Kana

OK c'est que sa a marché alors. Par contre j'ai des fichiers système qui se sont ajouter a C:\ après que j'ai utiliser ComboFix c'est normal ? oO Les fichiers sont :: autoexec.bat bootmgr config.sys hiberfil.sys IO.SYS MSDOQ.SYS pagefile.sys Je ne sais pas si c'est des copies ou pas j'ai préféré rien toucher.

Voilà le 2ème rapport en entier :: ComboFix 09-08-10.06 - Adrien 13/08/2009 14:28.3.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2002 [GMT 2:00] Running from: c:\users\Adrien\Downloads\ComboFix.exe Command switches used :: c:\users\Adrien\Desktop\CFScript.txt SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\program files\AskBarDis\bar\bin\askBar.dll" "c:\program files\AskBarDis\bar\bin\AskService.exe" "c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe" "c:\program files\Bonjour\mDNSResponder.exe" "c:\windows\system32\GameMon.des" . ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskBarDis\bar\bin\askBar.dll c:\program files\AskBarDis\bar\bin\AskService.exe c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\GameMon.des . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Bonjour Service -------\Service_npggsvc -------\Service_ASKService -------\Service_ASKUpgrade ((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 ))))))))))))))))))))))))))))))) . 2009-08-13 12:35 . 2009-08-13 22:08 -------- d-----w- c:\users\Adrien\AppData\Local\temp 2009-08-13 12:35 . 2009-08-13 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-08-12 21:28 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 21:28 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-12 21:27 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-12 21:27 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-12 21:27 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-12 21:27 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-12 21:27 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 21:27 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-10 20:09 . 2009-08-11 10:15 -------- d-----w- c:\program files\gPotato.eu 2009-08-10 15:32 . 2009-08-10 16:39 -------- d-----w- c:\users\Adrien\AppData\Roaming\Hamachi 2009-08-10 15:32 . 2009-08-10 15:32 -------- d-----w- c:\program files\Hamachi 2009-08-10 15:32 . 2009-08-10 15:32 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-08-02 22:54 . 2009-08-02 23:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-08-02 22:54 . 2009-08-02 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-01 13:27 . 2009-08-01 13:27 422 ----a-w- c:\users\Adrien\AppData\Roaming\Azureus\mario.exe 2009-08-01 13:27 . 2009-08-01 13:27 16141 ----a-w- c:\users\Adrien\AppData\Roaming\CyberLink\flamiks32.exe 2009-08-01 13:27 . 2009-08-01 13:27 145131 ----a-w- c:\users\Adrien\AppData\Roaming\Bioshock\pingo.dll 2009-08-01 13:27 . 2009-08-01 13:27 13221 ----a-w- c:\users\Adrien\AppData\Roaming\Apple Computer\xl12.exe 2009-08-01 13:27 . 2009-08-01 13:27 11232 ----a-w- c:\users\Adrien\AppData\Roaming\Adobe\norigami.dll 2009-07-16 17:10 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-16 17:10 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-16 17:10 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-16 17:10 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-13 12:34 . 2008-10-18 14:55 -------- d-----w- c:\program files\Bonjour 2009-08-13 12:14 . 2008-07-31 16:00 27430 ----a-w- c:\users\Adrien\AppData\Roaming\nvModes.dat 2009-08-13 12:06 . 2008-08-03 20:16 -------- d-----w- c:\program files\Steam 2009-08-13 11:38 . 2008-08-03 20:16 -------- d-----w- c:\program files\Common Files\Steam 2009-08-13 00:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-08-12 21:20 . 2008-09-04 17:01 -------- d-----w- c:\programdata\Google Updater 2009-08-11 08:53 . 2008-02-22 22:20 669566 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-11 08:53 . 2008-02-22 22:20 123556 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-10 18:07 . 2008-02-22 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-03 20:40 . 2009-03-29 13:40 -------- d-----w- c:\users\Adrien\AppData\Roaming\Mumble 2009-08-03 20:38 . 2009-01-05 20:17 -------- d-----w- c:\users\Adrien\AppData\Roaming\Skype 2009-08-01 13:27 . 2009-06-15 17:20 -------- d-----w- c:\users\Adrien\AppData\Roaming\Bioshock 2009-08-01 13:27 . 2009-05-04 07:53 -------- d-----w- c:\users\Adrien\AppData\Roaming\Azureus 2009-08-01 13:27 . 2008-09-01 18:21 -------- d-----w- c:\users\Adrien\AppData\Roaming\Apple Computer 2009-08-01 13:27 . 2008-08-01 15:13 -------- d-----w- c:\users\Adrien\AppData\Roaming\CyberLink 2009-07-18 16:06 . 2009-07-29 09:56 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-29 09:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-29 09:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-09 21:13 . 2009-01-11 20:58 -------- d-----w- c:\users\Adrien\AppData\Roaming\teamspeak2 2009-06-30 13:36 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe 2009-06-30 13:10 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe 2009-06-30 13:03 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe 2009-06-30 10:44 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe 2009-06-26 16:36 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe 2009-06-22 13:04 . 2008-07-31 16:29 -------- d-----w- c:\program files\Windows Live 2009-06-22 13:03 . 2009-06-22 13:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-06-22 13:01 . 2009-06-22 13:01 -------- d-----w- c:\program files\Microsoft 2009-06-22 13:00 . 2009-06-22 13:00 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-06-22 12:54 . 2009-06-22 12:54 -------- d-----w- c:\program files\Common Files\Windows Live 2009-06-18 06:25 . 2009-06-18 06:25 -------- d-----w- c:\program files\Avira 2009-06-18 06:25 . 2009-05-18 13:30 -------- d-----w- c:\programdata\Avira 2009-06-10 08:56 . 2009-06-10 08:56 1878984 ----a-w- c:\users\Adrien\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-06-06 13:38 . 2009-06-06 13:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-06-05 17:25 . 2009-06-05 17:11 21840 ----atw- c:\windows\system32\SIntfNT.dll 2009-06-05 17:25 . 2009-06-05 17:11 17212 ----atw- c:\windows\system32\SIntf32.dll 2009-06-05 17:25 . 2009-06-05 17:11 12067 ----atw- c:\windows\system32\SIntf16.dll 2009-06-05 17:23 . 2009-06-05 17:23 0 ----a-w- c:\windows\nsreg.dat 2009-06-03 09:04 . 2008-07-31 11:01 89912 ----a-w- c:\users\Adrien\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-03 07:33 . 