:\Users\Administrateur\Temporary Internet Files | ################## | All Drives ... | Présent ! F:\$Recycle.Bin\S-1-5-21-2064635653-3729951122-4279557079-1000\$R0YM7GZ\keygen.exe Présent ! [854d1041e6705b8ab53defee411b453a] G:\Delme.bat ################## | Registre # Clés Run infectieuses | Présent ! HKCU\Software\MuleAppData Présent ! HKLM\SYSTEM\CurrentControlSet\Services\111111s1ro1s1a Présent ! HKLM\SYSTEM\ControlSet001\Services\111111s1ro1s1a Présent ! HKLM\SYSTEM\ControlSet003\Services\111111s1ro1s1a Présent ! HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_111111s1ro1s1a Présent ! HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_111111s1ro1s1a Présent ! HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_111111s1ro1s1a Présent ! HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S Présent ! HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S Présent ! HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S Présent ! HKU\S-1-5-21-2064635653-3729951122-4279557079-500\Software\MuleAppData Présent ! HKLM\software\microsoft\security center\Svc "AntiVirusOverride" ( 0x1 ) ################## | Registre # Mountpoints2 | ################## | Etat / Services / Informations | # Affichage des fichiers cachés : OK # Mode sans echec : OK # (!) Uac = 0x0 # (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 ) # EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) # Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 ) # (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 ) # windefend -> Start = 2 ( Good = 2 | Bad = 4 ) # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) ################## | Cracks / Keygens / Serials |
- le 10 juillet 2009
- 10 réponses

Connexion

DupondAvecUnD

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par DupondAvecUnD

Demande d'aide éradication virus

Demande d'aide éradication virus

Demande d'aide éradication virus

Demande d'aide éradication virus

Demande d'aide éradication virus

Demande d'aide éradication virus

Demande d'aide éradication virus

Zebulon

Outils en ligne

Naviguer