2009-06-03 07:32 15190152 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\fr\Installers\SetupGamesClient.exe 2009-05-26 09:19 . 2009-05-26 09:19 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-26 09:11 . 2008-09-16 16:28 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2008-02-22 22:54 . 2008-02-22 22:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-08-03_11.10.28 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-12 21:28 . 2009-06-10 11:44 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvidc32.dll + 2009-08-12 21:28 . 2009-06-10 11:44 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msrle32.dll + 2009-08-12 21:28 . 2009-06-10 11:44 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 11:42 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avifil32.dll + 2009-08-12 21:28 . 2009-06-10 11:42 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avicap32.dll + 2008-09-20 14:16 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 11:38 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avifil32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll + 2009-08-12 21:28 . 2009-06-10 11:58 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvidc32.dll + 2009-08-12 21:28 . 2009-06-10 11:57 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msrle32.dll + 2009-08-12 21:28 . 2009-06-10 11:56 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 11:52 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avifil32.dll + 2009-08-12 21:28 . 2009-06-10 11:52 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avicap32.dll + 2008-09-20 14:16 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 12:07 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avifil32.dll + 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll + 2009-08-12 21:28 . 2009-06-10 12:03 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvidc32.dll + 2009-08-12 21:27 . 2009-06-10 12:03 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msrle32.dll + 2009-08-12 21:28 . 2009-06-10 12:00 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 11:57 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avifil32.dll + 2009-08-12 21:28 . 2009-06-10 11:57 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avicap32.dll + 2009-08-12 21:27 . 2009-06-10 12:10 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvidc32.dll + 2009-08-12 21:27 . 2009-06-10 12:09 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msrle32.dll + 2009-08-12 21:28 . 2009-06-10 12:07 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\mciavi32.dll + 2009-08-12 21:28 . 2009-06-10 12:04 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avifil32.dll + 2009-08-12 21:28 . 2009-06-10 12:04 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avicap32.dll + 2009-08-12 21:27 . 2009-06-04 10:52 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\tsgqec.dll + 2009-08-12 21:27 . 2009-04-11 06:28 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\tsgqec.dll + 2009-08-12 21:27 . 2009-06-04 12:35 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\tsgqec.dll + 2008-09-20 14:18 . 2008-01-19 07:36 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll + 2009-08-12 21:27 . 2009-06-04 12:34 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\tsgqec.dll + 2009-08-12 21:27 . 2009-06-04 12:47 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\tsgqec.dll + 2009-08-12 21:28 . 2009-07-17 14:15 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0\atl.dll + 2009-08-12 21:28 . 2009-07-17 13:54 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17\atl.dll + 2009-08-12 21:28 . 2009-07-17 14:24 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19\atl.dll + 2009-08-12 21:28 . 2009-07-17 14:35 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\atl.dll + 2009-08-12 21:28 . 2009-07-17 14:39 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390\atl.dll + 2009-08-12 21:28 . 2009-07-17 14:52 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\atl.dll + 2008-02-22 14:17 . 2009-08-13 09:44 60116 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-08-13 09:44 93692 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-07-31 10:49 . 2009-08-13 09:44 13252 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-442295509-33632100-3987800110-1000_UserData.bin - 2008-07-31 10:49 . 2009-08-03 11:10 13252 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-442295509-33632100-3987800110-1000_UserData.bin + 2008-07-31 10:29 . 2009-08-13 21:19 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-07-31 10:29 . 2009-08-03 11:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-07-31 10:29 . 2009-08-03 11:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-07-31 10:29 . 2009-08-13 21:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-08-12 21:27 . 2009-07-15 12:46 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll + 2009-08-12 21:27 . 2009-07-15 12:46 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll + 2009-08-12 21:27 . 2009-07-15 12:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll + 2009-08-12 21:27 . 2009-07-15 12:39 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll + 2009-08-12 21:27 . 2009-07-15 14:51 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll + 2009-08-12 21:27 . 2009-07-15 14:51 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll + 2009-08-12 21:27 . 2009-07-14 12:58 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll + 2009-08-12 21:27 . 2009-07-14 12:59 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll + 2009-08-12 21:27 . 2009-07-15 14:42 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll + 2009-08-12 21:27 . 2009-07-15 14:43 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll + 2009-08-12 21:27 . 2009-07-14 13:00 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll + 2009-08-12 21:27 . 2009-07-14 13:01 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll + 2009-08-13 12:37 . 2009-08-13 12:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-08-03 11:08 . 2009-08-03 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-08-13 12:37 . 2009-08-13 12:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-08-03 11:08 . 2009-08-03 11:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-08-12 21:27 . 2009-06-10 11:46 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.22150_none_ce741cb6ed3e398c\wkssvc.dll + 2009-08-12 21:27 . 2009-06-10 11:42 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.18049_none_cdfe5271d41061e0\wkssvc.dll + 2009-08-12 21:27 . 2009-06-10 12:00 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.22447_none_cc9f7cc0f00979d8\wkssvc.dll + 2009-08-12 21:27 . 2009-06-10 12:12 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18270_none_cbee6c45d70a7f59\wkssvc.dll + 2009-08-12 21:27 . 2009-06-10 12:06 158208 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.21065_none_caa173eaf2f52436\wkssvc.dll + 2009-08-12 21:27 . 2009-06-10 12:16 156160 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.16868_none_ca1affdbd9d49d2f\wkssvc.dll + 2009-08-12 21:28 . 2009-06-10 11:44 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvfw32.dll + 2008-09-20 14:16 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvfw32.dll + 2009-08-12 21:28 . 2009-06-10 11:58 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvfw32.dll + 2008-09-20 14:16 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvfw32.dll + 2009-08-12 21:28 . 2009-06-10 12:03 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvfw32.dll + 2009-08-12 21:28 . 2009-06-10 12:10 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvfw32.dll + 2009-08-12 21:27 . 2009-06-04 12:54 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\aaclient.dll + 2009-08-12 21:27 . 2009-04-11 06:28 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\aaclient.dll + 2009-08-12 21:27 . 2009-06-04 12:29 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\aaclient.dll + 2008-09-20 14:18 . 2008-01-19 07:33 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\aaclient.dll + 2009-08-12 21:27 . 2009-06-04 12:25 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\aaclient.dll + 2009-08-12 21:27 . 2009-06-04 12:36 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\aaclient.dll + 2009-08-12 21:27 . 2009-07-15 12:46 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-15 12:39 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-15 14:52 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-14 13:00 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-15 14:44 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-14 13:02 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll + 2009-08-12 21:27 . 2009-07-15 12:45 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe + 2009-08-12 21:27 . 2009-07-15 12:46 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe + 2009-08-12 21:27 . 2009-07-15 12:46 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe + 2009-08-12 21:27 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe + 2009-08-12 21:27 . 2009-07-15 12:39 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe + 2009-08-12 21:27 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe + 2009-08-12 21:27 . 2009-07-15 13:05 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe + 2009-08-12 21:27 . 2009-07-15 13:06 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe + 2009-08-12 21:27 . 2009-07-15 13:06 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe + 2009-08-12 21:27 . 2009-07-14 10:58 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe + 2009-08-12 21:27 . 2009-07-14 10:59 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe + 2009-08-12 21:27 . 2009-07-14 10:59 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe + 2009-08-12 21:27 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe + 2009-08-12 21:27 . 2009-07-15 12:53 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe + 2009-08-12 21:27 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe + 2009-08-12 21:27 . 2009-07-14 11:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe + 2009-08-12 21:27 . 2009-07-14 11:10 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe + 2009-08-12 21:27 . 2009-07-14 11:11 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe + 2006-11-02 10:33 . 2009-08-11 08:53 587178 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-08-03 10:57 587178 c:\windows\System32\perfh009.dat + 2006-11-02 10:33 . 2009-08-11 08:53 101250 c:\windows\System32\perfc009.dat - 2006-11-02 10:33 . 2009-08-03 10:57 101250 c:\windows\System32\perfc009.dat - 2008-07-31 10:29 . 2009-08-03 11:08 491520 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-07-31 10:29 . 2009-08-13 21:19 491520 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-08-13 12:35 . 2009-08-13 12:35 221184 c:\windows\ERDNT\subs\Users\00000002\ntuser.dat + 2009-08-13 12:35 . 2009-08-13 12:35 217088 c:\windows\ERDNT\subs\Users\00000001\ntuser.dat + 2009-08-12 21:27 . 2009-06-04 12:56 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\mstscax.dll + 2009-08-12 21:27 . 2009-06-04 12:07 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\mstscax.dll + 2009-08-12 21:27 . 2009-06-04 12:33 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\mstscax.dll + 2009-08-12 21:27 . 2009-06-04 12:34 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\mstscax.dll + 2009-08-12 21:27 . 2009-06-04 12:31 1874432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\mstscax.dll + 2009-08-12 21:27 . 2009-06-04 12:43 1871872 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\mstscax.dll + 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22179_none_f4b581af81eee730\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18070_none_f422e24a68d96357\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22474_none_f2ca0e5584cd1359\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18293_none_f229cf826bc094f3\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21088_none_f0dcd72787ab39d0\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16889_none_f05462846e8c801b\OESpamFilter.dat + 2009-08-12 21:27 . 2009-07-15 12:47 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL + 2009-08-12 21:27 . 2009-07-15 12:40 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL + 2009-08-12 21:27 . 2009-07-15 13:07 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL + 2009-08-12 21:27 . 2009-07-14 10:59 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL + 2009-08-12 21:27 . 2009-07-15 12:53 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL + 2009-08-12 21:27 . 2009-07-14 11:11 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL + 2006-11-02 10:22 . 2009-08-13 12:35 6332416 c:\windows\System32\SMI\Store\Machine\schema.dat + 2006-11-02 12:47 . 2009-08-13 09:40 2642640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat - 2006-11-02 12:47 . 2009-03-11 16:45 2642640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat + 2009-08-13 12:35 . 2009-08-13 12:35 3452928 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-13 12:35 . 2009-08-13 12:35 6332416 c:\windows\ERDNT\subs\schema.dat + 2009-08-13 12:21 . 2009-08-13 12:27 6332416 c:\windows\ERDNT\Hiv-backup\schema.dat + 2009-08-12 21:27 . 2009-07-15 14:36 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll + 2009-08-12 21:27 . 2009-07-15 14:30 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll + 2009-08-12 21:27 . 2009-07-15 14:52 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll + 2009-08-12 21:27 . 2009-07-14 13:00 10626048 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll + 2009-08-12 21:27 . 2009-07-15 14:44 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll + 2009-08-12 21:27 . 2009-07-14 13:02 10621952 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll + 2009-08-12 21:27 . 2009-07-14 13:00 10626048 c:\windows\System32\wmp.dll + 2006-11-02 10:24 . 2009-07-30 00:49 24281536 c:\windows\System32\mrt.exe + 2009-08-13 12:35 . 2009-08-13 12:35 15867904 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat + 2009-05-05 21:15 . 2009-08-12 21:27 103969935 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-04 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] c:\users\Adrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{BC064E70-32DE-4DB1-BF5F-0E8A1F5BB8E9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{F7FF614E-A0A2-47BB-8B48-0AEEF5D2D326}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{46218270-9523-4EB1-A9B5-C7BC53FDFF8E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{85F3E4A2-15C8-41EC-92BB-340AF7B1161B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B59C9D50-D069-464B-9354-E0E731DB870A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{46E8AB0F-BCFE-4DDA-B663-5AD0041973C0}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{EEF84569-4930-401D-B0BA-B50044F6776D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "TCP Query User{E81079F9-5FA8-416C-8A9A-4901872A77BD}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "UDP Query User{815096EF-EF25-4C0B-9B04-D62D33F8E130}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "TCP Query User{C5AB275C-E663-4C04-A450-48DC8BC9AF71}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz "UDP Query User{704029B8-5CAB-41ED-A007-F512AC11D94B}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz "TCP Query User{72FF5E10-F162-4EAB-8583-88BEBEF376BD}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game "UDP Query User{D441AD18-A320-4A1A-92EF-30916DB60741}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game "TCP Query User{314CE429-B838-40EB-9C8E-A10B43FA82A7}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "UDP Query User{341FA58D-79EE-40BB-AB4B-46E909101D4B}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "TCP Query User{6955AB7D-E15B-494A-8C7B-69D3E7B2F06A}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game "UDP Query User{76F2C442-8746-44FE-B87B-C42138AC82CE}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game "TCP Query User{D5A41E45-001E-4223-9E2E-D633A304D942}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz "UDP Query User{B605508C-90B8-4C29-91F1-18486D10B72D}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz "TCP Query User{9F8A8F35-0D65-48DE-A1AE-CE32FBA235C2}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{8EEC0520-F938-4477-824A-BDF28BE9B8F8}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{20F8F3DE-F455-4E16-801E-1FF44D29488C}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2 "UDP Query User{EA9BCF5A-F801-40E0-A668-CB2743F6AFD0}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2 "TCP Query User{7F82B11A-DBF1-4EF2-84B6-571E26953509}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{DA74D705-E420-46C7-B41A-745B875BEB45}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{9467E63C-E957-42E4-9DB4-3D991ADC73AE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C430FCD6-D246-455E-B11B-71D47863AE6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{90D8609D-8E07-4978-AD2F-DDDFB5A5E769}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= UDP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe "UDP Query User{6DE8BA7F-AF26-4103-9144-A6B085952A86}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= TCP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe "{F6AFE5EB-381C-44FC-98AD-0920A3431301}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{FA926E32-48A3-407A-9381-41B34E10E903}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{01BC6BD1-890F-40DA-9CFE-62394F7ABA32}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader> "UDP Query User{B87D6FE5-525D-4BBD-B789-6E970A27B321}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader> "TCP Query User{6E012D25-519B-4701-91E6-319D276D8563}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront "UDP Query User{3685066D-5E5C-439B-B632-348C6542B6F8}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront "{DC81F1DA-11A5-4FA2-A5B2-7FC7F423C004}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{7ED57C19-A4C5-43D8-A8CA-C24919871E7F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{09C9CD8F-3731-4889-91CA-E667F4F8B794}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{6B9731BE-1C4B-4879-B2AF-32865A663B7E}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{51F4D2D7-39B0-4772-9866-7665A6D667A7}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{C8245F77-0609-4888-9959-52582172D18F}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{8468EFDD-4F11-498D-81B0-3F2B686F9D22}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher "UDP Query User{09A98941-A965-4D4F-AB2A-E393D00424E6}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher "TCP Query User{FAE544A5-5A2E-4F29-8A6F-4AFED6BA2C13}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= UDP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe "UDP Query User{0ECEAACD-266B-476E-AB3B-36371E037106}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= TCP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe "{03D5C0D1-597B-4BBD-AC17-C7EF6C3ED147}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{5D1EBBDF-84E7-4C54-A61D-C68FA54236BF}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{D1C83354-4798-4197-A0E7-7CA7DC9EF77A}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "{D523567B-9628-4A3C-96A2-562EF93D729C}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{F57FAE58-81EC-423B-90AC-36EA5CA72CCA}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{01AB1E89-272E-48EB-96D2-46FE47DB0062}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{07C65317-C2D6-4176-8404-01F864E0BAD1}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{A90FDDF1-8D9A-495E-9F46-7249E5DDF075}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "{F36DA6C1-FD0C-46CB-B2A6-5D29E58A4CC2}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "TCP Query User{22E44081-FCFA-4578-AF93-065BB0B8E00C}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{AD8E2071-93A4-40A8-96F5-2C0D73929B2D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{C9052E50-9568-43E3-AEE8-AC96DDB6CFD9}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "UDP Query User{F173C1C4-C70D-4022-91F2-5DFE3A02DA05}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "TCP Query User{792FC590-D8B9-4B0C-B911-D14BA470967C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{4A4A96DD-5B71-417F-B532-C6EEBF5A145E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "{8345EAFD-9FA6-469C-B69C-DCD5528F88E3}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{D9134F82-4EE4-45E3-A164-3369D6E59501}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "TCP Query User{A2D3B39A-2A30-4072-BA05-17A61203EB3B}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta "UDP Query User{F51EFE5B-C911-4EE7-951E-0E0A52BE3B27}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta "{FEE24400-0EB8-41AB-86AE-8DC4E4155818}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{53E4A263-1A59-4DB8-A79B-F883CC941C71}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{DC1416BB-16B3-444B-A29E-AEE39695E32F}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{59E47160-C419-4B11-A9C4-BE778AD1561D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{0E1A9A7C-53FB-4242-B5F2-4913C0E0E01C}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "UDP Query User{B230D41D-8C2C-4F8B-AF9A-5181E90B9AF5}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "{2F9DA5ED-7ED7-4330-A696-4B13E3D12E8D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CADEBB1A-E671-4FB7-B8BE-B14A41EDCEF5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{C1E11625-BCA4-4325-BAAE-DE9CD8890AAF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{D1EF55DB-13FB-4B96-AAF9-E70F050F8661}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{8CF646F4-A40F-4CFB-9797-2799C100063B}c:\\program files\\easymule\\emule.exe"= UDP:c:\program files\easymule\emule.exe:easyMule "UDP Query User{F1060486-385A-4450-88E7-D0A40480C461}c:\\program files\\easymule\\emule.exe"= TCP:c:\program files\easymule\emule.exe:easyMule "TCP Query User{E2D53D45-348E-48A1-AB4F-C3F200459495}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "UDP Query User{0CA8F821-6D68-4097-A5EA-628373002FCF}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "TCP Query User{6213DE5A-3F12-4AEE-A58E-5013D62B880B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{3162F6CD-AF85-45C5-9067-56944B7E2264}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{770FC926-40D7-44A0-996A-8174F1CBFFCA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{C881DABA-9EA2-46F9-AF31-4739E1E86C58}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{B4DA3868-7EB8-473E-AF2F-1E7A97B713BC}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{5F24205E-2E84-456C-80D0-143B2FDAD802}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "{564BCBA4-3CD2-4FC9-97DA-2836B17F7D52}"= UDP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application "{AAC8BBFF-891A-4C9F-A609-2192800AC054}"= TCP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application "{E8D0688A-9FE9-4A25-BAC4-6E83560ECB8A}"= UDP:57243:Pando P2P TCP Listening Port "{3D7F9471-7145-4B42-9B79-1CA3A015A316}"= TCP:57243:Pando P2P UDP Listening Port "TCP Query User{643EB77F-3B01-4F7B-980D-8352AAB44EA2}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= UDP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe "UDP Query User{E8B7C6F3-EB18-48C2-9765-88E3F3B59A44}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= TCP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe "{265DA783-31A4-44BA-8B79-3AF715991B00}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [03/08/2009 00:54 1153368] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-08-13 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-04 17:43] 2009-08-12 c:\windows\Tasks\User_Feed_Synchronization-{AB5DEB27-85AF-4037-92B4-29575A3AE33B}.job - c:\windows\system32\msfeedssync.exe [2008-09-20 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Adrien\AppData\Roaming\Mozilla\Firefox\Profiles\aom3px09.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://google.com FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q= FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-14 00:07 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(5168) c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-08-13 0:12 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-13 22:12 ComboFix2.txt 2009-08-03 11:19 Pre-Run: 68 750 970 880 octets libres Post-Run: 75 462 463 488 octets libres 499 --- E O F --- 2009-08-13 00:21

Désolé de ne répondre que maintenant mais j'étais pas chez moi pendant quelques jours. Je viens de faire ce que tu ma dit voici le rapport :: ComboFix 09-08-10.06 - Adrien 13/08/2009 14:28.3.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2002 [GMT 2:00] Running from: c:\users\Adrien\Downloads\ComboFix.exe Command switches used :: c:\users\Adrien\Desktop\CFScript.txt SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "c:\program files\AskBarDis\bar\bin\askBar.dll" "c:\program files\AskBarDis\bar\bin\AskService.exe" "c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe" "c:\program files\Bonjour\mDNSResponder.exe" "c:\windows\system32\GameMon.des" . ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskBarDis\bar\bin\askBar.dll c:\program files\AskBarDis\bar\bin\AskService.exe c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\GameMon.des . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Bonjour Service -------\Service_npggsvc -------\Service_ASKService -------\Service_ASKUpgrade

Bonjour, Alors, j'ai utiliser combofix recommandé par un ami car mon PC était infecté par un virus particulièrement coriace. J'ai fait tout comme il fallait et le virus a été supprimer. Par contre maintenant j'aurai besoin de quelqu'un qui puisse décrypter le rapport Combofix que je joint juste ici :: ComboFix 09-08-02.04 - Adrien 03/08/2009 12:59.1.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2033 [GMT 2:00] Running from: c:\users\Adrien\Desktop\ComboFix.exe SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1453765893-1662031185-888260578-500 c:\$recycle.bin\S-1-5-21-442295509-33632100-3987800110-500 c:\program files\IEToolbar c:\program files\IEToolbar\ECO Bar\basis.xml c:\program files\IEToolbar\ECO Bar\icons.bmp c:\program files\IEToolbar\ECO Bar\info.txt c:\program files\IEToolbar\ECO Bar\version.txt c:\program files\IEToolbar\ECO Bar\your_logo.png c:\program files\runit c:\program files\runit\config.txt c:\program files\Search Settings c:\program files\Search Settings\kb127\SearchSettings.dll c:\program files\Search Settings\kb127\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe c:\users\Adrien\AppData\Local\couuuws.dat c:\users\Adrien\AppData\Local\couuuws_nav.dat c:\users\Adrien\AppData\Local\couuuws_navps.dat c:\users\Adrien\AppData\Local\smage.dat c:\users\Adrien\AppData\Local\smage_nav.dat c:\users\Adrien\AppData\Local\smage_navps.dat c:\users\Adrien\AppData\Roaming\Google\dwms.exe c:\users\Adrien\AppData\Roaming\Google\Shell32.dll c:\windows\Installer\1f80d0.msi c:\windows\Installer\52617.msi c:\windows\system32\KBL.LOG c:\windows\system32\xxclnrqhkqwh.dll . ((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 ))))))))))))))))))))))))))))))) . 2009-08-02 22:54 . 2009-08-02 23:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-08-02 22:54 . 2009-08-02 22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-01 13:27 . 2009-08-01 13:27 422 ----a-w- c:\users\Adrien\AppData\Roaming\Azureus\mario.exe 2009-08-01 13:27 . 2009-08-01 13:27 16141 ----a-w- c:\users\Adrien\AppData\Roaming\CyberLink\flamiks32.exe 2009-08-01 13:27 . 2009-08-01 13:27 145131 ----a-w- c:\users\Adrien\AppData\Roaming\Bioshock\pingo.dll 2009-08-01 13:27 . 2009-08-01 13:27 13221 ----a-w- c:\users\Adrien\AppData\Roaming\Apple Computer\xl12.exe 2009-08-01 13:27 . 2009-08-01 13:27 11232 ----a-w- c:\users\Adrien\AppData\Roaming\Adobe\norigami.dll 2009-07-16 17:10 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-07-16 17:10 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-07-16 17:10 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-07-16 17:10 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-03 11:15 . 2008-02-22 22:20 669566 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-03 11:15 . 2008-02-22 22:20 123556 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-03 10:55 . 2008-08-03 20:16 -------- d-----w- c:\program files\Steam 2009-08-03 00:48 . 2008-07-31 16:00 27430 ----a-w- c:\users\Adrien\AppData\Roaming\nvModes.dat 2009-08-02 21:30 . 2009-01-05 20:17 -------- d-----w- c:\users\Adrien\AppData\Roaming\Skype 2009-08-02 14:40 . 2008-09-04 17:01 -------- d-----w- c:\programdata\Google Updater 2009-08-01 13:27 . 2009-06-15 17:20 -------- d-----w- c:\users\Adrien\AppData\Roaming\Bioshock 2009-08-01 13:27 . 2009-05-04 07:53 -------- d-----w- c:\users\Adrien\AppData\Roaming\Azureus 2009-08-01 13:27 . 2008-09-01 18:21 -------- d-----w- c:\users\Adrien\AppData\Roaming\Apple Computer 2009-08-01 13:27 . 2008-08-01 15:13 -------- d-----w- c:\users\Adrien\AppData\Roaming\CyberLink 2009-07-28 13:34 . 2009-03-29 13:40 -------- d-----w- c:\users\Adrien\AppData\Roaming\Mumble 2009-07-18 16:06 . 2009-07-29 09:56 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-29 09:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-29 09:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-16 22:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-09 21:13 . 2009-01-11 20:58 -------- d-----w- c:\users\Adrien\AppData\Roaming\teamspeak2 2009-07-03 10:39 . 2008-08-03 20:16 -------- d-----w- c:\program files\Common Files\Steam 2009-06-30 13:36 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe 2009-06-30 13:10 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe 2009-06-30 13:03 . 2009-07-23 14:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe 2009-06-30 10:44 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe 2009-06-28 18:01 . 2008-02-22 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-26 16:36 . 2009-07-23 14:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe 2009-06-22 13:04 . 2008-07-31 16:29 -------- d-----w- c:\program files\Windows Live 2009-06-22 13:03 . 2009-06-22 13:03 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-06-22 13:01 . 2009-06-22 13:01 -------- d-----w- c:\program files\Microsoft 2009-06-22 13:00 . 2009-06-22 13:00 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-06-22 12:54 . 2009-06-22 12:54 -------- d-----w- c:\program files\Common Files\Windows Live 2009-06-18 06:25 . 2009-06-18 06:25 -------- d-----w- c:\program files\Avira 2009-06-18 06:25 . 2009-05-18 13:30 -------- d-----w- c:\programdata\Avira 2009-06-11 20:53 . 2008-02-22 14:53 -------- d-----w- c:\program files\Microsoft Works 2009-06-11 20:52 . 2008-02-22 15:15 -------- d-----w- c:\programdata\Microsoft Help 2009-06-11 11:40 . 2009-06-11 11:40 -------- d-----w- c:\program files\Pando Networks 2009-06-10 16:42 . 2009-06-10 16:42 -------- d-----w- c:\programdata\Trymedia 2009-06-10 13:55 . 2009-06-10 13:55 -------- d-----w- c:\programdata\WindowsSearch 2009-06-10 08:56 . 2009-06-10 08:56 1878984 ----a-w- c:\users\Adrien\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-06-08 14:34 . 2009-06-08 14:31 -------- d-----w- c:\program files\CommViewWiFi 2009-06-08 14:18 . 2009-06-08 14:18 -------- d-----w- c:\users\Adrien\AppData\Roaming\Games 2009-06-08 08:25 . 2008-08-02 10:28 -------- d-----w- c:\users\Adrien\AppData\Roaming\LimeWire 2009-06-08 07:01 . 2009-06-08 06:47 27378 ----a-w- c:\windows\DIIUnin.dat 2009-06-08 06:47 . 2009-06-08 06:47 2829 ----a-w- c:\windows\DIIUnin.pif 2009-06-08 06:47 . 2009-06-08 06:47 94208 ----a-w- c:\windows\DIIUnin.exe 2009-06-07 17:30 . 2008-05-20 02:15 -------- d-----w- c:\programdata\WildTangent 2009-06-06 13:38 . 2009-06-06 13:38 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-06-05 17:25 . 2009-06-05 17:11 21840 ----atw- c:\windows\system32\SIntfNT.dll 2009-06-05 17:25 . 2009-06-05 17:11 17212 ----atw- c:\windows\system32\SIntf32.dll 2009-06-05 17:25 . 2009-06-05 17:11 12067 ----atw- c:\windows\system32\SIntf16.dll 2009-06-05 17:23 . 2009-06-05 17:23 0 ----a-w- c:\windows\nsreg.dat 2009-06-04 14:22 . 2008-02-22 14:17 -------- d-----w- c:\program files\Hewlett-Packard 2009-06-03 09:04 . 2008-07-31 11:01 89912 ----a-w- c:\users\Adrien\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-03 07:33 . 2009-06-03 07:32 15190152 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\fr\Installers\SetupGamesClient.exe 2009-05-26 09:19 . 2009-05-26 09:19 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-05-26 09:11 . 2008-09-16 16:28 1 ----a-w- c:\users\Adrien\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-05-08 19:13 . 2008-08-16 18:28 680 ----a-w- c:\users\Adrien\AppData\Local\d3d9caps.dat 2009-07-22 18:44 . 2008-11-13 18:04 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2008-02-22 22:54 . 2008-02-22 22:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-12-09 16:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-04 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] c:\users\Adrien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{BC064E70-32DE-4DB1-BF5F-0E8A1F5BB8E9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{F7FF614E-A0A2-47BB-8B48-0AEEF5D2D326}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{46218270-9523-4EB1-A9B5-C7BC53FDFF8E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{85F3E4A2-15C8-41EC-92BB-340AF7B1161B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{B59C9D50-D069-464B-9354-E0E731DB870A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{46E8AB0F-BCFE-4DDA-B663-5AD0041973C0}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{EEF84569-4930-401D-B0BA-B50044F6776D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "TCP Query User{E81079F9-5FA8-416C-8A9A-4901872A77BD}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "UDP Query User{815096EF-EF25-4C0B-9B04-D62D33F8E130}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "TCP Query User{C5AB275C-E663-4C04-A450-48DC8BC9AF71}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz "UDP Query User{704029B8-5CAB-41ED-A007-F512AC11D94B}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz "TCP Query User{72FF5E10-F162-4EAB-8583-88BEBEF376BD}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game "UDP Query User{D441AD18-A320-4A1A-92EF-30916DB60741}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game "TCP Query User{314CE429-B838-40EB-9C8E-A10B43FA82A7}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "UDP Query User{341FA58D-79EE-40BB-AB4B-46E909101D4B}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader> "TCP Query User{6955AB7D-E15B-494A-8C7B-69D3E7B2F06A}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game "UDP Query User{76F2C442-8746-44FE-B87B-C42138AC82CE}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game "TCP Query User{D5A41E45-001E-4223-9E2E-D633A304D942}c:\\ijji\\english\\gunz\\gunz.exe"= UDP:c:\ijji\english\gunz\gunz.exe:Gunz "UDP Query User{B605508C-90B8-4C29-91F1-18486D10B72D}c:\\ijji\\english\\gunz\\gunz.exe"= TCP:c:\ijji\english\gunz\gunz.exe:Gunz "TCP Query User{9F8A8F35-0D65-48DE-A1AE-CE32FBA235C2}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{8EEC0520-F938-4477-824A-BDF28BE9B8F8}c:\\program files\\steam\\steamapps\\kana299\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{20F8F3DE-F455-4E16-801E-1FF44D29488C}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2 "UDP Query User{EA9BCF5A-F801-40E0-A668-CB2743F6AFD0}c:\\program files\\steam\\steamapps\\kana299\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\kana299\counter-strike source\hl2.exe:hl2 "TCP Query User{7F82B11A-DBF1-4EF2-84B6-571E26953509}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{DA74D705-E420-46C7-B41A-745B875BEB45}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "{9467E63C-E957-42E4-9DB4-3D991ADC73AE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C430FCD6-D246-455E-B11B-71D47863AE6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{90D8609D-8E07-4978-AD2F-DDDFB5A5E769}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= UDP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe "UDP Query User{6DE8BA7F-AF26-4103-9144-A6B085952A86}c:\\users\\adrien\\desktop\\quake iii\\quake3.exe"= TCP:c:\users\adrien\desktop\quake iii\quake3.exe:quake3.exe "{F6AFE5EB-381C-44FC-98AD-0920A3431301}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{FA926E32-48A3-407A-9381-41B34E10E903}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{01BC6BD1-890F-40DA-9CFE-62394F7ABA32}c:\\ijji\\english\\u_sf.exe"= UDP:c:\ijji\english\u_sf.exe:<ijji Downloader> "UDP Query User{B87D6FE5-525D-4BBD-B789-6E970A27B321}c:\\ijji\\english\\u_sf.exe"= TCP:c:\ijji\english\u_sf.exe:<ijji Downloader> "TCP Query User{6E012D25-519B-4701-91E6-319D276D8563}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront "UDP Query User{3685066D-5E5C-439B-B632-348C6542B6F8}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront "{DC81F1DA-11A5-4FA2-A5B2-7FC7F423C004}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{7ED57C19-A4C5-43D8-A8CA-C24919871E7F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{09C9CD8F-3731-4889-91CA-E667F4F8B794}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{6B9731BE-1C4B-4879-B2AF-32865A663B7E}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{51F4D2D7-39B0-4772-9866-7665A6D667A7}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet "UDP Query User{C8245F77-0609-4888-9959-52582172D18F}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet "TCP Query User{8468EFDD-4F11-498D-81B0-3F2B686F9D22}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher "UDP Query User{09A98941-A965-4D4F-AB2A-E393D00424E6}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher "TCP Query User{FAE544A5-5A2E-4F29-8A6F-4AFED6BA2C13}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= UDP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe "UDP Query User{0ECEAACD-266B-476E-AB3B-36371E037106}c:\\users\\adrien\\desktop\\quake iii\\openarena-0.8.1\\openarena.exe"= TCP:c:\users\adrien\desktop\quake iii\openarena-0.8.1\openarena.exe:openarena.exe "{03D5C0D1-597B-4BBD-AC17-C7EF6C3ED147}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{5D1EBBDF-84E7-4C54-A61D-C68FA54236BF}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{D1C83354-4798-4197-A0E7-7CA7DC9EF77A}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "{D523567B-9628-4A3C-96A2-562EF93D729C}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{F57FAE58-81EC-423B-90AC-36EA5CA72CCA}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{01AB1E89-272E-48EB-96D2-46FE47DB0062}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{07C65317-C2D6-4176-8404-01F864E0BAD1}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{A90FDDF1-8D9A-495E-9F46-7249E5DDF075}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "{F36DA6C1-FD0C-46CB-B2A6-5D29E58A4CC2}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "{2F7A76AA-F5DB-410C-8751-4EA182627EFA}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{16EF196A-6807-4617-8D0F-9C4B8F9151DF}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout Paradise The Ultimate Box "{5F5D2093-B972-4E4B-9C6D-D59112986595}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{4EE8B531-6E81-4292-AF83-196821576166}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout Paradise The Ultimate Box "{6F75987A-21E5-4F02-8324-2A0BD9ACE181}"= UDP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "{C454B2F2-D2B7-4BAE-8E0E-93248152B197}"= TCP:c:\program files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:Burnout Paradise The Ultimate Box "TCP Query User{22E44081-FCFA-4578-AF93-065BB0B8E00C}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{AD8E2071-93A4-40A8-96F5-2C0D73929B2D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{C9052E50-9568-43E3-AEE8-AC96DDB6CFD9}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "UDP Query User{F173C1C4-C70D-4022-91F2-5DFE3A02DA05}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "TCP Query User{792FC590-D8B9-4B0C-B911-D14BA470967C}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{4A4A96DD-5B71-417F-B532-C6EEBF5A145E}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "{8345EAFD-9FA6-469C-B69C-DCD5528F88E3}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "{D9134F82-4EE4-45E3-A164-3369D6E59501}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player "TCP Query User{A2D3B39A-2A30-4072-BA05-17A61203EB3B}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta "UDP Query User{F51EFE5B-C911-4EE7-951E-0E0A52BE3B27}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta "{FEE24400-0EB8-41AB-86AE-8DC4E4155818}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{53E4A263-1A59-4DB8-A79B-F883CC941C71}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{DC1416BB-16B3-444B-A29E-AEE39695E32F}c:\\xampplite\\apache\\bin\\apache.exe"= UDP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{59E47160-C419-4B11-A9C4-BE778AD1561D}c:\\xampplite\\apache\\bin\\apache.exe"= TCP:c:\xampplite\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{0E1A9A7C-53FB-4242-B5F2-4913C0E0E01C}c:\\xampplite\\mysql\\bin\\mysqld.exe"= UDP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "UDP Query User{B230D41D-8C2C-4F8B-AF9A-5181E90B9AF5}c:\\xampplite\\mysql\\bin\\mysqld.exe"= TCP:c:\xampplite\mysql\bin\mysqld.exe:mysqld "{2F9DA5ED-7ED7-4330-A696-4B13E3D12E8D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CADEBB1A-E671-4FB7-B8BE-B14A41EDCEF5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{C1E11625-BCA4-4325-BAAE-DE9CD8890AAF}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{D1EF55DB-13FB-4B96-AAF9-E70F050F8661}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{8CF646F4-A40F-4CFB-9797-2799C100063B}c:\\program files\\easymule\\emule.exe"= UDP:c:\program files\easymule\emule.exe:easyMule "UDP Query User{F1060486-385A-4450-88E7-D0A40480C461}c:\\program files\\easymule\\emule.exe"= TCP:c:\program files\easymule\emule.exe:easyMule "TCP Query User{E2D53D45-348E-48A1-AB4F-C3F200459495}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "UDP Query User{0CA8F821-6D68-4097-A5EA-628373002FCF}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine "TCP Query User{6213DE5A-3F12-4AEE-A58E-5013D62B880B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{3162F6CD-AF85-45C5-9067-56944B7E2264}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{770FC926-40D7-44A0-996A-8174F1CBFFCA}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{C881DABA-9EA2-46F9-AF31-4739E1E86C58}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{B4DA3868-7EB8-473E-AF2F-1E7A97B713BC}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{5F24205E-2E84-456C-80D0-143B2FDAD802}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "{564BCBA4-3CD2-4FC9-97DA-2836B17F7D52}"= UDP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application "{AAC8BBFF-891A-4C9F-A609-2192800AC054}"= TCP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application "{E8D0688A-9FE9-4A25-BAC4-6E83560ECB8A}"= UDP:57243:Pando P2P TCP Listening Port "{3D7F9471-7145-4B42-9B79-1CA3A015A316}"= TCP:57243:Pando P2P UDP Listening Port "TCP Query User{643EB77F-3B01-4F7B-980D-8352AAB44EA2}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= UDP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe "UDP Query User{E8B7C6F3-EB18-48C2-9765-88E3F3B59A44}c:\\users\\adrien\\games\\unreal tournament 3\\binaries\\ut3.exe"= TCP:c:\users\adrien\games\unreal tournament 3\binaries\ut3.exe:ut3.exe "{265DA783-31A4-44BA-8B79-3AF715991B00}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [04/05/2009 09:53 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [04/05/2009 09:53 234888] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [03/08/2009 00:54 1153368] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-08-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-04 17:43] 2009-08-02 c:\windows\Tasks\User_Feed_Synchronization-{AB5DEB27-85AF-4037-92B4-29575A3AE33B}.job - c:\windows\system32\msfeedssync.exe [2008-09-20 07:33] . - - - - ORPHANS REMOVED - - - - BHO-{46C7409E-47E6-33B1-3419-AE3171544596} - (no file) BHO-{DD98A46B-507E-C058-39DB-95AE20F11026} - c:\windows\system32\xxclnrqhkqwh.dll HKCU-Run-realteks - c:\users\Adrien\AppData\Roaming\Google\dwms.exe HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe HKLM-Run-bfekodewgb - c:\windows\system32\xxclnrqhkqwh.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = *.local IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Adrien\AppData\Roaming\Mozilla\Firefox\Profiles\aom3px09.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://google.com FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q= FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(584) c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files\Hp\QuickPlay\Kernel\TV\QPSched.exe c:\windows\System32\conime.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe . ************************************************************************** . Completion time: 2009-08-03 13:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-03 11:19 Pre-Run: 60 144 590 848 octets libres Post-Run: 60 042 440 704 octets libres 372 --- E O F --- 2009-07-30 00:52 J'espere que quelqu'un pourra m'aider bien que je viens de lire un sujet comme quoi Combofix n'été pas à utiliser. Merci d'avance Adrien